Is this even possible? As it stands, if you use strip_tags, the ` feature does not work. If you don't use the strip_tags feature, visitors can embed nasty html in your blog. Is there a plugin that allows you to use the < code > feature and strip html that's not embedded in < code > tags? Does the kses file have anything to do with it?
Getting strip_tags and <code> to work together (10 posts)
-
-
The kses file always has something to do with it. :) That is where you put in allowed tags. like < code > for instance...
-
I'm not familiar with kses. I just came across the file after I posted that message. Will my idea work? I see the code tag in the kses file, so I'm not sure why I'm not getting the results that I want. Is there already a plugin or solution for this?
-
the kses file keeps people from postign any kind of html in posts, nasty or not.
Can you give me a concrete example, or a link?
-
I don't know what was wrong, but I swear the many times that I tried to even put php code in my posts using < code > tags, the php would be stripped. Now, it's working! :) The only problem now, is that I'd like users to post code in their comments to the posts. Right now, the code in comments is stripped. I've started a new topic, since the current thread is not really related to the problem that I now have. http://mu.wordpress.org/forums/topic.php?id=7797&page&replies=1
-
-test
-
the kses file keeps people from postign any kind of html in posts, nasty or not.
Can you give me a concrete example, or a link?
andrea r, after testing some more, I realized that it's still an issue. If you just do a test post on your blog and include an iframe, it lets you post the live iframe. Maybe I have misunderstood the purpose of the kses file. Do I have to do something to 'activate' it or is it not meant to work on the posts - just the comments? I wonder if there's a way to just have all comments and posts appear formatted as code, so that anchor links, iframes, etc appear as just text.
-
Before I go running off to test this - are you using MU or are you using the single Wordpress?
-
It's on both MU and Wordpress, but I think the problem is in the form used to post. If you use the visual editor to post, then the iframe code is converted to this:
<iframe src="http://google.com"></iframe>...and the iframe will not be live on the site.
If you don't use the visual editor in the admin panel, or if you just use a regular form, then the iframe code is not converted and the iframe will be live. So, is wordpress's solution to just use the visual text editor? I hope not. Please offer any suggestions, because I want to allow others to post new topics, but just using a simple form that I am already using (without access to the admin panel, and without their posts being pinged, etc).
-
okay, if you're pasting in any kind of html that you want to actually work, use the Code tab - NOT the visual editor.
As for iframes specifically, I thought they were supposed to be stripped out in MU? I know for sure on my main system all kinds of stuff gets stripped out.
