Sanitizing textarea for wp_insert_post with TinyMCE enabled or disabled

I'm saving a post data from a front end form, where there is a textarea. I need to sanitize it properly so that won't be harmful by any kind. The textarea can be a plain text area or, if TinyMCE activated, it can become a rich text editor, but may be not with all sort of buttons, may be with basic text formatting features like bold, italic, anchor, quote, bullet points etc.

How can I sanitize the textarea data on saving the post from the front end, because there can be TinyMCE activated or deactivated.

Currently I'm doing no sanitization, because I thought wp_insert_post() will do that for me. But unfortunately it's taking wide range of HTML tags and that's messing my site.

What would be the best way to sanitize a textarea that can be either:

  • A simple textarea, or
  • A rich text editor with basic formatting buttons

Topic esc-textarea sanitization tinymce Wordpress

Category Web

1
answered at

All you need to know about the sanitization and escaping function is within the codex: https://codex.wordpress.org/Data_Validation

In anycase, you should find usefull wp_kses_* functions, particular wp_kses_post

What function to use depend by what you want to filter and sanitize.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.