[wp-hackers] Why kses filtered html strips class?
jacobsantos at branson.com
jacobsantos at branson.com
Thu Aug 2 20:03:26 GMT 2007
Why don't you use something like HTML Purifier and overwrite the default
Kses for editors? HTML Purifier and a WordPress plugin can be found at
http://htmlpurifier.org .
If it isn't whitelisted, then it is removed. From reading kses.php, from
what I can gather is that there are two whitelists. One that has major
permissions, I guess for Administrators and one that is a more
restrictive version.
Chris wrote:
> Hi,
> I have a modified plugin which allows my "Editor" users to upload and
> add links to pdf files from within tinymce editor - (it inserts an
> icon with a link to the actual pdf file). I have put a
> class="thumb_icon" into the html, so that the link icons can be styled
> - but kses is stripping code out - why? and how to modify so that it
> doesn't.
> I don't really want to allow unfiltered html for the "Editor"
> capabilities.
> The kses.php mentions using my-hacks.php... if this is the way to go,
> what would I put in there?
> But I still don't understand why class="xx" is considered nasty and
> must be removed!
> thanks
> Chris
>
More information about the wp-hackers
mailing list