Allow html comments with kses
Allow html comments with kses
wp-kses
Make WordPress process admin group comments using $allowedtags
kses_init is hooked onto the init hook with default priority, and (after first removing any of the kses filters) adds filters which strip out tags (wp_filter_post_kses for posts and wp_filter_kses for comments) if the user does not have the capability ‘unfiltered_html’. Since the capability determines whether or not the user can post ‘unfiltered_html’ comments and … Read more
wp_kses ignore allowed and allow everything
wp_kses (Codex) removes unallowed tags, but it doesn’t remove their content. So, if you have a “{something}”, wp_kses only removes the tags, not the content, returning “{something}”. Thus, this is intended behaviour and your issue doesn’t seem to be a bug.
Allow iframes from specific sites?
I’d register an embed handler with wp_embed_register_handler. This gives you the added benefit of being able to just copy and paste the url into the editor as well as seeing a preview of the iframe. add_action( ‘init’, ‘se238330_register_embed_handler’ ); function se238330_register_embed_handler() { wp_embed_register_handler( ‘joetek’, ‘#http://subdomain.yourdomain\.com/(.+)/?#i’, ‘wp_embed_handler_joetek’ ); } function wp_embed_handler_embed_name( $matches, $attr, $url, $rawattr ) … Read more
HTML Entities displaying improperly as malformed escaped code
Turns out that this specific issue was caused by someone on the IT team who wasn’t very experienced with WordPress adding some code that they found on a poorly written WordPress blog that literally starts out with an unmarked example of what not to do. According to the IT team, this line added to wp-config.php … Read more
wp_kses and magic quotes
WordPress is still adding slashes to data sent per POST, so yes, in some cases you might have to remove the slashes. There are two options: Use stripslashes_deep( $value ). This function accepts an array, an object or a string and removes the slashes. Get POST data per: $data = file_get_contents( ‘php://input’ ); This takes … Read more
Proper use of internationalization
The two are exactly the same but I would go for the first one: Easier to read No interpolation, keep interpolation for variables And, including the tags inside the format is making things more complicated, I can think of designers being tempted to use more tags if they see you are using them.
Quotes being escaped inside wp_editor when saved with wp_kses_post
WordPress always escapes quotes encountered in the super globals variables. It is done in https://developer.wordpress.org/reference/functions/wp_magic_quotes/ You will most likely want to strip it with stripslashes before saving it into the DB. something like update_option( ‘tld_wcdpue_settings_email_content’, wp_kses_post( stripslashes($_POST[‘tld_wcdpue_settings_wpeditor’] ) ));
How to allow internal links using wp_kses filtration
How to allow internal links using wp_kses filtration
Accepting certain HTML tags in WP List Table column data
Accepting certain HTML tags in WP List Table column data