I’m new to XSS prevention only 2 years into WP development, so I am hoping there’s an easy solution. Installing a plugin designed to prevent XSS abuse is not an option. I need to programmatically, globally escape input values and anchor hrefs to prevent malicious XSS on a minisite. I was wondering if I could do this in the functions.php file with this function, except I think "the_content" filter is too broad:
add_filter("the_content", "prevent_xss");
function prevent_xss($the_Post)
{
$the_New_Post = str_replace(array(‘&’,’<’,’>’),array(‘&amp;’,’&lt;’,’&gt;’), $the_Post);
return $the_New_Post;
}
Any help would be greatly appreciated. Thank you in advance.