WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Remove html for comments. (9 posts)

  1. comedorsamus
    Member
    Posted 4 years ago #

    http://nintendopremier.com/?p=4

    If you click "resposta" or "citação" you will see it generate the text in html, any way to remove that?

    I found this code (http://www.deluxeblogtips.com/2010/04/remove-html-comments-wordpress.html), but I don't know where I'm supposed to add in the functions.php.

    Also, if there's any other way to change that, please feel free to post, thanks! :]

  2. comedorsamus
    Member
    Posted 4 years ago #

    No? :[

  3. ClaytonJames
    Member
    Posted 4 years ago #

    in /inove/comments.php, look for this:

    <div class="act">
    <?php edit_comment_link(__('Edit', 'inove'), '', ''); ?>
    </div>

    You can try removing that and see what happens.

    Make a backup first.

  4. comedorsamus
    Member
    Posted 4 years ago #

    I found a similar code in functions, thanks. If you check now you will see I removed "resposta" and "citação" options.

    BUT! I noticed I'm still able to use html codes, isn't this something to worry about? I mean, anyone can use html codes on your website, so I'd like to remove that... =/

  5. ClaytonJames
    Member
    Posted 4 years ago #

    BUT! I noticed I'm still able to use html codes, isn't this something to worry about? I mean, anyone can use html codes on your website, so I'd like to remove that... =/

    Now I think I understand. You aren't as concerned about the links as you are users putting html in comments. That doesn't mean that they can use all html though. This might be helpful. You can open the wordpress kses.php file and see what is allowed, and edit it to your needs.

    Stopping HTML in Comments

  6. comedorsamus
    Member
    Posted 4 years ago #

    Since I don't get any of this edit thing I removed all the CUSTOM_TAGS, lol.

    It caused the error Warning: in_array() [function.in-array]: Wrong datatype for second argument in kses.php on line 677.

    So I removed the line 677 return ( ( ! in_array($i, $allowedentitynames) ) ? "&$i;" : "&$i;" );

    Thing is, I don't know what "allowed entity names" means. Anything important?

    Thanks once again! :]

  7. ClaytonJames
    Member
    Posted 4 years ago #

    My opinion is, that you have a legitimate concern when considering the possibility that certain html being posted in comments on a blog, could be dangerous. The other side of that coin however, is that there is already a WordPress core file that limits the html tags that are allowed in comments by default. The file is named kses.php and can be found in the /wp-includes directory.

    If you take a look inside that file - and you can see it here - beginning on line 395 you see this:

    395 $allowedtags = array(

    Below that line, is a list of html tags that wordpress allows to be used by default. The tags that are NOT allowed, will be preceded by two forward slashes // which means they are "commented out", or not allowed to be used in this case. If you remove the slashes, the tag will then be allowed, and placing slashes in front of an entry that has none, will disallow it.

    So as you can see, the list of html that can be used in comments is pretty short, and doesn't really present much of a concern. I understand that this can be overridden in a themes functions.php file. I took a look in the iNove functions.php file, and I don't believe I saw anything that indicates that those rules have been overridden or changed for use in the theme.

    Here is the long and the short of it:

    a) I can't think of any reason why you should have to spend your valuable time editing the themes files for this. My advice is to leave the files as they are so that you can enjoy the theme in a fully functional capacity, with all the features intact. You can do this by simply replacing the theme with a fresh copy. (I think There is a newer version available by the way)

    b) Although I can appreciate the concern you have for html in comments, I truly don't think you are at any greater risk than any other forum, blogging platform, chat room, or other software that allows visitors to interact with each other.

    c) I don't think you need to change anything relative to the html tags in comments. I wouldn't hesitate to use that theme just the way it is. In fact I have used it in the past.

    Just my opinion.

    Here is an article that might help to explain how wordpress uses that file to filter the allowed tags. When you compare what you see there, with what you see in the file ( the link I posted above ) it makes more sense.

    http://ottopress.com/2010/wp-quickie-kses/

    Best wishes!

    [edit] just an afterthought... having edited the kses.php file, and not being sure of what was what, you will most definitely want to replace it with a fresh one, or you could end up having some difficulties.

    :-)

  8. comedorsamus
    Member
    Posted 4 years ago #

    Wowza, that is one amazing post, now I feel and know better on allowing html codes, I'll replace my edited kses.php with the original. Thank you very much for all your support. Your life shall be blessed! *waves wand*

  9. ClaytonJames
    Member
    Posted 4 years ago #

    ...And, thank you!!

    :-)

Topic Closed

This topic has been closed to new replies.

About this Topic