[wp-hackers] No filter for KSES allowed tags?

Otto otto at ottodestruct.com
Tue Jun 8 06:11:27 UTC 2010


I'm not 100% on this, but kses is used in the core in a lot of places.
A filter on these would make it slightly too easy to override globally
and thus possibly result in accidental side effects, some of which
could impact security. If you need kses for some particular custom
piece, then the wp_kses() function lets you define an array of allowed
tags manually, or you can modify the global variable directly, or you
can use the pre_kses filter to modify them... lots of ways.

I have a post on the topic here: http://ottopress.com/2010/wp-quickie-kses/


-Otto



On Mon, Jun 7, 2010 at 11:54 PM, John Blackbourn
<johnbillion+wp at gmail.com> wrote:
> The $allowedposttags and $allowedtags arrays which hold the allowed
> tags for KSES don't have filters on them. In order to override them
> you have to define a CUSTOM_TAGS constant. This is a pretty antiquated
> way of doing things, and these two arrays would be better off if they
> had filters on them. (The CUSTOM_TAGS constant would still be given
> priority for back compat.)
>
> Just checking with the list before I open a ticket - I'm not missing a
> filter somewhere am I?
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list