Does it make sense to sanitize the output of an SVG file?

It’s not completely pointless, but probably smart to sanitize, because of the following situations: What’s the certainty that the SVGs only come from you directly? Can you guarantee that the SVGs won’t be intercepted during upload? Redundancies for keeping your site secure are generally recommended. I don’t know that wp_kses() is the best for sanitizing … Read more

Multisite, but wp_kses_allowed_html only for one subsite?

Well, you could do it this way: if ( 101 === get_current_blog_id() ) { add_filter( ‘wp_kses_allowed_html’, allow_iframes_for_editor, 1 ); } (Note: edited to use the get_current_blog_id() ; see https://developer.wordpress.org/reference/functions/get_current_blog_id/ But you should consider Tom’s comment as a warning against doing this.

wp_filter_kses allow HTML5 video?

Ok This Thread did helped me a LOT! So now my function works (i can embeld HTML5 videos) and it looks like this: function validate_setting($plugin_options){ global $allowedtags; $allowedtags = array( ‘a’ => array( ‘href’ => array (), ‘title’ => array ()), ‘b’ => array( ‘style’=> array(), ), ); $allowedtags[‘video’] = array( ‘width’ => true, ‘height’ … Read more

Add Protocol to Custom Menus

You need to use the kses_allowed_protocols filter: function wpse_allow_sms_protocol( $protocols ) { $protocols[] = ‘sms’; return $protocols; } add_filter( ‘kses_allowed_protocols’, ‘wpse_allow_sms_protocol’ );