How much do we trust user input? Not. At. All. That’s how much we trust user input. You just don’t know where they’ve been!
WordPress has such a plethora of functions for escaping and filtering input and output, that I’m always discovering new possibilities. One I found recently is wp_kses
, which allows you to strip out all HTML leaving only a limited set of allowed elements and attributes.
Continue reading Filtering HTML to exclude all but a small number of HTML elements and attributes