Skip to main content

How to allow scripts in GD Custom Field Values

1 min read Last Updated: April 3, 2025
Facebook Twitter Linkedin Email Copy Link

GeoDirectory Custom Fields can be a powerful tool for using scripts that enhance the GD Single.

In order to use scripts we recommend the use of an HTML custom field set to ‘Admin only’. 

Further, you will need to add this Code Snippet that will remove the automatic sanitization performed by GD.

/**
 * Skip sanitize based on field type.
 *
 * WARNING – Skipping sanitize routine for field values may result in a Cross-Site Scripting Attack (XSS) on your site.
 *
 * Skipping sanitize values may result in cross-site scripting (XSS) attack.
 */
function gd_snippet_custom_skip_sanitize_field( $value, $gd_post, $custom_field, $post_id, $post, $update ) {
	// Fields to skip strip tags.
	$skip_strip_tags = array();
	$skip_strip_tags[] = 'my_custom_field'; // field key - change this to match your key


	if ( in_array( $custom_field->htmlvar_name, $skip_strip_tags ) ) {
		$value = $gd_post[ $custom_field->htmlvar_name ];


		if ( isset( $custom_field->data_type ) && ( $custom_field->data_type == 'DECIMAL' || $custom_field->data_type == 'INT' ) && $value === '' ) {
			$value = null;
		}
	}
	return $value;
}
add_filter( 'geodir_custom_field_value_html', 'gd_snippet_custom_skip_sanitize_field', 11, 6 );


Give it a try and let us know how it goes.

On this page