https://legacy.forums.gravityhelp.com/topic/filtering-html-questions-and-descriptions Gravity Support Forums Topic: Filtering HTML, Questions, and Descriptions en-US Fri, 17 Apr 2026 05:30:12 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/filtering-html-questions-and-descriptions#post-12533 Thu, 11 Nov 2010 17:05:22 +0000 Alex Cancado 12533@https://legacy.forums.gravityhelp.com/ <p>You could use the gform_pre_render filter to escape those fields, but that hook only runs on the front end. So they would be still be executed in the form editor.<br /> I am not sure we will have a completely secure solution for this problem.</p> <pre><code>add_filter(&quot;gform_pre_render&quot;, test_render); function test_render($form){ $form[&quot;description&quot;] = esc_html($form[&quot;description&quot;]); foreach($form[&quot;fields&quot;] as &amp;$field){ $field[&quot;description&quot;] = esc_html($field[&quot;description&quot;]); } return $form; }</code></pre> https://legacy.forums.gravityhelp.com/topic/filtering-html-questions-and-descriptions#post-12526 Thu, 11 Nov 2010 16:15:11 +0000 UWEX 12526@https://legacy.forums.gravityhelp.com/ <p>We run a MultiSite network and our users lack the ability to use code such as iframe, embed, and &lt;script&gt; in their pages/posts.</p> <p>Unfortunately, via either the HTML "question" type, the form's Description, or even any question's description, it appears that people can do this stuff. :(</p> <p>Is there an easy way to strip out the same potentially dangerous content from all these sections that WordPress strips out by default for non-super-admins? </p>