[wp-trac] [WordPress Trac] #8786: Add option to disable unfiltered_html for all users (and explain it in the process)

WordPress Trac wp-trac at lists.automattic.com
Sat Jan 3 03:03:49 GMT 2009 

#8786: Add option to disable unfiltered_html for all users (and explain it in the
process)
--------------------------+-------------------------------------------------
 Reporter:  jeremyclarke  |       Owner:  ryan
     Type:  defect (bug)  |      Status:  new 
 Priority:  normal        |   Milestone:  2.8 
Component:  Security      |     Version:      
 Severity:  normal        |    Keywords:      
--------------------------+-------------------------------------------------
 Right now the unfiltered_html capability is really confusing to users and
 admins. It's not explained anywhere and it can have really annoying
 effects, including admins being unable to reproduce html stripping that
 their users are reporting, which is frustrating for everyone involved.

 I think that a concise  checkbox setting in SETTINGS > WRITING would make
 a really big difference to these problems. It could simultaneously offer
 an easy way for admins on sites where JS etc are neccessary to loossen
 restrictions (without installing the Role Manager plugin just for that,
 which is annoying and causes compatibility problems) and it would put the
 fact that different user levels have different filters in front of  admins
 in a way that will let them know that it exists at all (its pretty silent
 at the moment).

 My proposed text for the setting (it would go in the 'Formatting
 section'):

 "[x] Let all users post unfiltered html ( allow <style>, <div>
 ...others)".

 I think it would fit well with the other formatting options and have
 little cluttering effect (geez, that emoticon one is still there?). It
 would also have the above-mentioned effect of making admins aware that
 some users don't have full HTML privileges and let them know exactly what
 tags are and aren't allowed for some users.

 The effect of the option would be to give all roles the freedom to use
 forbidden html tags. Either by lowering the user_level needed to access it
 or by modifying the serialized roles option in wp_options.

 Admittedly this setting might be controversial (Jacob Santos expressed
 paranoia about it in IRC) because it could encourage people to loosen
 security, but I think the benefits outweigh the dangers:
  * a lot of setups really don't have to worry about security as much as
 they do about inexpliccable formatting problems (which WP is famous for,
 probably in large part due to the effects of unfiltered_html).
  * in the absence of this option, a lot of sites probably just increase
 the role of all users to admin because they don't understand the problem,
 which is definitely not a good solution.
  * if you use roles that can't publish (like  the default 'contributor')
 you are probably reading through the posts anyway, so you might not care
 about js because you can catch it yourself.

 Thanks for reading. I don't have a patch or anything but it seems like it
 would probably be relatively simple. The main concern would probably be
 keeping it safe for use with the other capability-modifying plugins, which
 shouldnt' be too hard.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8786>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list