Have you ever found the need to embed some JavaScript or embed a Video Widget in page content, and found that WordPress stripped out your script or video tags?

The issue is with a global WordPress variable array called $allowedposttags, which is a big array of allowed tags and sub-arrays which list the allowed attributes.

You can modify it directly in your theme or write up a plugin, or you can just use these two that are already made:

ASD wp_kses Tags Script

ASD wp_kses Tags Video

Security

The Script tag limits attributes down to just “type”, so no “src” can be added, which would allow scripts to be loaded from remote sites.

Even then, adding the Scripts tag means that you are trusting your userbase to not be horrible and evil, as you are now allowing them to embed code in content.

Same goes for Video tags.

Another Annoying WordPress thing: no onClick

Another of WordPress’s annoying features is the fact that by default a div tag can’t have the onclick attribute.

Here is another quick plugin to solve that:
ASD wp_kses onClick

Leave a Reply