How much do we trust user input? Not. At. All. That’s how much we trust user input. You just don’t know where they’ve been! WordPress has such a plethora of functions for escaping and filtering input and output, that I’m always discovering new possibilities. One I found recently is wp_kses, which allows you to strip …
Continue reading “Filtering HTML to exclude all but a small number of HTML elements and attributes”