Created
June 20, 2012 12:58
-
-
Save tommcfarlin/2959778 to your computer and use it in GitHub Desktop.
Removing JavaScript tags from WordPress Widget input fields
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This function is part of the WordPress Widget API. | |
| * | |
| * It's fired when the widget is being updated and using the incoming | |
| * $new_instance to update the values stored in the incoming $old_instance. | |
| * | |
| * We're allowing users to store CSS and HTML in their input field but we're | |
| * stripping out JavaScript tags. | |
| */ | |
| public function update( $new_instance, $old_instance ) { | |
| $instance = $old_instance; | |
| // strip all markup and tags from the first input field | |
| $instance['first_input_field'] = strip_tags( stripslashes( $new_instance['first_input_field'] ) ); | |
| // allow markup and css in this field, but no javascript | |
| $instance['second_input_field'] = preg_replace( '/<script\b[^>]*>(.*?)<\/script>/is', '', $new_instance['second_input_field'] ); | |
| return $instance; | |
| } // end widget |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment