Allow html comments with kses
Allow html comments with kses
Allow html comments with kses
kses_init is hooked onto the init hook with default priority, and (after first removing any of the kses filters) adds filters which strip out tags (wp_filter_post_kses for posts and wp_filter_kses for comments) if the user does not have the capability ‘unfiltered_html’. Since the capability determines whether or not the user can post ‘unfiltered_html’ comments and … Read more
wp_kses (Codex) removes unallowed tags, but it doesn’t remove their content. So, if you have a “{something}”, wp_kses only removes the tags, not the content, returning “{something}”. Thus, this is intended behaviour and your issue doesn’t seem to be a bug.
I’d register an embed handler with wp_embed_register_handler. This gives you the added benefit of being able to just copy and paste the url into the editor as well as seeing a preview of the iframe. add_action( ‘init’, ‘se238330_register_embed_handler’ ); function se238330_register_embed_handler() { wp_embed_register_handler( ‘joetek’, ‘#http://subdomain.yourdomain\.com/(.+)/?#i’, ‘wp_embed_handler_joetek’ ); } function wp_embed_handler_embed_name( $matches, $attr, $url, $rawattr ) … Read more
Turns out that this specific issue was caused by someone on the IT team who wasn’t very experienced with WordPress adding some code that they found on a poorly written WordPress blog that literally starts out with an unmarked example of what not to do. According to the IT team, this line added to wp-config.php … Read more
WordPress is still adding slashes to data sent per POST, so yes, in some cases you might have to remove the slashes. There are two options: Use stripslashes_deep( $value ). This function accepts an array, an object or a string and removes the slashes. Get POST data per: $data = file_get_contents( ‘php://input’ ); This takes … Read more
The two are exactly the same but I would go for the first one: Easier to read No interpolation, keep interpolation for variables And, including the tags inside the format is making things more complicated, I can think of designers being tempted to use more tags if they see you are using them.
WordPress always escapes quotes encountered in the super globals variables. It is done in https://developer.wordpress.org/reference/functions/wp_magic_quotes/ You will most likely want to strip it with stripslashes before saving it into the DB. something like update_option( ‘tld_wcdpue_settings_email_content’, wp_kses_post( stripslashes($_POST[‘tld_wcdpue_settings_wpeditor’] ) ));
How to allow internal links using wp_kses filtration
Accepting certain HTML tags in WP List Table column data