wp-kses

sanitize vimeo embed code?

by

You need to add a custom validation/sanitization callback, and hook it into publish_post (and/or draft_post and/or future_post, as applicable). For example: <?php function wpse_44807_update_custom_post_meta() { // Globalize the $post object global $post; // If our custom post meta key is set, sanitize it; // otherwise, return false $my_post_custom = ( isset( $_POST[‘_my_post_custom’] ? wp_filter_nohtml_kses( $_POST[‘_my_post_custom’] … Read more

Inline style HTML attribute is being stripped from all elements of a post

by

This is because what you’re trying to do trips a security feature, post content is passed through wp_kses_post to strip out dangerous tags Administrators however, have the unfiltered_html capability, which allows them to put arbitrary dangerous HTML in content and titles. This is why you’re able to insert the tags via the editor. This still … Read more

How to allow &nbsp with wp_kses()?

by

not sure the difference but I used &nbsp for adding a white space ..then passed it through wp_kses() The correct HTML entity for a non-breaking space is &nbsp; — note the ; which is required and without it (i.e. &nbsp), the entity is not valid and when used with wp_kses(), you’d get &amp;nbsp instead of … Read more