Cannot add to Full Meta Tags field

Hello. Since 2.3.2 all user input is more strictly sanitized.

For security reasons, the ‘full meta tags’ box can only accept meta html elements with valid attributes. All other HTML code is removed.

However, if you still want to use this box as a “paste any HTML code” box, you have to manually uncomment one line in the amt-utils.php file inside the function amt_get_allowed_html_kses() (first function inside the file).

So, in order to remove the restriction modify the current:

function amt_get_allowed_html_kses() {
    // Uncomment the following line to allow any HTML element in the Full Meta Tags box.
    //return array();
    [...]

To:

function amt_get_allowed_html_kses() {
    // Uncomment the following line to allow any HTML element in the Full Meta Tags box.
    return array();

Please note that this modification will be overwritten every time the plugin is updated.

A filter is planned for future versions so as to be able to customize this restriction by adding a filtering function in the functions.php file.

Hope this helps,

George

Of course, if there is a reason valid enough to allow more html elements than meta, like the link element in your example, I’d be willing to add it to the array of valid elements.

We will need more feedback about this.

Hi astrasuite,

You are right. The workaround does not work.

Expected behavior: allow all html elements.
Actual behavior: remove all html elements.

After investigating the use of the link element for a while, it turns out that it is frequently used in metadata to link to external resources, instead of adding the metadata of the external resources in the current page. Not having it in the list of allowed elements was a mistake and this will be fixed in the upcoming 2.4.0.

I’ll post the fixed amt_get_allowed_html_kses() function as soon as I permanently fix this in the code, so that you can test it and apply the fix to your sites before 2.4.0 is out.

George

Here is the fixed amt_get_allowed_html_kses() which allows the meta and link elements by default and allows filtering of the supported elements.

It would be nice if you could test this (whenever possible) with the latest version of Add-Meta-Tags and confirm that it works with the link elements you use. If testing is not possible, it’s fine.

function amt_get_allowed_html_kses() {
    // Store supported global attributes to an array
    // As of http://www.w3schools.com/tags/ref_standardattributes.asp
    $global_attributes = array(
        'accesskey' => array(),
        'class' => array(),
        'contenteditable' => array(),
        'contextmenu' => array(),
        // 'data-*' => array(),
        'dir' => array(),
        'draggable' => array(),
        'dropzone' => array(),
        'hidden' => array(),
        'id' => array(),
        'lang' => array(),
        'spellcheck' => array(),
        'style' => array(),
        'tabindex' => array(),
        'title' => array(),
        'translate' => array()
    );

    // Construct an array of valid elements and attributes
    $valid_elements_attributes = array(
        // As of http://www.w3schools.com/tags/tag_meta.asp
        // plus 'itemprop' and 'property'
        'meta' => array_merge( array(
            'charset' => array(),
            'content' => array(),
            'http-equiv' => array(),
            'name' => array(),
            'scheme' => array(),
            'itemprop' => array(),  // schema.org
            'property' => array()  // opengraph and others
            ), $global_attributes
        ),
        // As of http://www.w3schools.com/tags/tag_link.asp
        'link' => array_merge( array(
            'charset' => array(),
            'href' => array(),
            'hreflang' => array(),
            'media' => array(),
            'rel' => array(),
            'rev' => array(),
            'sizes' => array(),
            'target' => array(),
            'type' => array()
            ), $global_attributes
        )
    );

    // Allow filtering of $valid_elements_attributes
    $valid_elements_attributes = apply_filters( 'amt_valid_full_metatag_html', $valid_elements_attributes );

    return $valid_elements_attributes;
}

To support more elements you need to add a filtering function that extends the list of the valid elements and attributes in your functions.php file of your theme. For example, in order to add the title element, so that you can put a line like <title>my test title</title> in the ‘Full meta tags’ box, you should add the following code to functions.php:

// Adds the 'title' element to the valid html elements for the full meta tags box
function extend_full_metatag_valid_elements( $valid_elements ) {
    // Construct the title element array (key: element name, value: array of valid attributes)
    $title_element = array( 'title' => array() );
    // Append the 'title' element to the valid elements
    $valid_elements = array_merge( $valid_elements, $title_element);
    return $valid_elements;
}
add_filter( 'amt_valid_full_metatag_html', 'extend_full_metatag_valid_elements', 10, 1 );

Hope these help. Thanks for your feedback! 😉

George

This fix has been included in the 2.4.0 release which will be out soon with many enhancements and more complete metadata.

If you are happy with the plugin when it is out, please consider rating it or writing a small review.

Again, thank you for providing valuable feedback.

George