By default, Post formatting is disabled in USP Pro. Post Formatting enables users to include HTML tags in their post submissions. It also enables HTML tags in email alerts. This quick tutorial explains how to enable Post Formatting in one step.
To enable Post formatting (e.g., auto-paragraphs and line breaks), visit the Advanced settings and enter any HTML tag for the option “Post Formatting”1. For example, you could add the following:
emThat would enable Post formatting and allow visitors to use the <em> tag. You can enter as many tags as you would like (separated by commas); or, if you want to retain formatting without enabling any HTML tags, you can enter an x or some other non-tag and it will be done.
Note: Post Formatting applies to both Post Content and Post Excerpt fields.
Explanation
By default no HTML tags are allowed in submitted post content. The Advanced setting, “Post Formatting”, enables you to enter any specific HTML tags that should be allowed. For example, here are some common and safe tags to allow in post content:
<p>, <ul>, <ol>, <li>, <strong>, <em>, <code>
To allow these tags, the “Post Formatting” setting should contain a comma-separated list of tag names without brackets, like this:
p, ul, ol, li, strong, em, codeYou may allow any HTML tags that you wish, but please be aware that some tags (e.g., <script>, <html>, <head>, et al) should not be allowed for security reasons. If in doubt, leave this option blank to disable all HTML tags in post content.
1 This setting previously was called “Allowed HTML in post” in USP Pro version 2.1 and below.
Notes
FYI here is a pretty comprehensive list of HTML tags considered “safe” for all submitted posts:
article, header, footer, h1, h2, h3, h4, h5, p, ul, ol, dl, dt, d, div, span, br, table, tr, td, th, thead, tbody, tfoot, blockquote, pre, code, img, a, strong, b, em, i, centerNot recommended (unsafe) for unmoderated posts:
html, head, body, script, style, meta, linkIt’s best to never allow these tags in any submitted post content.
For more information about how USP sanitizes submitted content, check out the following functions:
- General Content:
sanitize_content() - Email Alerts:
get_email_vars()
