TechQA.

Sanitizing HTML at onsubmit in a form

379 views Asked by At

I read this and I did the below.

$confirmation = htmlspecialchars( 'return confirm("' . esc_html__( 'Do you really want to delete?', 'tor-child' ) . '");' );

$output .= '<form method="post" action="" onsubmit="' . $confirmation . '">';

Security is my concern. So, could I be overdoing it by using htmlspecialchars and esc_html__ together in $confirmation?

Or should I replace esc_html__() with __() and still be safe? Someone might enter some markup in translation text, though.

php wordpress html-escape-characters html-escape
Original Q&A
1

There are 1 answers

1
Reza Khan On

esc_html__() & __() functions are used for output whereas sanitizing is related to securing input. If you're trying to sanitize your input values then you can use built-in sanitization functions from here.

If you're trying to escape output that might contain markup then you should use wp_kses() or wp_kses_post()

References:
reference1 reference2

Related Questions in PHP

Related Questions in WORDPRESS

Related Questions in HTML-ESCAPE-CHARACTERS

Related Questions in HTML-ESCAPE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions