WordPress.org

Forums

User Role Editor
User Role Editor and unfiltered_html (2 posts)

  1. codynew
    Member
    Posted 2 years ago #

    Hi

    I've found that a plugin is causing slashes to be added in before the ' on some articles submitted by a contributor.

    I've been told its something to do with unfiltered_html and I know that URE can edit this setting, but can I ask... what is unfiltered_html? And is it safe for me to enable it for a contributor?

    Thanks

    http://wordpress.org/extend/plugins/user-role-editor/

  2. Vladimir Garagulya
    Member
    Plugin Author

    Posted 2 years ago #

    Hi,
    Allow untrusted user to use unfiltered HTML is insecure, as it may lead to the cross-site scripting vulnerability. By default WordPress removes from post content any HTML forbidden tags, e.g.
    <script></script>, etc.
    Plugin should use stripslashes() PHP function before output any content from the database to the HTML.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • User Role Editor
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.