WordPress.org

Support

Support » Plugins and Hacks » User Role Editor » User Role Editor and unfiltered_html

User Role Editor and unfiltered_html

  • Hi

    I’ve found that a plugin is causing slashes to be added in before the ‘ on some articles submitted by a contributor.

    I’ve been told its something to do with unfiltered_html and I know that URE can edit this setting, but can I ask… what is unfiltered_html? And is it safe for me to enable it for a contributor?

    Thanks

    http://wordpress.org/extend/plugins/user-role-editor/

Viewing 1 replies (of 1 total)
  • Plugin Author Vladimir Garagulya

    @shinephp

    Hi,
    Allow untrusted user to use unfiltered HTML is insecure, as it may lead to the cross-site scripting vulnerability. By default WordPress removes from post content any HTML forbidden tags, e.g.
    <script></script>, etc.
    Plugin should use stripslashes() PHP function before output any content from the database to the HTML.

Viewing 1 replies (of 1 total)
  • The topic ‘User Role Editor and unfiltered_html’ is closed to new replies.
Skip to toolbar