Title: XSS TinyMCE – filter attributes
Last modified: August 21, 2016

---

# XSS TinyMCE – filter attributes

 *  Resolved [Ninos](https://wordpress.org/support/users/ninos-ego/)
 * (@ninos-ego)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/xss-tinymce-filter-attributes/)
 * Hey there,
    I have a security problem. Adding some html-attributes to the editor(
   TinyMCE) like onmouseover, onclick etc. I can run javascript on the client-browser,
   because there’s no function that is filtering the html attributes. The problem
   is, that I also have a front-site editor and want to filter some html-attributes.
   The unsecure tags like <script></script> will be removed with the strip_tags 
   function. Is there already a function in wordpress or is this a security issue?
 * Thanks,
    Ninos
 * PS: bbpress is removing the attributes for non-admins, but I haven’t found a 
   function that’s doing that :/

Viewing 1 replies (of 1 total)

 *  Thread Starter [Ninos](https://wordpress.org/support/users/ninos-ego/)
 * (@ninos-ego)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/xss-tinymce-filter-attributes/#post-3900782)
 * Ok have found following:
    [wp_kses](http://codex.wordpress.org/Function_Reference/wp_kses)
   With this function I can work! 🙂

Viewing 1 replies (of 1 total)

The topic ‘XSS TinyMCE – filter attributes’ is closed to new replies.

## Tags

 * [attributs](https://wordpress.org/support/topic-tag/attributs/)
 * [Cross-site scripting](https://wordpress.org/support/topic-tag/cross-site-scripting/)
 * [html](https://wordpress.org/support/topic-tag/html/)
 * [KSES](https://wordpress.org/support/topic-tag/kses/)
 * [onclick](https://wordpress.org/support/topic-tag/onclick/)
 * [tinymce](https://wordpress.org/support/topic-tag/tinymce/)
 * [wp_kses](https://wordpress.org/support/topic-tag/wp_kses/)
 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 1 participant
 * Last reply from: [Ninos](https://wordpress.org/support/users/ninos-ego/)
 * Last activity: [12 years, 10 months ago](https://wordpress.org/support/topic/xss-tinymce-filter-attributes/#post-3900782)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics