[Resolved] Allow select html markup for custom user roles in a multisite wordpress network
I have created a wordpress network which I use to host small client websites. I grant clients a custom user role. I would like to allow all my clients to add Iframes from google docs (Ie spreadsheets) and Paypal (‘buy now’) buttons.
I am aware that I could add unfiltered_html ability to my clients user roles but I don’t want to completely open the floodgates to any and all HTML markup.
I’m also aware that I could add a number of different plugins that allow for similar abilities. However for simplicity I would prefer to rely on the Iframes and forms provided by Google and Paypal on their respective websites.
My question then, is: Is there anyway to allow users to add html from a list of allowed sources of my choosing?
Is there anyway to allow users to add html from a list of allowed sources of my choosing?
I have not seen anyone filter by html “type.” I would not know where to begin 🙂 Just know that a clever iframe or js call can crash the whole network and leave your DB vulnerable — that I have seen before!
No, it’s either all or whatcha got. :/
Why not make them shortcodes that do the embed, and all they need is the paypal ‘code’ or something?
Yea I think I will build shortcodes and insert buttons for tinyMCE. It was only really an idea because a lot of my clients have asked for the functionality and explaining shortcodes proves difficult to some of the less technically minded ones, especially when the companies (paypal and google docs) own websites provide instructions obviously not involving shortcodes. My ultimate goal, and I’m sure most designers are the same, is to keep things as simple as possible for my end user.
Thank you both for your input.
Yes, but ours as developers is to keep your site as SAFE as possible 🙂 iframes? Sadly really dangerous.
@ipstenu Yeah I realise that hence the reason I asked :p
As a follow up question – With Paypal add to cart buttons is there a major difference between the website form and the Email link?
Couldn’t I just get away with using the Email link and some fancy CSS to add these buttons and avoid the form all together? or would that in some way negate security. I assume there must be a problem or Paypal would provide this themselves right?
Ah just reaslised the button wouldn’t allow for product options which would require a drop down form IE colour or Size…
- The topic ‘[Resolved] Allow select html markup for custom user roles in a multisite wordpress network’ is closed to new replies.