Hi,
Do you think security steps are necessary for acf?
If we need, do you think acf/load_value filter with esc_attr would cover all field values?
Hi @unsalkorkmaz,
Thanks for the post.
According to the plugin author, ACF does not sanitize the field output.
You can create a function to be used instead of the native functions( get_field() and the_field()) and have the values pass through the esc_attr function.
@dinosaur game I think it is necessary
