Cmb2: Allow html inside a field type: text

Created on 26 Aug 2015  路  5Comments  路  Source: CMB2/CMB2

Hello,
I'am try to find a way to allow html tags inside a field type text.
Is that possible?

Thanks in advance

Most helpful comment

@JayWood's suggestion is not what I would recommend for the built-in field types (it's intended use is for handling sanitization for custom field types, like in the docs Jay linked to), because now you're modifying the sanitization for all CMB2 'text' field types. Keep in mind, just like modifying WordPress filters, your modifications could have unintended consequences for plugins/themes depending on those things to be in place, and that your project may not be the only thing depending on CMB2.

The best way to accomplish what you are trying to do is to use the 'sanitization_cb' field parameter on a field-by-field basis. This will ensure you are only modifying the sanitization for your specific field(s).

$cmb->add_field( array(
    'name'            => __( 'Test Text', 'cmb' ),
    'id'              => 'wiki_test_text',
    'type'            => 'text',
    'sanitization_cb' => 'prefix_sanitize_text_callback', // function should return a sanitized value
) );

The sanitization callback:

function prefix_sanitize_text_callback( $value, $field_args, $field ) {

    /*
     * Do your custom sanitization. 
     * strip_tags can allow whitelisted tags
     * http://php.net/manual/en/function.strip-tags.php
     */
    $value = strip_tags( $value, '<p><a><br><br/>' );

    return $value;
}

All 5 comments

You'll want to filter that field yourself. By default iirc the value is ran through sanitize_text_field()

See about sanitization here: cmb2_sanitize_{field-type}

Thanks @JayWood . It works!!

For anyone who want to use this method:

function cmb2_sanitize_text_callback( $override_value, $value ) {
    //convert square brackets to angle brackets
    $value = str_replace('[', '<', $value);
    $value = str_replace(']', '>', $value);
    return $value;
}
add_filter( 'cmb2_sanitize_text', 'cmb2_sanitize_text_callback', 10, 2 );

In other words if you type [br] inside a text field, it will output <br>.

@JayWood's suggestion is not what I would recommend for the built-in field types (it's intended use is for handling sanitization for custom field types, like in the docs Jay linked to), because now you're modifying the sanitization for all CMB2 'text' field types. Keep in mind, just like modifying WordPress filters, your modifications could have unintended consequences for plugins/themes depending on those things to be in place, and that your project may not be the only thing depending on CMB2.

The best way to accomplish what you are trying to do is to use the 'sanitization_cb' field parameter on a field-by-field basis. This will ensure you are only modifying the sanitization for your specific field(s).

$cmb->add_field( array(
    'name'            => __( 'Test Text', 'cmb' ),
    'id'              => 'wiki_test_text',
    'type'            => 'text',
    'sanitization_cb' => 'prefix_sanitize_text_callback', // function should return a sanitized value
) );

The sanitization callback:

function prefix_sanitize_text_callback( $value, $field_args, $field ) {

    /*
     * Do your custom sanitization. 
     * strip_tags can allow whitelisted tags
     * http://php.net/manual/en/function.strip-tags.php
     */
    $value = strip_tags( $value, '<p><a><br><br/>' );

    return $value;
}

Thats works. Thank you so much.

@jtsternberg Thanks for pointing out the importance of custom sanitization on a per field basis.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

angelorocha picture angelorocha  路  6Comments

kidatart picture kidatart  路  7Comments

mathetos picture mathetos  路  8Comments

noquierouser picture noquierouser  路  8Comments

GaryJones picture GaryJones  路  3Comments