Articles of wp kses

Quotes being escaped inside wp_editor when saved with wp_kses_post

Hi have a setting screen where I allow users to create HTML emails with the convenience of the editor they are already used to from posts and pages using wp_editor(); Everything seems to work fine except when I try to save with texts which are in quotes when the value returns it has the escaping, […]

Proper use of internationalization

Regarding internationalization which of the two would be the proper correct way to process the translation. echo ‘<p>’ . esc_html__( ‘Lorem ipsum dolor sit amet, consectetur adipisicing’, ‘textdomain’ ) . ‘</p>’; or printf( ‘<p>%1$s</p>’, esc_html__( ‘Lorem ipsum dolor sit amet, consectetur adipisicing’, ‘textdomain’ ) ); And if i need to add wrap the following within […]

Remove tags from the kses filter

I know one can modify the kses filter to add new allowed tags to it, but is there a way to remove some of them? I can’t find how. I need to disallow DIV tags. Any ideas? Thanks

wp_kses_post only removes <script> tags, but not their content

Is there any way to remove the <script> tags including their contents? wp_kses_post seems to only remove the tags, while their content remains visible on the page. Thank you

WP Editor strips input placeholder attribute

Why WP Editor also strips the “placeholder” attribute of the input text element ? Ofcourse, i am using the HTML mode. Here is the input: <input type=”text” value=”” name=”s” style=”width: 550px;” placeholder=”Search this website..”> After updating the post (after strip): <input type=”text” value=”” name=”s” style=”width: 550px;”> I do not want WP Editor to strip such […]

What is the difference between strip_tags and wp_filter_nohtml_kses?

What is the difference between strip_tags and wp_filter_nohtml_kses. I tried to figure wp_filter_nohtml_kses from the source but it looks like it does something a bit more complex than strip all html even though thats what the codex says. I think the kses functions are expensive so I wonder why not use strip_tags if all it […]

how to escape wp_oembed_get for phpcs

I am using phpcs to help with making sure I write nice, valid WP theme code but am coming across the following issue regarding escaping before output. If I try to use echo wp_oembed_get( ‘https://www.youtube.com/watch?v=someidhere’ ); it works as expected – I get a nice youtube video on the page. BUT – phpcs throws an […]

Allowing more elements in comments via functions.php

I would like to allow certain HTML elements in my comments and have edited kses.php directly in the past. However, I have been hacked recently and replaced all the core WordPress files and feel I would like to avoid editing those files. Is it possible to allow more elements via the functions.php file?

Why is wp_kses not keeping style attributes as expected?

I want to keep the style attribute. $str is just an example, here’s my code: $allowed_html = array( ‘div’ => array( ‘title’ => array(), ‘class’ => array(), ‘style’ => array() ) ); $str = ‘<div title=’Click to continue’ style=’display:table’>This is a button</div>’; wp_kses($str, $allowed_html ); $str will actually receive a bunch of html tags and […]

wp_kses vs wp_strip_all_tags

Apart from providing a granular control for allowed HTML tags does wp_kses provide any additional benefits over wp_strip_all_tags? Essentially, if I were to use wp_kses and set it to not allow any HTML or protocols, would it carry any benefit over just using wp_strip_all_tags?