Comments on: WP Quickie: kses http://ottopress.com/2010/wp-quickie-kses/ You have to use an Ottopress to get fresh squeezed Otto. Wed, 22 May 2013 16:53:20 +0000 hourly 1 http://wordpress.org/?v=3.6-beta3-24284 By: FLATCLE News | WP Quickie: kses » Otto on WordPress http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-11762 FLATCLE News | WP Quickie: kses » Otto on WordPress Thu, 11 Apr 2013 18:26:04 +0000 http://ottopress.com/?p=97#comment-11762 [...] via WP Quickie: kses » Otto on WordPress. [...]

]]> By: Sven http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-11677 Sven Mon, 11 Mar 2013 20:49:45 +0000 http://ottopress.com/?p=97#comment-11677 I usually edit WP core file kses.php every time there is an update, to remove some allowed tags and add some extra.

How could I do that for example via functions.php?

]]> By: Otto http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-11557 Otto Fri, 18 Jan 2013 14:07:01 +0000 http://ottopress.com/?p=97#comment-11557 For performance, it’s best to use kses on the input before saving it to the database. WordPress does this via pre_* filters, such as pre_comment_content and similar. Thus, the “safe” content is what gets saved. Then it can just output it directly.

]]> By: Javier http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-11556 Javier Fri, 18 Jan 2013 14:03:04 +0000 http://ottopress.com/?p=97#comment-11556 Great stuff here! Kind of late, but thanks anyway…

Now, I heard from Mark Jaquith you are not suppose to use kses for ouptputing stuff (performance wise). So if I need to output some user input html, how do I do that? I mean, how do I make sure I’m escaping right and letting that html pass through?

]]> By: Zord http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-11125 Zord Mon, 06 Aug 2012 15:10:23 +0000 http://ottopress.com/?p=97#comment-11125 Of course right after posting here I realized there was a typo in the hook name… it’s _ not -. Thanks anyway, works now :D

]]> By: Zord http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-11124 Zord Mon, 06 Aug 2012 14:49:26 +0000 http://ottopress.com/?p=97#comment-11124 Hi Otto,

I’m trying to make a plugin for kses – basically I want to allow images, but I want to replace

<img src="x" /> with <a href="x"><img src="x" /></a></code>

So here’s where I am right now:

global $allowedtags;
$allowedtags['img'] = array( 'src' => array () );

//take images, and enclose them in a link
function zimgf($ztring){
$result = preg_replace('/<img src="(.+)"(.+)\/>/Ui', '<a href="$1"><img src="$1"$2/></a>', $ztring);
return $result;
}

add_filter('pre-kses', 'zimgf');

Problem is, while this does allow the images through, it doesn’t do the replacing part (the regex works, tried it separately).

]]> By: Otto http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-10915 Otto Wed, 06 Jun 2012 15:22:02 +0000 http://ottopress.com/?p=97#comment-10915 If you don’t want any HTML, just pass it through strip_tags.

]]> By: Kay http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-10914 Kay Wed, 06 Jun 2012 13:04:14 +0000 http://ottopress.com/?p=97#comment-10914 Hi!
Would something like this be valid ?

wp_kses($unfiltered, ”) if i don’t want any html tags allowed?

]]> By: Ryan http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-10237 Ryan Tue, 06 Dec 2011 22:23:23 +0000 http://ottopress.com/?p=97#comment-10237 Awesome post. Thanks again Otto, you always save the day.

]]> By: Content filteren met KSES of REGEX | WPdevil – Devilish Development http://ottopress.com/2010/wp-quickie-kses/comment-page-1/#comment-10217 Content filteren met KSES of REGEX | WPdevil – Devilish Development Fri, 02 Dec 2011 18:39:12 +0000 http://ottopress.com/?p=97#comment-10217 [...] KSES staat voor “kses strips evil scripts” en is een filter voor HTML. WordPress gebruikt het standaard om comments te filteren. Otto legt het verder heel goed uit in zijn post http://ottopress.com/2010/wp-quickie-kses/ [...]

]]>