marksabbath
commented
5 years ago Wouldn't be better to use wp_strip_all_tags for those @nickcernis ? I guess that those input shouldn't show any HTML tag, and our $allowed_tags actually are allowing HTML tags.
@marksabbath This is working for me for the map and video fields — nice work! (I made a comment about the short array syntax separately.)
The filter is also working for me. I tested it with this:
add_filter( 'agentpress_featured_listings_allowed_html', function( $allowed_html ) { $allowed_html['span'] = array(); return $allowed_html; });One thing I noticed is that we're allowing some HTML in the input fields, but we then use
esc_html()when outputting those fields on the front end in theproperty_details_shortcode( $atts )function, so the HTML displays on the front end:
Perhaps we should use
wp_kseswith our $allowed_tags for the post meta we output there too (the labels could continue to use esc_html). What do you think?
nickcernis
This PR fixes the bug that affects the map and video embed textareas. We have updated the escaping function, which now is using
wp_kseswith some HTML tags allowed by default. Also, we've added a new filteragentpress_featured_listings_allowed_htmlwhere users could change these allowed tags.Closes #39