WordPress.org

Ready to get started?Download WordPress

Forums

User Role Editor
User Role Editor and unfiltered_html (2 posts)

  1. codynew
    Member
    Posted 1 year ago #

    Hi

    I've found that a plugin is causing slashes to be added in before the ' on some articles submitted by a contributor.

    I've been told its something to do with unfiltered_html and I know that URE can edit this setting, but can I ask... what is unfiltered_html? And is it safe for me to enable it for a contributor?

    Thanks

    http://wordpress.org/extend/plugins/user-role-editor/

  2. Vladimir Garagulya
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,
    Allow untrusted user to use unfiltered HTML is insecure, as it may lead to the cross-site scripting vulnerability. By default WordPress removes from post content any HTML forbidden tags, e.g.
    <script></script>, etc.
    Plugin should use stripslashes() PHP function before output any content from the database to the HTML.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.