bp_xprofile_escape_field_data( string $value, string $field_type, int $field_id )

Escape field value for display.

Description Description

Most field values are simply run through esc_html(). Those that support rich text (by default, textarea only) are sanitized using kses, which allows HTML tags from a controlled list.

Top ↑

Parameters Parameters


(string) (Required) Field value.


(string) (Required) Field type.


(int) (Required) Field ID.

Top ↑

Return Return


Source Source

File: bp-xprofile/bp-xprofile-filters.php

function bp_xprofile_escape_field_data( $value, $field_type, $field_id ) {
	// Sanitization for these types is directly done into their `display_filter()` method.
	if ( 'wp-biography' === $field_type || 'wp-textbox' === $field_type ) {
		return $value;

	if ( bp_xprofile_is_richtext_enabled_for_field( $field_id ) ) {
		// The xprofile_filter_kses() expects a BP_XProfile_ProfileData object.
		$data_obj = null;
		if ( bp_is_user() ) {
			$data_obj = new BP_XProfile_ProfileData( $field_id, bp_displayed_user_id() );

		$value = xprofile_filter_kses( $value, $data_obj );
	} else {
		$value = esc_html( $value );

	return $value;

Top ↑

Changelog Changelog

Version Description
2.4.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.