Title: Security and Message HTML Last modified: July 12, 2024 --- # Security and Message HTML * [andy_moyle](https://wordpress.org/support/users/andy_moyle/) * (@andy_moyle) * [1 year, 11 months ago](https://wordpress.org/support/topic/security-and-message-html/) * Thank you for creating this plugin! Couple of things would make it awesome… * The message showing the price doesn’t allow any HTML like a whats app link etc. * So in cab-grid.php how about this change please? wp_kses_post is the sanitization/ escaping for html in a form field… * ```wp-block-code function cabGrid_sanitize_options_loose( $options ) { // called from register_settings in adminforeach ( $options as $key => &$value ) {//changed by Andy Moyle$value = wp_kses_post(stripslashes( $value ));}return $options;} ``` * also cab-grid-form.php line 13 would be better using wpautop instead of nl2br * $cabGridMessage='
’.**wpautop**($cabGridMessage).'
’; * Lastly there is a horrific lack of esc_html() and esc_attr() to escape output The topic ‘Security and Message HTML’ is closed to new replies. * ![](https://ps.w.org/cab-grid/assets/icon-128x128.png?rev=1492409) * [Cab Grid](https://wordpress.org/plugins/cab-grid/) * [Frequently Asked Questions](https://wordpress.org/plugins/cab-grid/#faq) * [Support Threads](https://wordpress.org/support/plugin/cab-grid/) * [Active Topics](https://wordpress.org/support/plugin/cab-grid/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/cab-grid/unresolved/) * [Reviews](https://wordpress.org/support/plugin/cab-grid/reviews/) * 0 replies * 1 participant * Last reply from: [andy_moyle](https://wordpress.org/support/users/andy_moyle/) * Last activity: [1 year, 11 months ago](https://wordpress.org/support/topic/security-and-message-html/) * Status: not resolved