I want to let the user of my plugin define html tags to use before and after the text output by the shortcode, so I am using parameters where they can enter the tags. However the tags are being converted to html entities. I therefore resorted to using html_entity_decode(), is this good practice?
extract( shortcode_atts( array(
'count' => -1,
'category_name' => '',
'q_before' => '<h3>',
'q_after' => '</h3>',
'orderby' => 'date', //'none','ID','author','title','name','date','modified','parent','rand','menu_order'
'order' => 'ASC', //'DESC'
), $atts, 'myfaq' ) );
$q_before = html_entity_decode( $q_before );
$q_after = html_entity_decode( $q_after );
When I create shortcodes that accept html tags i only take the tag name, meaning that if the tag is
<h3>then i ask the user to enterh3and i add the<,</and>in the shortcode handler ex:I’m not saying that its best practice but at least I’m only asking the user to provide on tag name instead of opening and closing tags and i don’t need any extra conversions using
html_entity_decode.I guess it Would be ok as long as you also verify what tags are being passed, with a filter like th wp_kses function.
This would allow the user to enter more than 1 tag but only br, em, strong and a tags and only the attributes href and title for the links