Secure ACF display: a simple trick
With ACF version 6.2.7, it is important to use get_field() instead of the_field() to display the contents of a field.
Indeed, the_field() will automatically apply an HTML escape which can break the display of certain content (iframes, embed videos, etc.).
The solution is simple:
- Use get_field(‘my_field’) to retrieve the field value
- Apply content-appropriate HTML escaping yourself. For article type content, you can use wp_kses_post():
<?php
// Retrieve the value
$value = get_field('my_field');
// HTML Escaping
echo wp_kses_post($value);
wp_kses_post() will remove dangerous tags like <script> while retaining most standard HTML tags.
This way, you display the content securely, without breaking the layout.