Allowing html tags for Administrators and Editors in WPMU

Resolved

(@ixistudio)

How secure do you think the code below is?

I’m trying to allow Administrators and Editors to be able to have these tags available when editing post content, but I wonder why they got removed from the list of default allowed tags anyways.

function tcg_wp_kses_allowed_html($tags, $context) {

   // Add required HTML TAGS for regular users 
   if($context == "post") {

      $tags['picture']           = array();
      $tags['picture']['class']  = true;

      $tags['source']            = array();
      $tags['source']["class"]  = true;
      $tags['source']["media"]  = true;
      $tags['source']["sizes"]  = true;
      $tags['source']["data-*"]  = true;

   }

   /** This filter is documented in wp-includes/kses.php */
   return $tags;

}

add_filter('wp_kses_allowed_html', 'tcg_wp_kses_allowed_html', 11, 2);

Viewing 2 replies - 1 through 2 (of 2 total)

cln.lgr
(@clnlgrgmailcom)

1 month, 1 week ago
Ah kses, I was down that rabbit hole. I’d recommend you contact WPMU directly. I can’t answer if it’s secure or not.
I can’t recall at the moment the exact fix but I do remember that tag after tag, I had to add them all.
- This reply was modified 1 month, 1 week ago by cln.lgr.
Thread Starter Alberto
(@ixistudio)

1 month ago

Yes, adding all tags sounds tedious.

I believe this is the right place to ask, according to the WPMU docs.
Also, it looks like the right acronym for WP Multisite is WPMS.

Now, the code above has worked ok so far. Im only adding a few tags I need that aren’t included on the default allowed tags. The images are being lazyloaded, the “srcset” attribute is put there via JS.

So far so good 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Views