Security and Message HTML

Thank you for creating this plugin! Couple of things would make it awesome…

The message showing the price doesn’t allow any HTML like a whats app link etc.

So in cab-grid.php how about this change please? wp_kses_post is the sanitization/escaping for html in a form field…

function cabGrid_sanitize_options_loose( $options ) { // called from register_settings in admin

foreach ( $options as $key => &$value ) {

//changed by Andy Moyle

$value = wp_kses_post(stripslashes( $value ));

}

return $options;

}

also cab-grid-form.php line 13 would be better using wpautop instead of nl2br

$cabGridMessage='<div class=”cabGridMessage”>’.wpautop($cabGridMessage).'</div>’;

Lastly there is a horrific lack of esc_html() and esc_attr() to escape output