Editors and Administrators can publish content with unfiltered HTML. Use this plugin to force filtering of HTML from Editors.
Use this plugin to prevent Editors from publishing unfiltered HTML posts. Administrators will not be affected.
By default, users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate. Users with lesser privileges are not allowed to post unfiltered content.
This plugin won't help you. If you're running a WordPress network, then only super administrators can publish unfiltered HTML. All other users are considered untrusted, since they can be administrators on sites they register.
There exists another plugin called Unfiltered MU that will provide the unfiltered HTML ability to editors and administrators in multisite. This can only be used in a closed network where these users are trusted.
You can add
define( 'DISALLOW_UNFILTERED_HTML', true ); to your
wp-config.php file. This will affect administrators as well. If you are running multisite, this will affect super administrators. If you do this, then this plugin will not have any affect.
This is a perfect illustration of the careful balance required between security and functionality. WordPress is, after all, a publishing tool, as said above.
Video embeds, such as those with
<object> tags, are considered untrusted. Thus, on save they will be stripped out, unless the user has the ability to publish unfiltered HTML.
If you're embedding a video from YouTube (let's say), then you shouldn't mess with the embed code anyway. For YouTube and other sites, take a look at automatic embedding of content through oEmbed, which was added to WordPress in version 2.9. We have a handful of oEmbed providers supported in core (again, a balance between security and functionality).