Roots Discourse

Does HTMLPurifier work with sage 9 or 10?

Hi im looking for the best way to sanitize my acf wysiwyg fields and came across this HTMLPurifier. https://github.com/mewebstudio/Purifier does this work with sage?

At the moment I use wp_kses_post for sanitizing but I don’t know if that’s enough.

Thanks in advance for your time and assistance.

Peter :slight_smile:

Well, wp_kses_post is already configured by WordPress with its allowed tags and attributes.
So when you aren’t sure what you need I guess the core wp_kses_post function should be enough?

I read through this comparison http://htmlpurifier.org/comparison and it looks like it isn’t the best practice option. but if it’s safe enough to use, I’ll stick with wp_kses_post.

Does this data come from a frontend form or from the backend where only accountable users can post data to?

Only from the backend. Visitors can’t post or upload anything anywhere.

Well, then I think the core WP function should be enough and you avoid an extra dependency.

1 Like

Thank you very much! :slight_smile: