Skip to content

How WordPress Sanitizes Tags and Attributes

Yesterday, I thought that my installations of WordPress did not allow the use of the class attribute in my span HTML elements. To fix the problem, I followed the trail of references leading from » WordPress Strips Classnames, And How To Fix It I learned that WordPress uses the kses PHP library to filter HTML of possibly invalid and non-secure constructs. It turned out that the kses configuration in WordPress 2.6.3 wasn't responsible for filtering out the class attributes after all — it was the HTML editor in visual mode.

Post a Comment

You must be logged in to post a comment.