Plugin Planet

Premium WordPress Plugins

USP Pro disables HTML tags in submitted post content. This is a security measure, but it is easily enabled via the Post Formatting setting. There you can allow any HTML tags you wish. By default, there is a predefined set of default attributes that may be added to each allowed HTML tag. This post dips into some of this and provides an easy function for allowing additional attributes in HTML tags.

Default Allowed HTML Tags

These are the default attributes that always are allowed on HTML tags:

$allowed_atts = array(

	'align'      => array(),
	'class'      => array(),
	'type'       => array(),
	'id'         => array(),
	'dir'        => array(),
	'lang'       => array(),
	'style'      => array(),
	'xml:lang'   => array(),
	'src'        => array(),
	'alt'        => array(),
	'href'       => array(),
	'rel'        => array(),
	'rev'        => array(),
	'novalidate' => array(),
	'type'       => array(),
	'value'      => array(),
	'name'       => array(),
	'tabindex'   => array(),
	'action'     => array(),
	'method'     => array(),
	'for'        => array(),
	'width'      => array(),
	'height'     => array(),
	'data'       => array(),
	'title'      => array(),
	'url'        => array(),

);

For more details, open /inc/usp-process.php and locate sanitize_content(). All the functionality for allowed attributes is contained in that one function. No need to edit core files to add more attributes, USP Pro provides a filter hook for it.

Allow Custom Attributes

The default allowed attributes are limited purposely, but it is possible to add your own atts to the allow list. Here is an example code snippet that you can add via theme functions.php or simple plugin.

// USP Pro - Allow Custom Attribute
function usp_allow_custom_atts($allowed_atts) {
	
	$allowed_atts['data-bacon'] = array();
	
	return $allowed_atts;
	
}
add_filter('usp_sanitize_content_atts', 'usp_allow_custom_atts');

All we’re doing here is adding data-bacon to the $allowed_atts array. Feel free to modify that to whatever attribute you want to allow in post-content HTML tags. If you want to add multiple attributes:

// USP Pro - Allow Custom Attributes
function usp_allow_custom_atts($allowed_atts) {
	
	$allowed_atts['data-bacon'] = array();
	$allowed_atts['data-donut'] = array();
	$allowed_atts['data-syrup'] = array();
	// etc.

	return $allowed_atts;
	
}
add_filter('usp_sanitize_content_atts', 'usp_allow_custom_atts');

Here we are adding three attributes to the allowed array: data-bacon, data-donut, data-syrup. You can add any tags that are necessary, but please keep security in mind: make sure that there are no known security vulnerabilities associated with the attributes that you want to allow. Word to the wise, keep it safe folks.