Introduction
During form submission when the field values are being saved the values are sanitized to prevent potentially dangerous content such as scripts from being saved to the database.
The gform_allowable_tags filter can be used to control the usage of the PHP strip_tags() and the WordPress wp_kses_post() functions when sanitizing the submitted field values.
Usage
The base filter which would run for all forms and fields can be used like so:
add_filter( 'gform_allowable_tags', 'your_function_name', 10, 3 );
You can limit the scope of the filter to a single form by appending the form id on the end of the hook name like so:
add_filter( 'gform_allowable_tags_6', 'your_function_name', 10, 3 );
Parameters
- $allowable_tags string | boolean
Default value is always false. See examples below for details. - $field Field Object
The field currently being processed. - $form_id integer
The ID of the current form.
Examples
1. Return a string containing HTML tags
When you return a string containing specific HTML tags the field value will first be passed through the WordPress wp_kses_post() function which will sanitize the value leaving only the HTML tags WordPress permits in post content. The value will then be passsed through the PHP strip_tags() function which will remove all remaining tags execpt those you have specified.
add_filter( 'gform_allowable_tags_6', 'allow_basic_tags' );
function allow_basic_tags( $allowable_tags ) {
return '<p><a><strong><em>';
}
2. Return true
When you return true the field value will be passed through the WordPress wp_kses_post() function which will sanitize the value leaving only the HTML tags WordPress permits in post content.
add_filter( 'gform_allowable_tags_6', '__return_true' );
3. Return false
When you return false the field value will be saved without being sanitized. Please note, the value may still be sanitized before it is displayed in the admin or when merge tags are processed to prevent potentially dangerous scripts from running.
add_filter( 'gform_allowable_tags_6', '__return_false' );
Placement
This code should be placed in the functions.php file of your active theme.
Source Code
This filter is located in GF_Field::get_allowable_tags() in includes/fields/class-gf-field.php.