wp_filter_kses allow HTML5 video?

Ok This Thread did helped me a LOT! So now my function works (i can embeld HTML5 videos) and it looks like this: function validate_setting($plugin_options){ global $allowedtags; $allowedtags = array( ‘a’ => array( ‘href’ => array (), ‘title’ => array ()), ‘b’ => array( ‘style’=> array(), ), ); $allowedtags[‘video’] = array( ‘width’ => true, ‘height’ … Read more

wp_kses_post only removes tags, but not their content

KSES is designed to prevent execution of undesired and potentially dangerous tags, not preventing display of the innerHTML. Blocking the content would require –1 Either a custom function that used some kind of string manipulation or xmlDOM manipulation to remove content; or –2 A function that blocked posts that contain the tag with a message … Read more

Escaping SVG with KSES

Found your question as I was searching for an answer. I tried experimenting a bit more with wp_kses and found that lower-casing viewbox in the arguments seems to fix the issue. You don’t have to put the actual attribute on the SVG in lowercase, just the wp_kses() argument. This may be more than you need, … Read more

wp_kses vs wp_strip_all_tags

I wouldn’t call it a benefit or disadvantage, but more of a difference: wp_strip_all_tags simply strips all tags (except for the allowed tags) but does not delete their content by calling the PHP function strip_tags, after removing script and style tags in full, including their contents. wp_kses does no such thing: // Returns ‘alert( “test” … Read more

Typical wp_kses $allowed

I would disagree with the solution posted by @JaredCobb, wp_kses() is much more flexible than the method he presented. It can strip out unwanted attributes from tags without destroying the tags themselves. For example, if the user put in <strong class=”foo”>, wp_kses() would return <strong> if you did not allow class, whereas strip_tags() would remove … Read more

tech