By default, Post formatting is disabled in USP Pro. Post Formatting enables users to include HTML tags in their post submissions. It also enables HTML tags in email alerts. This quick tutorial explains how to enable Post Formatting in one step.

To enable Post formatting (e.g., auto-paragraphs and line breaks), visit the Advanced settings and enter any HTML tag for the option “Post Formatting”1. For example, you could add the following:

img

That would enable Post formatting and allow visitors to use the <img> tag, so visitors may insert images when using the RTE/Visual Editor. You can enter as many tags as you would like (separated by commas); or, if you want to retain formatting without enabling any HTML tags, you can enter an x or some other non-tag and it will be done.

Note: Post Formatting applies to both Post Content and Post Excerpt fields.

1 This setting previously was called “Allowed HTML in post” in USP Pro version 2.1 and below.

Explanation

By default no HTML tags are allowed in submitted post content. The Advanced setting, “Post Formatting”, enables you to enter any specific HTML tags that should be allowed. For example, here are some common and safe tags to allow in post content:

<p>, <ul>, <ol>, <li>, <strong>, <em>, <code>

To allow these tags, the Post Formatting setting should contain a comma-separated list of tag names without brackets, like this: 

p, ul, ol, li, strong, em, code

You may allow any HTML tags that you wish, but please be aware that some tags (e.g., <script>, <html>, <head>, et al) should not be allowed for security reasons. If in doubt, leave this option blank to disable all HTML tags in post content.

Notes

FYI here is a pretty comprehensive list of HTML tags considered “safe” for all submitted posts:

article, header, footer, h1, h2, h3, h4, h5, p, ul, ol, dl, dt, d, div, span, br, table, tr, td, th, thead, tbody, tfoot, blockquote, pre, code, img, a, strong, b, em, i, center

Not recommended (unsafe) for unmoderated posts:

html, head, body, script, style, meta, link

It’s best to never allow these tags in any submitted post content.

For more information about how USP sanitizes submitted content, check out the following functions:

  • General Content: sanitize_content()
  • Email Alerts: get_email_vars()