Form label escaping HTML

That could be the result of some changes relative to escaping output to avoid cross-site scripting vulnerabilities. But it could also be how you are using it. If you can provide an example, that would give some insight.

So, there are a number of things to consider with this. This is going to be a long answer because there’s more than one way to approach this, and there are some changes coming that will add to that, and I want to have a complete answer of possibilities so that other users who come along understand that those other possibilities exist and avoid doing things the wrong way. If you don’t really care about that and want to skip to where I noted: “use this” in bold. Otherwise, if you want all the extra detail, read on…

First, I was not able to reproduce exactly what you described. I was able to get a link in 3.5.3 up to the current version, although that link was not entirely without issues.

I will say that while I’m not entirely sure why you didn’t have an issue previous to 3.5.3, it may have something to do with some changes (and fixes) to the generic TOS field in that release version. As noted in the changelog, 3.5.3 fixed a bug in the default TOS dialog that causes a fatal error when opening the new window, so my guess is the difference you experienced was related to that fix. The fact that whatever you were doing actually worked was not intentional in the filter. The ‘label’ key in wpmem_fields is definitely intended to be text only. It gets used in more places than simply display in the form, so it should never contain HTML. While a filter could be written to only make the change when it is being used in a form, that’s not what your example is doing, and there are actually better ways to approach this with filters that are “downstream” (those that come later, specifically in the form building process). To sum up the key point: the wpmem_fields filter should not be used for this.

Can you implement a link in the TOS field? Yes, and there are several ways to do this.

First, since your field in your example is ‘tos’, that would indicate the use of the default TOS field in the plugin. There is a lot I could say about this – too much actually – because this is a legacy element in the plugin. It’s a default, and it’s actually going to be deprecated in future versions and eventually obsolete. So while there is a process for using this field and applying a link, I’m simply going to link to the documentation on that and not go into detail because this is being phased out in the future.

The is a new and better way to implement a link in your form label directly in the settings. This is a new feature that was added in 3.5.3 when the TOS field bug fix was implemented. It’s presently in the plugin, but still has some development to be completed for full rollout, so I’ll only mention that it’s coming (it’s in the plugin now, but isn’t documented yet pending some possible variances to how it will work). Another reason I’m not detailing it here is that in its present iteration, it doesn’t work with the default TOS field, but that will be corrected in the next release (now that I’m aware of it).

So… if you want to apply a custom link and the current method of applying a custom link (where I linked above to the documentation) isn’t suitable, then the correct way to do that is in the wpmem_register_form_rows filter. For most cases, all you’d need to do is add your custom label to the ‘label’ key in the array:

add_filter( 'wpmem_register_form_rows', function( $fields ) {
	
	$fields['my_checkbox']['label'] = '<div class="c-label"><strong>Personal Information</strong>:   Please tick to confirm you have read our use of <a href="https://wordpress.org/terms" target="_blank">Terms and Conditions</a>.</div>';

	return $fields;
});

That would work for all fields that don’t put the label into the the ‘field’ key. That’s almost all fields with two exceptions: The fields that do put the label text into the ‘field’ key are any checkboxes that are set to display the label to the right of the checkbox OR the default ‘tos’ field (which is what you’re using – at least in your example). How to handle those is detailed below.

Use this:

To do the above filter for a field that puts the label to the right of the input isn’t quite as straightforward as what is shown above. It requires making sure you also include the field input. You could do that by copying the generated field HTML from your HTML source or, and I think this is safer, you can regenerate the field with wpmem_form_field:

add_filter( 'wpmem_register_form_rows', function( $rows ) {
	
	// What is the meta key of the field being changed?
	$meta_key = 'tos';
	
	// Get the field settings.
	$fields = wpmem_fields();
	
	// Create the form field input.
	$input = wpmem_form_field( array(
		'name' => $meta_key,
		'type' => $fields[ $meta_key ]['type'],
		'value' => $fields[ $meta_key ]['checked_value'],
		'required' => $fields[ $meta_key ]['required']
	) );
	
	// Replace the field input in the form row.
	$rows[ $meta_key ]['field'] = $input . ' <strong>Personal Information</strong>:   Please tick to confirm you have read our use of <a href="https://wordpress.org/terms" target="_blank">Terms and Conditions</a>.</div>';

	return $rows;
});

In your 1st example, it renders the html correctly but it appears to completely remove the label tag and replace it with the text you set in the filter.

Yes – that’s what a filter does – it changes a value. In the example, it’s changing the value contained in $fields['my_checkbox']['label']. What is done with/to it is entirely up to you in the filter function. If you want to include the existing label, you can include it as part of the new value:

add_filter( 'wpmem_register_form_rows', function( $fields ) {
	
	$fields['my_checkbox']['label'] = $fields['my_checkbox']['label'] . '<div class="c-label"><strong>Personal Information</strong>:   Please tick to confirm you have read our use of <a href="https://wordpress.org/terms" target="_blank">Terms and Conditions</a>.</div>';

	return $fields;
});