Secure ACF display: a simple trick

by ·


  • English

    • With ACF version 6.2.7, it is important to use get_field() instead of the_field() to display the contents of a field.


    Indeed, the_field() will automatically apply an HTML escape which can break the display of certain content (iframes, embed videos, etc.).

    The solution is simple:

    1. Use get_field(‘my_field’) to retrieve the field value
    2. Apply content-appropriate HTML escaping yourself. For article type content, you can use wp_kses_post():

    <?php

    // Retrieve the value
    $value = get_field('my_field');

    // HTML Escaping
    echo wp_kses_post($value);

    wp_kses_post() will remove dangerous tags like <script> while retaining most standard HTML tags.

    This way, you display the content securely, without breaking the layout.

    My ebooks

    The Inconvenient Vaping My Copywriter's journey

    Houssen Moshinaly

    To contact the editor personally:

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Copy code