Sanitise in wordpress but keep html

Question

I understand that sanitising user input is important and i want to make sure bad stuff is removed but i also want to be able to have users add html to a custom field.

The wordpress sanitise text field function does a great job but i want to tell it to keep html.

Is there another function i can use that will allow me to do that?

Stackoverflow won't let me post a short question so it seems i need to pad it out. Sorry about this.

I've tried looking up the function in the wordpress codex to see if there are parameters that i can switch in order for it to allow html. I've taken out the sanitise function to see if that works and of course it does.

Answer 1

wp_kses() will do what you need. You need to tell it what tags to allow. Alternatively use wp_kses_post() which allows anything you can add to a post. This one may not be strict enough for user input though so I'd suggest going with the first.

echo wp_kses( $text, array( 
    'a' => array(
        'href' => array(),
        'title' => array()
    ),
    'br' => array(),
    'em' => array(),
    'strong' => array(),
) );

http://codex.wordpress.org/Function_Reference/wp_kses http://codex.wordpress.org/Function_Reference/wp_kses_post