HTML Code Not Work in Theme Panel Because Sanitization

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

If you are using WordPress Theme Option Panel Framework and address the issue that you google adsense ad code or html not working in Textarea of theme option then this is because of Sensitization in Options Framework you you noted that already present Google Analytics (or other) tracking code is working.

 

Because of script here:

function mytheme_analytics() {
$shortname = mytheme_get_option('of_shortname');
$output = mytheme_get_option($shortname . 'wrock_analytics');
if ($output <> "")
echo "<script type='text/javascript'>" . stripslashes($output) . "</script>n";
}

add_action('wp_footer', 'mytheme_analytics');

Now how to show any code in your theme copy code below and paste into options-sanitize.php

/*
* This is an example of how to override a default filter
* for 'textarea' sanitization and $allowedposttags + embed and script.
*/
add_action('admin_init','optionscheck_change_santiziation', 100);
function optionscheck_change_santiziation() {
remove_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' );
add_filter( 'of_sanitize_textarea', 'custom_sanitize_textarea' );
}
function custom_sanitize_textarea($input) {
global $allowedposttags;
$custom_allowedtags["script"] = array( "src" => array() );
$custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags);
$output = wp_kses( $input, $custom_allowedtags);
return $output;
}

Hope this will works for you also if you have better code than this please share with us try our theme work all function on it here.

wordrpess-customizer-control

For the WordPress sanitize use in customizer use this code  !

Add a section to after

if ( class_exists( 'WP_Customize_Panel' ) ):

This is section

$wp_customize->add_section( 'wrock_ads_section1' , array(
'title' => __( 'Top Area Ads', 'wrock' ),
'priority' => 30,
'panel' => 'panel_advertise'
));

Add Setting :

$wp_customize->add_setting("ads_code1",
array(
"default" => "",
'sanitize_callback' => 'wrock_sanitize_html',
"transport" => "postMessage", ));
$wp_customize->add_control(new WP_Customize_Control( $wp_customize, "ads_code1",
array(
"label" => __("Enter Ads Code", "wrock"),
'section' => 'wrock_ads_section1',
"settings" => "ads_code1",
"type" => "textarea",
'priority' => 1,
) ));

Sanitization callback for ‘html’ type text inputs. This callback sanitizes $html for HTML allowable in posts.

function wrock_sanitize_html( $html ) {
return stripslashes(wp_filter_post_kses( $html ));
}

Another Method To use Textarea for Scripts and codes in WordPress Customizer API

It’s petty simple method that you can use into your own code, Which allow you to pass code directly without sanitize code output, It will return value that you entered.

$controls[] = array(
	'type'     => 'textarea',
	'setting'  => 'my_setting',
	'label'    => __( 'My Setting', 'textdomain' ),
	'section'  => 'my_section',
	'default'  => __( 'Default text', 'textdomain' ),
	'priority' => 1,
	'sanitize_callback' => 'wrock_sanitize',
);

Now make your own custom sanitize function to override these value

function wrock_sanitize( $value ) {
	return $value;
}

On output page a calling function should look like this

<?php echo get_theme_mod('my_setting'); ?>

How this can help you little bit play with code WordPress customizer add new settings and controls, any suggestion please comment below.

personal technology columnist, author and founder of wRock.org, a widely read tech and how-to blog since 2009. Wants to explore and share interesting Tips, Tutorials and More. Also WordPress Theme Designer @ here. Contact: Contact

One thought on “HTML Code Not Work in Theme Panel Because Sanitization

Leave a Reply

Your email address will not be published. Required fields are marked *