#2901 closed enhancement (fixed)
Extend the Coming-Soon page customizer options
Reported by: | Kau-Boy | Owned by: | coreymckrill |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | WordCamp Site & Plugins | Keywords: | has-patch dev-feedback |
Cc: |
Description
As described in the blog post, I want to add a Customizer option to modify the introduction text: https://make.wordpress.org/community/2017/06/15/extend-the-coming-soon-page-customizer-options/
Attachments (3)
Change History (12)
#3
@
7 years ago
@coreymckrill Oh yeah, you are right. Haven't seen that. I though allowing the HTML tags allowed by the wp_kses_data
functions should be OK. How can this be set in the sanitize_callback
argument?
#4
@
7 years ago
Hmm. I'll do some research to try and figure out what kind of sanitization needs to happen within textarea fields. It could be that wp_kses_data
will work for there too, just like we have for the front end...
#5
@
7 years ago
Looks good with the wp_kses_post
filter for both input and output.
P.S. The attachment upload just added the file twice in a single request. Strange :/
#6
@
7 years ago
I checked the current meta code and it seems like they all use wp_kses_post
for the sanitize_callback
.
#8
@
7 years ago
@Kau-Boy thanks for the patch! I ended up going with a different approach for sanitizing the setting value for storage in the db (sanitize_callback
). I looked at how textareas are sanitized in the Customizer in Core, namely menu item descriptions, and went with that. The Meta codebase doesn't always reflect the current best practices on some of these things, and I figured Core might be closer to that.
I also changed the label from "Introduction" to "Custom Message" and added a description because I thought it would make the purpose of the field more clear.
@Kau-Boy this looks pretty good. Right now the
sanitize_callback
issanitize_text_field
, which strips out all HTML. It seems like we would want to be able to have some basic tags allowed so that organizers could, in the example of WCEU, link to the currently running camp. On the other hand, we don't want people dropping huge blocks of HTML into that space. What do you think?