How To Add a Link Through Sanitized Customizer Input?

Hi everyone,

This may be super simple, but how would I allow a user to be able to add a hyperlink or a simple html tag (i.e. ) through the Customizer, whilst still making sure to sanitize the data.

For example, I have:

<?php echo esc_attr( get_theme_mod( 'theme_slug_customizer_text' ) ); ?>

Which displays the output, but due to the fact that I am escaping the attribute and have a sanitize function on the backend, the actual html tag renders out as text.

Like I said, this may be super simple but wasn’t able to find a solution, any ideas?



if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) {
   die('Not a valid URL');

and you don’t need to sanitize anymore. Or use preg_match

Thanks @sodasi_web. Not too sure that is what I was going for…

This is for the theme customizer, a user would enter in there text snippet with an anchor link for example. WordPress does state the input need to be sanitized, so don’t think the above is what I am looking for.

Thanks none the less, appreciate it.


The cutomizer input must be sanitized by WP function or your define function.

You may take a look into this function

And in your case, I think this could help

if you check that a url is a valid url then this is the sanitiziation

Alo check and :

esc_url( $url, (array) $protocols = null ) (since 2.8)
Always use esc_url when sanitizing URLs (in text
nodes, attribute nodes or anywhere else). Rejects URLs that do not have
one of the provided whitelisted protocols (defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, and telnet), eliminates invalid characters, and removes dangerous characters. Replaces clean_url() which was deprecated in 3.0.
This function encodes characters as HTML entities: use it when generating an (X)HTML or XML document. Encodes ampersands (&) and single quotes (’) as numeric entity references (&#038, &#039).

Thanks @sodasi_web, @phpface, what if it is not specifically a URL, but a tag?

e.g. markup would render like so:

<h1>Hello <span>World</span></h1>

So I need the span to not be filtered, would the above work?

What I send it to you is going to work only if you have links only else you can ue the following function to eliminate some tags

wp_kses('< h1 >Hello <span>World</span>< / h1 >', "h1");

Thanks guys, that did the trick.

Out of curiosity, can one call a function through wp_kses()? If so, what would the syntax look like?