I was recently working on some code for adding a WYSIWYG field to a WooCommerce product category archive page using the WordPress visual editor function
I was looking at how to sanitise the content entered into the visual editor and came across the KSES (KSES Strips Evil Scripts) library. KSES is a PHP library for stripping potentially malicious code whilst preserving the safe bits.
My heart sank as I assumed I was now going to descend down a rabbit hole of learning how to configure KSES for sanitising content I didn’t want in the visual editor whilst preserving the HTML that I did want.
I quickly saw WordPress had its own implementation of KSES via the
wp_kses() function. But I thought I was still going to have to configure it specifically for the visual editor. Then I discovered
wp_kses_post() which does exactly what I wanted.
It’s mostly syntactic sugar. It seems like a small thing. But in reality, in respect of my development time, it’s a big win.
WordPress has your back.