Replace $allowedtags with $allowedposttags for textarea #61

Closed
devinsays opened this Issue Jul 27, 2011 · 9 comments

Projects

None yet

6 participants

Owner

The most asked question I get about the framework is how to allow more tags in the textarea. I'm thinking loosening the sanitization here to use $allowedposttags rather than $allowedtags. I'm also considering doing the same for the info tag. Discuss...

Here's a var dump with the differences:

ALLOWED TAGS:

array(13) { ["a"]=> array(2) { ["href"]=> array(0) { } ["title"]=> array(0) { } } ["abbr"]=> array(1) { ["title"]=> array(0) { } } ["acronym"]=> array(1) { ["title"]=> array(0) { } } ["b"]=> array(0) { } ["blockquote"]=> array(1) { ["cite"]=> array(0) { } } ["cite"]=> array(0) { } ["code"]=> array(0) { } ["del"]=> array(1) { ["datetime"]=> array(0) { } } ["em"]=> array(0) { } ["i"]=> array(0) { } ["q"]=> array(1) { ["cite"]=> array(0) { } } ["strike"]=> array(0) { } ["strong"]=> array(0) { } }

ALLOWED POST TAGS:

array(71) { ["address"]=> array(0) { } ["a"]=> array(8) { ["class"]=> array(0) { } ["href"]=> array(0) { } ["id"]=> array(0) { } ["title"]=> array(0) { } ["rel"]=> array(0) { } ["rev"]=> array(0) { } ["name"]=> array(0) { } ["target"]=> array(0) { } } ["abbr"]=> array(2) { ["class"]=> array(0) { } ["title"]=> array(0) { } } ["acronym"]=> array(1) { ["title"]=> array(0) { } } ["article"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["aside"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["b"]=> array(0) { } ["big"]=> array(0) { } ["blockquote"]=> array(5) { ["id"]=> array(0) { } ["cite"]=> array(0) { } ["class"]=> array(0) { } ["lang"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["br"]=> array(1) { ["class"]=> array(0) { } } ["button"]=> array(4) { ["disabled"]=> array(0) { } ["name"]=> array(0) { } ["type"]=> array(0) { } ["value"]=> array(0) { } } ["caption"]=> array(2) { ["align"]=> array(0) { } ["class"]=> array(0) { } } ["cite"]=> array(4) { ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["title"]=> array(0) { } } ["code"]=> array(1) { ["style"]=> array(0) { } } ["col"]=> array(8) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["span"]=> array(0) { } ["dir"]=> array(0) { } ["style"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } ["del"]=> array(1) { ["datetime"]=> array(0) { } } ["dd"]=> array(0) { } ["details"]=> array(7) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["open"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["div"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["dl"]=> array(0) { } ["dt"]=> array(0) { } ["em"]=> array(0) { } ["fieldset"]=> array(0) { } ["figure"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["figcaption"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["font"]=> array(3) { ["color"]=> array(0) { } ["face"]=> array(0) { } ["size"]=> array(0) { } } ["footer"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["form"]=> array(7) { ["action"]=> array(0) { } ["accept"]=> array(0) { } ["accept-charset"]=> array(0) { } ["enctype"]=> array(0) { } ["method"]=> array(0) { } ["name"]=> array(0) { } ["target"]=> array(0) { } } ["h1"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h2"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h3"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h4"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h5"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["h6"]=> array(4) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["id"]=> array(0) { } ["style"]=> array(0) { } } ["header"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["hgroup"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["hr"]=> array(5) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["noshade"]=> array(0) { } ["size"]=> array(0) { } ["width"]=> array(0) { } } ["i"]=> array(0) { } ["img"]=> array(11) { ["alt"]=> array(0) { } ["align"]=> array(0) { } ["border"]=> array(0) { } ["class"]=> array(0) { } ["height"]=> array(0) { } ["hspace"]=> array(0) { } ["longdesc"]=> array(0) { } ["vspace"]=> array(0) { } ["src"]=> array(0) { } ["style"]=> array(0) { } ["width"]=> array(0) { } } ["ins"]=> array(2) { ["datetime"]=> array(0) { } ["cite"]=> array(0) { } } ["kbd"]=> array(0) { } ["label"]=> array(1) { ["for"]=> array(0) { } } ["legend"]=> array(1) { ["align"]=> array(0) { } } ["li"]=> array(2) { ["align"]=> array(0) { } ["class"]=> array(0) { } } ["menu"]=> array(3) { ["class"]=> array(0) { } ["style"]=> array(0) { } ["type"]=> array(0) { } } ["nav"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["p"]=> array(6) { ["class"]=> array(0) { } ["align"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["pre"]=> array(2) { ["style"]=> array(0) { } ["width"]=> array(0) { } } ["q"]=> array(1) { ["cite"]=> array(0) { } } ["s"]=> array(0) { } ["span"]=> array(7) { ["class"]=> array(0) { } ["dir"]=> array(0) { } ["align"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["title"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["section"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["strike"]=> array(0) { } ["strong"]=> array(0) { } ["sub"]=> array(0) { } ["summary"]=> array(6) { ["align"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["lang"]=> array(0) { } ["style"]=> array(0) { } ["xml:lang"]=> array(0) { } } ["sup"]=> array(0) { } ["table"]=> array(12) { ["align"]=> array(0) { } ["bgcolor"]=> array(0) { } ["border"]=> array(0) { } ["cellpadding"]=> array(0) { } ["cellspacing"]=> array(0) { } ["class"]=> array(0) { } ["dir"]=> array(0) { } ["id"]=> array(0) { } ["rules"]=> array(0) { } ["style"]=> array(0) { } ["summary"]=> array(0) { } ["width"]=> array(0) { } } ["tbody"]=> array(4) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["valign"]=> array(0) { } } ["td"]=> array(17) { ["abbr"]=> array(0) { } ["align"]=> array(0) { } ["axis"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["colspan"]=> array(0) { } ["dir"]=> array(0) { } ["headers"]=> array(0) { } ["height"]=> array(0) { } ["nowrap"]=> array(0) { } ["rowspan"]=> array(0) { } ["scope"]=> array(0) { } ["style"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } ["textarea"]=> array(5) { ["cols"]=> array(0) { } ["rows"]=> array(0) { } ["disabled"]=> array(0) { } ["name"]=> array(0) { } ["readonly"]=> array(0) { } } ["tfoot"]=> array(5) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["class"]=> array(0) { } ["charoff"]=> array(0) { } ["valign"]=> array(0) { } } ["th"]=> array(15) { ["abbr"]=> array(0) { } ["align"]=> array(0) { } ["axis"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["colspan"]=> array(0) { } ["headers"]=> array(0) { } ["height"]=> array(0) { } ["nowrap"]=> array(0) { } ["rowspan"]=> array(0) { } ["scope"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } ["thead"]=> array(5) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["valign"]=> array(0) { } } ["title"]=> array(0) { } ["tr"]=> array(7) { ["align"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["class"]=> array(0) { } ["style"]=> array(0) { } ["valign"]=> array(0) { } } ["tt"]=> array(0) { } ["u"]=> array(0) { } ["ul"]=> array(3) { ["class"]=> array(0) { } ["style"]=> array(0) { } ["type"]=> array(0) { } } ["ol"]=> array(4) { ["class"]=> array(0) { } ["start"]=> array(0) { } ["style"]=> array(0) { } ["type"]=> array(0) { } } ["var"]=> array(0) { } }

I rarely need to allow a ton of classes, so I usually just add to the $allowedtags array manually. Maybe an option for people to select what to add? Is that possible even?

what about multiple types of textareas... or different flags that will trigger different levels of sanitization. it might be that i want to give my user a super strict textarea, but then also need to let them put scripts in another.

slhomme commented Jul 28, 2011

Agree with thatryan: " Maybe an option for people to select what to add? Is that possible even?" that'd be ideal I think.

Owner

The end user shouldn't be making those decisions, that would sort of defeat the purpose.

The developers do have a way to select which tags are allowed and not allowed through the filters. It can even get very granular down to the specific option if needed.

Perhaps this could be made even easier by having a: sanitization -> "custom_sanitization" option in the array but I'm not sure that is that much easier since you will still need to write the custom sanitization function.

But, back to the main issue I don't see a problem with creating "info" less strict since a developer would be editing that directly anyways.

I guess I'm asking if anyone thinks it will cause trouble to use $allowedposttags over $allowedtags in textarea? (Remember, it also still balances tags)

You could always apply a filter to make it more strict if needed.

It would be great if we could allow HTML within the textarea. Can you tell me how I can test this on my installation? I think I'm supposed to edit line 11 of options-sanitize.php and change something??

Thanks Devin!

Owner

Yes, lines 10 and 11. allowedtags to allowedposttags.

dfrosso commented Aug 4, 2011

Hi Devin. Great plugin, first of all. Is there a way to allow the "iframe" tag in textarea? This is for using the Google Maps code. Thanks.

Owner

@dfrosso Please read the examples I have in this post: http://wptheming.com/2011/05/options-framework-0-6/

Owner

I'm still getting a lot of requests, even after updating my documentation.

Made the change. If anyone notices any issues, please let me know. A new release still won't be for some time.

@devinsays devinsays closed this Aug 6, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment