Advanced Custom Fields ACF Front End Posting XSS Security using wp_kses

By North Street, A Creative Studio

If you ever find yourself using ACF Front-end posting, be SURE to add in this snippet to functions.php, to protect the site from possible XSS attacks:

/* Making sure any front-end ACF fields aren't vunderable to attacks.
https://www.advancedcustomfields.com/resources/acf_form/ */
function ns_kses_post( $value ) {

	// is array
	if( is_array($value) ) {

		return array_map('ns_kses_post', $value);

	}

	// return
	return wp_kses_post( $value );

}

add_filter('acf/update_value', 'ns_kses_post', 10, 1);

Receive stories like this in your inbox.

About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

Welcome to Your 2024 Branding Pep Talk

Read post

CEO Tom Conlon talks shop on Podcast Marketing Secrets

Read post

CEO Tom Conlon in Conversation with The Opinionistics

Read post

View all