This may be super simple, but how would I allow a user to be able to add a hyperlink or a simple html tag (i.e. ) through the Customizer, whilst still making sure to sanitize the data.
Which displays the output, but due to the fact that I am escaping the attribute and have a sanitize function on the backend, the actual html tag renders out as text.
Like I said, this may be super simple but wasn’t able to find a solution, any ideas?
Thanks @sodasi_web. Not too sure that is what I was going for…
This is for the theme customizer, a user would enter in there text snippet with an anchor link for example. WordPress does state the input need to be sanitized, so don’t think the above is what I am looking for.
if you check that a url is a valid url then this is the sanitiziation
Alo check and :
esc_url( $url, (array) $protocols = null ) (since 2.8)
Always use esc_url when sanitizing URLs (in text
nodes, attribute nodes or anywhere else). Rejects URLs that do not have
one of the provided whitelisted protocols (defaulting to http, https, ftp, ftps, mailto, news, irc, gopher, nntp, feed, and telnet), eliminates invalid characters, and removes dangerous characters. Replaces clean_url() which was deprecated in 3.0.
This function encodes characters as HTML entities: use it when generating an (X)HTML or XML document. Encodes ampersands (&) and single quotes (’) as numeric entity references (&, ').