Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Removing JavaScript tags from WordPress Widget input fields
* This function is part of the WordPress Widget API.
* It's fired when the widget is being updated and using the incoming
* $new_instance to update the values stored in the incoming $old_instance.
* We're allowing users to store CSS and HTML in their input field but we're
* stripping out JavaScript tags.
public function update( $new_instance, $old_instance ) {
$instance = $old_instance;
// strip all markup and tags from the first input field
$instance['first_input_field'] = strip_tags( stripslashes( $new_instance['first_input_field'] ) );
// allow markup and css in this field, but no javascript
$instance['second_input_field'] = preg_replace( '/<script\b[^>]*>(.*?)<\/script>/is', '', $new_instance['second_input_field'] );
return $instance;
} // end widget
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment