The What Syntax string beans_add_attributes( string $id, string|array $attributes [, mixed $… ]] ); Beans Code Reference Description This function provides the ability to customize attributes before they are escaped and returned for processing. It provides a filter $id . ‘_attributes’, allowing code (including third code) to customize one or more of the attributes. This function does the following: Grabs all of the arguments that were passed to it. Calls beans_apply_filters using the filter event name $id . ‘_attributes’ to invoke each of the registered callbacks. Calls beans_esc_attributes() which does the following: Escapes each attribute by passing it through esc_attr() […]
Let’s go into WordPress Core to understand if we can use get_post to sanitize fields when in display filter mode. You will reverse engineer Core to discover for yourself. You will use has_filter to see if there is a filter event that does the sanitizing for the data post_content. You’ll also learn about foreach.
Anything out of the database is not safe. It has to be sanitized before it is rendered out to the browser. Let’s talk about how to sanitize and which sanitizing function to use for the plugin. In this episode, you will see some nefarious code in action. Then you’ll try out two different sanitizing functions: esc_html wp_kses_post