The MU forums have moved to WordPress.org

Why are class- and id-attributes stripped from HTML? (4 posts)

  1. theworkisdone
    Member
    Posted 14 years ago #

    http://trac.mu.wordpress.org/log/trunk is this related to security concerns, too? Just wondering …

  2. peiqinglong
    Member
    Posted 14 years ago #

    Yes. There has been a big discussion about this awhile back and WordPress.com and Donncha feels that IDs can potential open security risks. Donncha explained that basically the KSES.php is synched up with WordPress.com's KSES.php. So if you want to prevent it from being stripped, either hardcode them back into the KSES.php or write a plugin.

  3. theworkisdone
    Member
    Posted 14 years ago #

    Thanks for your reply. Sure, I could put it back in either with a plugin or hardcode it. I know how to override this. But I don’t know how to hack WPMU with id-attributes ;-) So it wouldn’t be wise if there are justified security concerns.

  4. theworkisdone
    Member
    Posted 14 years ago #

    Wow. In no way I wanted to restart another flamewar after discovering this thread: http://mu.wordpress.org/forums/topic.php?id=5258

    Instead I’d like to suggest a possible solution, well at least a part of a solution.

    There is this dropdown menu in the WYSIWYG-Editor where you can switch between different headings, a paragraph and so on. What do you think about extending this menu with the possibility for theme-designers so they can provide a few classes in their themes speak float_left e.g., which are displayed in this menu?

About this Topic

  • Started 14 years ago by theworkisdone
  • Latest reply from theworkisdone