[wp-hackers] Why kses filtered html strips class?

jacobsantos at branson.com jacobsantos at branson.com
Thu Aug 2 20:03:26 GMT 2007

Why don't you use something like HTML Purifier and overwrite the default 
Kses for editors? HTML Purifier and a WordPress plugin can be found at 
http://htmlpurifier.org .

If it isn't whitelisted, then it is removed. From reading kses.php, from 
what I can gather is that there are two whitelists. One that has major 
permissions, I guess for Administrators and one that is a more 
restrictive version.

Chris wrote:
> Hi,
> I have a modified plugin which allows my "Editor" users to upload and 
> add links to pdf files from within tinymce editor - (it inserts an 
> icon with a link to the actual pdf file). I have put a 
> class="thumb_icon" into the html, so that the link icons can be styled 
> - but kses is stripping code out - why? and how to modify so that it 
> doesn't.
> I don't really want to allow unfiltered html for the "Editor" 
> capabilities.
> The kses.php mentions using my-hacks.php... if this is the way to go, 
> what would I put in there?
> But I still don't understand why class="xx" is considered nasty and 
> must be removed!
> thanks
> Chris

More information about the wp-hackers mailing list