Wordpress - wp_kses_post only removes <script> tags, but not their content

KSES is designed to prevent execution of undesired and potentially dangerous tags, not preventing display of the innerHTML. Blocking the content would require

--1 Either a custom function that used some kind of string manipulation or xmlDOM manipulation to remove content; or

--2 A function that blocked posts that contain the tag with a message why the post failed and instructions for using HTML codes to render script tag when using it in tutorials rather than as an execution tag.

Number 1 may produce performance issues with its higher overhead. If optimizing performance is an issue or if the site involves heavy posting by multiple users, then #2 is likely a more feasible solution.

Tags:

Wp Kses