I have enabled the message field to display shortcodes with the following code:
add_filter('acf/load_field/type=message', 'acf_load_field_message', 10, 3);
// Allow shortcodes in messages
function acf_load_field_message($field)
{
$screen = get_current_screen();
if ($screen->post_type !== "acf-field-group") {
$field['message'] = do_shortcode($field['message']);
}
return $field;
}
However in my shortcode, I need to render some <input> tags, but they are being removed from the code displayed in the message field.
I was using an older version of ACF and this wasn’t happening. It started only after I updated to the most recent version.
I believe ACF may be doing this for safety reasons, but can I disabled it somehow?
Thanks!
Hi John!
Thanks for the response!
I’m still facing the same issue even after replacing it with the prepare_field filter.
It’s just the <input> that’s being removed from the code. The other tags are working fine.
I have tried debugging the value of $field[‘message’] after “do_shortcode” with multiple different priorities and it always has the <input>, so it must be being filtered out after these actions are called.
Another relevant information is that if I enable the “Escape HTML” option, the code is printed correctly, including the <input>.
I think it is related to this update from Aug 25th:
* Enhancement – Improved security by running all user-generated content through
wp_kses()
by default
It started working after I replaced the line 75 of class-acf-field-message.php from:
echo acf_esc_html( $m );
to
echo $m;
Is there a way to avoid this function from running on the message field?
Thanks!
Ok, problem solved!
Here is the code I had to add to make it work:
function custom_wpkses_post_tags( $tags, $context ) {
if ( 'acf' === $context ) {
$tags['input'] = array(
'type' => true,
'disabled' => true,
'checked' => true,
'style' => true,
'name' => true,
'value' => true,
);
}
return $tags;
}
add_filter( 'wp_kses_allowed_html', 'custom_wpkses_post_tags', 10, 2 );
Please contact the developers here https://www.advancedcustomfields.com/contact/
I don’t know how to turn this off but I’m sure you are not the only one having this issue so please let us know what you find out.
Meanwhile I will continue to look to see if this can be selectively disabled.
Your additions don’t easily solve my problem. I have dozens of sites I maintain. I use CPTs to allow users to create content shown using shortcodes. I use message fields to output input tags containing the shortcode so they can easily copy it.
Oh bummer.
Yeah, that would be hard to replicate across all of the websites.
I will open a ticket to see if they can revert this or give us a way to get around this more easily on a next update.
@hube2 Do you know if there’s been any progress on this? I use Message fields as a type of container for my own custom output, but it’s stripping out the HTML tags. Or is there a filter besides prepare_field
I should be using? I’d rather not have to modify wp_kses_allowed_html
.
You have to add a filter to allow the fields as shown above.
Recently this filter has stopped working for me with ACF. Is anyone having similar issues?
You must be logged in to reply to this topic.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.