WordPress plugin need to sanitize input field that accepts Javascript snippet

What is the best way for me to sanitize a input filed that is expecting a javascript snippet? Ive had a very novice attempt, but not hitting the mark. This is what I have so far.

// Save Settings
if ( isset( $_REQUEST[‘submit’] ) ) {
// Check nonce
if ( !isset( $_REQUEST[$this->plugin->name.’_nonce’] ) ) {
// Missing nonce
$this->errorMessage = __( ‘nonce field is missing. Settings NOT saved.’, ‘wudco’ );
} elseif ( !wp_verify_nonce( $_REQUEST[$this->plugin->name.’_nonce’], $this->plugin->name ) ) {
// Invalid nonce
$this->errorMessage = __( ‘Invalid nonce specified. Settings NOT saved.’, ‘wudco’ );
} else {

// Sanitize
$name = test_data($_REQUEST)[‘name’];
if ( !preg_match( ‘/A<script((?!<[a-zA-Z])[sS])*</script>Z/’, $name) ) {
$this->errorMessage = __( ‘Invalid data, settings NOT saved.’, ‘wudco’ );
} else {

// Save

update_option( ‘wudco_add_header’, $_REQUEST[‘wudco_add_header’] );
update_option( $this->plugin->db_welcome_dismissed_key, 1 );
$this->message = __( ‘Settings Saved.’, ‘wudco’ );
}
}
}

Read more here:: WordPress plugin need to sanitize input field that accepts Javascript snippet

Leave a Reply

Your email address will not be published. Required fields are marked *