Hello there!
I'm developing my first WordPress theme and I have a helluva good time figuring things out. But I'm bit stumped on this seemingly simple problem!
- Let's say I have a text area in the customizer.
- I have sanitized the input using wp_kses_post and force_balance_tags.
Now I want to escape the output BUT I want to allow anyone using my theme to add links <a href="#">Link</a> to this text area. Esc_html, esc_atr or any of the other escapes won't allow this. Sanitize_text_field won't allow this either. So what's the correct way to handle this? Am I missing something? Or should I forget about escaping /sanitization output?
BTW regarding wp_kses_post on output:
Note that the kses system can be resource-intensive, and should therefore not be run as an output sanitization filter directly, but as a filter to data after it has been input and processed, before it is saved in the database. WordPress runs kses on the pre_comment_content filter, for example, to filter the HTML before saving the comment.
http://codex.wordpress.org/Data_Validation#Output_Sanitization
Any help/thoughts will be appreciated! Thank you!
Best regards,
Michael
