gform_allowable_tags

• Introduction
• Usage
• Parameters
• Examples
• 1. Return a string containing HTML tags
• 2. Return true
• 3. Return false
• Placement
• Source Code

Introduction

During form submission when the field values are being saved the values are sanitized to prevent potentially dangerous content such as scripts from being saved to the database.

The gform_allowable_tags filter can be used to control the usage of the PHP strip_tags() and the WordPress wp_kses_post() functions when sanitizing the submitted field values.

Usage

The base filter which would run for all forms and fields can be used like so:

add_filter( 'gform_allowable_tags', 'your_function_name', 10, 3 );

You can limit the scope of the filter to a single form by appending the form id on the end of the hook name like so:

add_filter( 'gform_allowable_tags_6', 'your_function_name', 10, 3 );

Parameters

• $allowable_tags string | boolean
  Default value is always false. See examples below for details.
• $field Field Object
  The field currently being processed.
• $form_id integer
  The ID of the current form.

Examples

1. Return a string containing HTML tags

When you return a string containing specific HTML tags the field value will first be passed through the WordPress wp_kses_post() function which will sanitize the value leaving only the HTML tags WordPress permits in post content. The value will then be passsed through the PHP strip_tags() function which will remove all remaining tags execpt those you have specified.

add_filter( 'gform_allowable_tags_6', 'allow_basic_tags' );
function allow_basic_tags( $allowable_tags ) {
    return '<p><a><strong><em>';
}

2. Return true

When you return true the field value will be passed through the WordPress wp_kses_post() function which will sanitize the value leaving only the HTML tags WordPress permits in post content.

add_filter( 'gform_allowable_tags_6', '__return_true' );

3. Return false

When you return false the field value will be saved without being sanitized. Please note, the value may still be sanitized before it is displayed in the admin or when merge tags are processed to prevent potentially dangerous scripts from running.

add_filter( 'gform_allowable_tags_6', '__return_false' );

Placement

This code should be placed in the functions.php file of your active theme.

Source Code

This filter is located in GF_Field::get_allowable_tags() in includes/fields/class-gf-field.php.