Advanced Custom Fields ACF Front End Posting XSS Security using wp_kses

By North Street, A Creative Studio

If you ever find yourself using ACF Front-end posting, be SURE to add in this snippet to functions.php, to protect the site from possible XSS attacks:

/* Making sure any front-end ACF fields aren't vunderable to attacks.
https://www.advancedcustomfields.com/resources/acf_form/ */
function ns_kses_post( $value ) {

	// is array
	if( is_array($value) ) {

		return array_map('ns_kses_post', $value);

	}

	// return
	return wp_kses_post( $value );

}

add_filter('acf/update_value', 'ns_kses_post', 10, 1);

Receive stories like this in your inbox.

About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

We’re Hiring: Client Development Manager (Agency Sales)

Read post

From Layoff to Leadership: Tom Conlon’s Journey to a Prosperous Business

Read post

Welcome to Your 2024 Branding Pep Talk

Read post

View all