WP_Customize_Widgets::sanitize_widget_js_instance() WordPress Method
The WP_Customize_Widgets::sanitize_widget_js_instance() is a method used to ensure that a widget's JavaScript instance is sanitized before being passed to the front end. This is important to prevent JavaScript injection attacks.
WP_Customize_Widgets::sanitize_widget_js_instance( array $value, string $id_base = null ) #
Converts a widget instance into JSON-representable format.
Parameters
- $value
(array)(Required)Widget instance to convert to JSON.
- $id_base
(string)(Optional) Base of the ID of the widget being sanitized.
Default value: null
Return
(array) JSON-converted widget instance.
Source
File: wp-includes/class-wp-customize-widgets.php
public function sanitize_widget_js_instance( $value, $id_base = null ) {
global $wp_widget_factory;
if ( empty( $value['is_widget_customizer_js_value'] ) ) {
$serialized = serialize( $value );
$js_value = array(
'encoded_serialized_instance' => base64_encode( $serialized ),
'title' => empty( $value['title'] ) ? '' : $value['title'],
'is_widget_customizer_js_value' => true,
'instance_hash_key' => $this->get_instance_hash_key( $serialized ),
);
if ( $id_base && wp_use_widgets_block_editor() ) {
$widget_object = $wp_widget_factory->get_widget_object( $id_base );
if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
$js_value['raw_instance'] = (object) $value;
}
}
return $js_value;
}
return $value;
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 5.8.0 | Added the $id_base parameter. |
| 3.9.0 | Introduced. |