Home Forums Front-end Issues Is sanitization required for front end form? Reply To: Is sanitization required for front end form?

  • Thanks for raising this @Sarah, I was wondering the same thing.

    Skimming through the code it looks like most of the actual data saving seems to be via prepared statements or sql escaped sql code (@Elliot is that right??) so I think you’re right in thinking that it’s the output escaping that needs to be watched out for…

    The approach I’m taking now is following the codex guide on output sanitisation (

    So for anything on the form that needs to contain some html I’m using wp_kses() or wp_kses_post(), anything that comes from a field not allowed to have html tags gets echo’d through esc_html()