[wp-trac] [WordPress Trac] #62697: Replace strip_tags() with wp_strip_all_tags() for improved security and consistency.
WordPress Trac
noreply at wordpress.org
Tue Dec 17 05:13:57 UTC 2024
#62697: Replace strip_tags() with wp_strip_all_tags() for improved security and
consistency.
-----------------------------+-----------------------------
Reporter: vishalpadhariya | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords: needs-patch
Focuses: |
-----------------------------+-----------------------------
`strip_tags()` is being used, but it is discouraged in WordPress as it
only removes HTML tags and does not account for potential inline scripts
or other malicious content. It is recommended to use `wp_strip_all_tags()`
instead, as it provides a more comprehensive and secure way to sanitize
input by stripping all tags and ensuring cleaner data.
This change improves code security and aligns with WordPress coding
standards.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62697>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list