wp-kses - Read For Learn

wp_filter_kses allow HTML5 video?

Ok This Thread did helped me a LOT! So now my function works (i can embeld HTML5 videos) and it looks like this: function validate_setting($plugin_options){ global $allowedtags; $allowedtags = array( ‘a’ => array( ‘href’ => array (), ‘title’ => array ()), ‘b’ => array( ‘style’=> array(), ), ); $allowedtags[‘video’] = array( ‘width’ => true, ‘height’ … Read more

Any ideas how to allow CSS input to perfectly work in the text area with wp_kses?

The > entity is probably being filtered by “esc_textarea”. You can read more about “esc_” below: http://codex.wordpress.org/Data_Validation

Why is WordPress Breaking Custom Elements with Hyphens Into Element and Attribute?

It’s not kses. The culprit is this: force_balance_tags() When I remove that, things work. I’m not sure why it’s breaking things, but I’ll look into the source later.

Why wp_kses() not working for rel, target of link in WordPress

Allow html comments with kses

wp_kses() strips data attributes even if it’s in the allowed list

I hope that you don’t have to modify the allowed array with the full data name (data-term) for this to work… It appears to be that way. data-term and data aren’t the same attribute after all, and poking around in core I don’t think any sort of regular expressions can be used as supported attributes. … Read more

wp_kses_post only removes tags, but not their content

KSES is designed to prevent execution of undesired and potentially dangerous tags, not preventing display of the innerHTML. Blocking the content would require –1 Either a custom function that used some kind of string manipulation or xmlDOM manipulation to remove content; or –2 A function that blocked posts that contain the tag with a message … Read more

Escaping SVG with KSES

Found your question as I was searching for an answer. I tried experimenting a bit more with wp_kses and found that lower-casing viewbox in the arguments seems to fix the issue. You don’t have to put the actual attribute on the SVG in lowercase, just the wp_kses() argument. This may be more than you need, … Read more

wp_kses vs wp_strip_all_tags

I wouldn’t call it a benefit or disadvantage, but more of a difference: wp_strip_all_tags simply strips all tags (except for the allowed tags) but does not delete their content by calling the PHP function strip_tags, after removing script and style tags in full, including their contents. wp_kses does no such thing: // Returns ‘alert( “test” … Read more

Typical wp_kses $allowed

I would disagree with the solution posted by @JaredCobb, wp_kses() is much more flexible than the method he presented. It can strip out unwanted attributes from tags without destroying the tags themselves. For example, if the user put in <strong class=”foo”>, wp_kses() would return <strong> if you did not allow class, whereas strip_tags() would remove … Read more