Saving meta with useEntityProp setMeta – sanitization needed?

  • Hi, I’m using blocks (vs meta boxes) to allow users to insert and save post meta for custom post types. WordPress provides a handy function setMeta, part of useEntityProp, that saves meta to the DB. A review of how this works is here:

    https://developer.www.ads-software.com/block-editor/how-to-guides/metabox/meta-block-3-add/

    Their example function looks like this: 

    function updateMetaValue( newValue ) {
    setMeta( { ...meta, myguten_meta_block_field: newValue } );
}

    My question is: do we need to sanitize user inputs prior to saving, or does setMeta (or something else under the hood) do this for us? If we need to do it ourselves, does WP provide any sanitization functions (like it does for PHP)?

    Thanks!

    • This topic was modified 3 years, 6 months ago by Erick Danzer.
  • The topic ‘Saving meta with useEntityProp setMeta – sanitization needed?’ is closed to new replies.