Wordpress - How to prevent escaping when saving HTML code in an option value?
I took another approach to this. I encoded and decoded my options with HTML entities. One thing I'm not sure of is whether this opens up a nasty back door for folks to drive compromising HTML through. I am relying on the fact that only admins will be editing theme options anyway, but maybe I'm being naive?
Here is what it looks like when I save an option:
update_option('my_option', htmlentities(stripslashes($_REQUEST['my_option'])));
And this is what it looks like when I retrieve an option:
html_entity_decode(get_option('my_option',htmlentities($my_default_value)));
stripslashes(wp_filter_post_kses(addslashes($_POST['sidebar_code'])));
but you should know that the kses filter is not 100% safe.
This isn't a complete answer to your question, but possibly pointing you in the right direction: You could try <?php esc_textarea( $text ) ?>
, as detailed by the codex here: http://codex.wordpress.org/Function_Reference/esc_textarea.
My own metabox textarea snippets look like this:
<?php
if ( $meta_box['type'] == "textarea" ) {
$meta_box_value = esc_textarea( get_post_meta($post->ID, $meta_box['name'].'_value', true) );
echo '<textarea class="meta-textarea" style="width: 100%;" cols="20" rows="2" name="' . $meta_box['name'] . '_value">' . $meta_box_value . '</textarea><br />';
}
?>