WordPress.org

Ready to get started?Download WordPress

Forums

Allowing HTML Tags in Certain Blog Meta-Data Fields (2 posts)

  1. not2bug
    Member
    Posted 4 years ago #

    Hi,

    When I used Blogger, I was able to use HTML tags in certain fields like the blog’s title and description, post title, etc. This was certainly useful because for example, sometimes a description or title could use an em, strong or sup.

    However in WordPress it does not seem to work; it escapes HTML tags for fields like that. I’ve looked through the code to try to figure out a way to work around this and managed to hack it, but would prefer to figure out a way to make it a plugin instead.

    Currently, I edited update_option in functions.php, commenting out $newvalue = sanitize_option( $option, $newvalue );. This allows options to be updated in the database without first being escaped.

    Then, I edited get_bloginfo in general-template.php, changing the switch to have the 'description' case return $output instead of breaking and calling apply_filters('bloginfo', $output, $show);. This prevents the output for display from being escaped.

    Like I said, this works, but likely affects more than just the blog description, post title, etc. fields. Plus it makes updating WordPress more work.

    Is there an easier way to control what fields are sanitized and/or escaped, and hopefully a way to make it a plugin? I’ve tried looking at using filters (for example analyzing a “remove filter from X plugin”), but could not figure it out.

    Thanks a lot.

  2. not2bug
    Member
    Posted 4 years ago #

    Oh, and there is a sanitize_option function in formatting.php as well with the following code block:

    case 'blogdescription':
      $value = addslashes($value);
      $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
      $value = stripslashes($value);
      $value = esc_html( $value );
      break;
    

    It seems like an obvious move to comment out the sec_html call, but that does nothing (I know for a fact because I put some tracing code in there and found that it is never called).

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.