Remove non-allowed HTML on comment output rather than on comment save
When someone leaves a comment with non-allowed HTML (such as
<table>), it’s stripped BEFORE it’s inserted into the database.
IMO, it should be stripped by the function before it’s displayed instead. This way, if someone decides to change what tags are allowed in their comments, previously non-allowed by now allowed tags will be displayed.
This will also allow
<code>formatting plugins to allow commenters to post code that uses non-allowed tags without having to manually replace
Or can someone think of a drawback to allowing non-allowed HTML into the database? I mean, some plugins may be affected that manually grab the content of a comment from the database, but they’d just need to run the comment content through the stripping function(s) first.
- The topic ‘Remove non-allowed HTML on comment output rather than on comment save’ is closed to new replies.