Advanced Custom Fields ACF Front End Posting XSS Security using wp_kses

By North Street, A Creative Studio

If you ever find yourself using ACF Front-end posting, be SURE to add in this snippet to functions.php, to protect the site from possible XSS attacks:

/* Making sure any front-end ACF fields aren't vunderable to attacks.
https://www.advancedcustomfields.com/resources/acf_form/ */
function ns_kses_post( $value ) {

	// is array
	if( is_array($value) ) {

		return array_map('ns_kses_post', $value);

	}

	// return
	return wp_kses_post( $value );

}

add_filter('acf/update_value', 'ns_kses_post', 10, 1);
About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

London Biedron Header

Team Spotlight: London Biedron, Client Development Specialist

Rebrand

How to Roll Out a Rebrand

12 Mood Boards to Inspire Your Rebrand