Articles of wp kses

Allow iframes from specific sites?

With kses filtering, WordPress only allows a subset of html tags within a post or page, and one of the tags it strips out is the <iframe> tag (for many good reasons). I’d like to allow editors to include iframes where the src is from one of our other subdomains, or from a specified whitelist […]

sanitize vimeo embed code?

I have a custom meta box with a textarea where users can drop in vimeo embed code. Should I sanitize this code before I update_post_meta, and, if so, how should I go about it? I don’t want to strip out important information (like the iframe)…I just want to make sure nothing malicious is getting entered.

Change allowed HTML tags for comments

I’ve set up a HTML editor for WordPress comments, and I want to change the allowed HTML tags for comments accordingly. Some of the HTML tags also have inline styling, or classes added. I only want to allow the styling and classes that I’m expecting, but I cannot get it to work. I want to […]

wp_kses() strips data attributes even if it's in the allowed list

I added a function that will return the allowed html tags array if ( ! function_exists( ‘allowed_html_tags’ ) ) { /** * Allowed html tags for wp_kses() function * * @return array Array of allowed html tags. */ function allowed_html_tags() { return array( ‘a’ => array( ‘href’ => array(), ‘title’ => array(), ‘class’ => array(), […]

Only allow site url in text field using wp_kses/wp_filter_nohtml_kses?

I’m working on validation for a theme options page. Is there a built in way to add an argument to wp_kses/wp_filter_nohtml_kses that will allow a specific link to be entered(wrapped in a tags) but not all links? I only want the user to be able to enter a link to the main site in this […]

How to allow internal links using wp_kses filtration

I’m working on front end submission and of course I want to secure data by filtering before inserting to database. The form contains repeatable fields group data which I want filter by wp_kses function (external urls, etc.) but it would be great if user will be able to insert internal link to another publication and […]

Add Attribute to p Tag of Post Content

I would like the default <p> elements that are added to the (TinyMCE) editor when users post content, to have a dir attribute as well. Reasoning: When the editor is displayed to users, it is wrapped in an html element with a dir attribute (determined by locale). Thus, the text direction to the user (while […]

I want to allow the use of a data-flw attribute in links in comments

I have come up with two ways I thought this should work and I’m having no joy with either. First I tried hooking into the preprocess_comment filter. // Set allowed html in comments. add_filter( ‘preprocess_comment’, ‘csm_filter_allowed_comment_html’ ); function csm_filter_allowed_comment_html( $comment ) { global $allowedtags; $allowedtags[‘a’] = array( ‘href’ => array(), ‘title’ => array(), ‘rel’ => […]

Why is WordPress Breaking Custom Elements with Hyphens Into Element and Attribute?

Background I have a custom element in a page, which has a tagname of: column-set. On the front end, that gets written as <column -set=””>. Question Why is this happening, and can it be changed? (I suspect it might have something to do with wpautop) Edit: More Info I’ve found that kses might be the […]

Make WordPress process admin group comments using $allowedtags

WP uses $allowedtags to limit the set of allowable tags for comments.However, comments from administrators are unfiltered. What’s the easiest way to ensure admin comments are also constrained to the tags contained in $allowedtags?