Title: Unsafe HTML by Feed Last modified: July 5, 2023 --- # Unsafe HTML by Feed * Resolved [ulicgn](https://wordpress.org/support/users/ulicgn/) * (@ulicgn) * [2 years, 10 months ago](https://wordpress.org/support/topic/unsafe-html-by-feed/) * I have a feed that contains html in a CDATA section containing images ( i.e. it contains img src tags). This feed is TRUSTED, and I want to import the html tags into posts. Some tags however, like images, are stripped away upon import. I tried some actions from the docs ( like using ‘feedzy_modify_feed_config’ to set    $feed->strip_attributes(false); , or like overwriting ‘feedzy_summary_input’ to skip filtering for some feeds, but all this did not work. The filters/actions I tried were taken from the shortcode docs and probably are not exectuted when importing. * The only thing that worked, was setting * define( ‘FEEDZY_ALLOW_UNSAFE_HTML’, true ); according to [https://docs.themeisle.com/article/1154-how-to-use-feed-to-post-feature-in-feedzy](https://docs.themeisle.com/article/1154-how-to-use-feed-to-post-feature-in-feedzy) * This does not feel good, since it allows HTML now in every feed. Is there any way to set this for specific feeds only, like in a filter that is executed when feed items are turned into posts? * Regards * Ulrich - This topic was modified 2 years, 10 months ago by [ulicgn](https://wordpress.org/support/users/ulicgn/). * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Funsafe-html-by-feed%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Support [AndreeaR](https://wordpress.org/support/users/andreearadacina21/) * (@andreearadacina21) * [2 years, 10 months ago](https://wordpress.org/support/topic/unsafe-html-by-feed/#post-16874874) * Hi [@ulicgn](https://wordpress.org/support/users/ulicgn/), * Thank you for using Feedzy! * We have a helpful document that explains how you can preserve HTML in your feed items’ content. You can find it here: [https://docs.themeisle.com/article/542-how-to-keep-html-in-feed-items-content](https://docs.themeisle.com/article/542-how-to-keep-html-in-feed-items-content). * Please feel free to reach out if you have any further questions or if there’s anything else we can assist you with. * Thread Starter [ulicgn](https://wordpress.org/support/users/ulicgn/) * (@ulicgn) * [2 years, 10 months ago](https://wordpress.org/support/topic/unsafe-html-by-feed/#post-16875776) * [@andreearadacina21](https://wordpress.org/support/users/andreearadacina21/) thank you for this pointer – I was not aware of this documentation. What I had tried was taken from [https://docs.themeisle.com/article/942-in-feedzy-how-do-i#remove-html-tags](https://docs.themeisle.com/article/942-in-feedzy-how-do-i#remove-html-tags), and it did not work for me ( since it was probably meant for the shortcode usage) Looks quite similar though, with minor differences. * So I will certainly try it and report back how it worked, however I can do that not before next Tuesday. Until then, I would leave this topic in unresolved state. Thanks and best regards, * Uli * Thread Starter [ulicgn](https://wordpress.org/support/users/ulicgn/) * (@ulicgn) * [2 years, 10 months ago](https://wordpress.org/support/topic/unsafe-html-by-feed/#post-16883409) * [@andreearadacina21](https://wordpress.org/support/users/andreearadacina21/) I disabled the FEEDZY_ALLOW_UNSAFE_HTML define and tried your code as suggested, with minor modifications. To identify the filter, I added “(unfiltered)” or “( filtered)” to the output: * ```wp-block-code function kdefd_summary_input( $description, $content, $feedURL ) { //If you want to use the item content as the description. If not, then remove this line //If feed don't have content meta, $content is already equal to $description $description = $content; if (strpos($feedURL, "my-trusted-feed-domain.de") !== false) { $description = $description . " (unfiltered)"; } else { //Remove the item HTML tags (as in the default hook) if not in the above list $description = trim( strip_tags( $description ) ) . " (filtered) "; } //Remove hellip (as in the default hook) //Keep in mind that it will be added later in the plugin render $description = trim( chop( $description, '[…]' ) ); return $description; } ``` * In the source feed, there is a CDATA description section containing some HTML tags: * ```wp-block-code https://www.example.com/5540093 https://www.example.com/5540093 Wed, 21 Jun 2023 14:16:46 +0200 <![CDATA[ My Title as CDATA ]]> Foto 1
Foto 1
Foto 2
Foto 2
Quelle:https://www.example.com/5540093
]]> ``` * In the Map-Content section, I configured the [#item_description] placeholder for the import into posts. The resulting post contains the “(unfiltered)” text, so the filter is indeed executed. However, the tags are there. : * ```wp-block-code Output in the Post:
Foto 1
Foto 2
Quelle:....
(unfiltered) ``` * So far, the only way to keep the