普通网友 2016-10-07 15:25
浏览 48
已采纳

esc_url在WordPress ACF oEmbed上

I'm using the ACF WordPress plugin to create an oEmbed field. The field accepts a URL from Vimeo and outputs an iframe on the front end.

I usually escape urls and attributes within my theme like so:

<a href="<?= esc_url( get_field('link') ); ?>" title="<?= esc_attr( get_field('title') ); ?>">

When I try and escape the oEmbed, nothing shows up:

<?= esc_url( get_field('video') ); ?>

If I test XSS with the following script, the ACF field completely breaks with a JS error.

<script>alert('hello')</script>

Do I need to escape this field? I assume that WordPress takes care of the escaping through the oEmbed function?

  • 写回答

2条回答 默认 最新

      报告相同问题?

      相关推荐 更多相似问题

      悬赏问题

      • ¥15 CygwinPortable 中 NumPy 无法安装
      • ¥15 51单片机 用汇编语言实现方波非1:1的输出
      • ¥15 vivado如何支持多维打包数组模式
      • ¥15 请问第13题到底应该怎么做
      • ¥15 stable diffusion报错问题
      • ¥20 数据可视化综合运用 导入npz文件以及读取内容
      • ¥15 倒计时汇编语言RTC实时时钟
      • ¥15 CCS安装出现Failed to create the part's controls
      • ¥15 请问有digital Fortran编译器吗
      • ¥15 用cst怎么仿真同轴馈线