The Blog of Adam Patten

Yesterday I discovered an interesting little feature of WordPress, unfiltered HTML. Certain users do not have the ability to create/edit post/pages with unfiltered HTML. For security reasons, I would assume, WordPress by default does not allow any users besides an admin or editor to enter unfiltered HTML. This caused a problem for me when I created some pages on a site I was working on with id and class attributes included in my markup. Everything worked fine after I added all the content, but then I had a writer updating the content and after she was done, bam! all those id and class attributes were gone! Now I had a bunch of broken anchor links and un-styled elements.

I figured it was an issue with TinyMCE striping away those attributes so I hunted around the TinyMCE config filelooking for answers. I found the following line that looked like it was the answer to my problem.
$valid_elements = 'p/-div[*],-strong/-b[*],-em/-i[*],-font[*],-ul[*],-ol[*],-li[*],*[*]';
I checked out the TinyMCE documentation so see what this line of code did. Turns out it does define the rules of what gets filtered out of the markup, but the very last item “*[*]” didn’t make sense to me. Basically it says all tags can have all attributes so I was confused since this obviously wasn’t the case. I even wrote a plugin to specifically allow the id and class attributes for all the h tags and the img tags, but that did not solve my problem.

I had been trying to figure this problem out for a hour with no real progress made so I turned to Andy and Brian for help. After a little explaining of the problem and recreating it Andy realized it was an issue with the unfiltered HTML setting on the writers account. Using the Role Manager plugin you can allow the unfiltered capability on any account you wish and hopefully avoid this problem by changing the setting ahead of time. Hope this helps anyone else that runs into this random problem.

Popularity: 89% [?]