allowedtags

Ever wonder how WordPress allows only certain HTML elements and attributes in comments? The allowed HTML elements are specified in the global variable allowedtags. It is an associative array set in [wordpress root folder]/wp-includes/kses.php (kses is a HTML/XHTML filter written in PHP). It is used in function wp_filter_kses($data) defined in [wordpress root folder]/wp-includes/kses.php which is eventually executed for the action init. This global variable is used for filtering only comments and titles, not the post content. For the post content, global variable allowedposttags is used.

allowed_tags() function, defined in [wordpress root folder]/wp-includes/template-functions-general.php, can be used to retrieve the different allowed elements.

To modify the HTML elements, modify the [wordpress root folder]/wp-includes/kses.php to modify the elements. Stopping HTML in Comments section in this codex document detailing the steps for modification. The bad thing is about this is that this will be a hack. If WordPress is later upgraded, this code change will be overwritten and will have to be redone.

Optionally, unfiltered_html capability can be added to disable the default filtering of HTML elements specified in [wordpress root folder]/wp-includes/kses.php. Plugins can be written to add custom functions for the filter init to allow your set of HTML elements. unfiltered_html setting should be carefully enabled as it can allow posting of malicious code.

Back to full list of global variables.

Technorati tags: , , ,

Advertisements

One Response to “allowedtags”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: