By default, Post formatting is disabled in USP Pro. Post Formatting enables users to include HTML tags in their post submissions. It also enables HTML tags in email alerts. This quick tutorial explains how to enable Post Formatting in one step.
To enable Post formatting (e.g., auto-paragraphs and line breaks), visit the Advanced settings and enter any HTML tag for the option “Post Formatting”1. For example, you could add the following:
img
That would enable Post formatting and allow visitors to use the <img>
tag, so visitors may insert images when using the RTE/Visual Editor. You can enter as many tags as you would like (separated by commas); or, if you want to retain formatting without enabling any HTML tags, you can enter an x
or some other non-tag and it will be done.
1 This setting previously was called “Allowed HTML in post” in USP Pro version 2.1 and below.
Explanation
By default no HTML tags are allowed in submitted post content. The Advanced setting, “Post Formatting”, enables you to enter any specific HTML tags that should be allowed. For example, here are some common and safe tags to allow in post content:
<p>
, <ul>
, <ol>
, <li>
, <strong>
, <em>
, <code>
To allow these tags, the Post Formatting setting should contain a comma-separated list of tag names without brackets, like this:
p, ul, ol, li, strong, em, code
You may allow any HTML tags that you wish, but please be aware that some tags (e.g., <script>
, <html>
, <head>
, et al) should not be allowed for security reasons. If in doubt, leave this option blank to disable all HTML tags in post content.
Notes
FYI here is a pretty comprehensive list of HTML tags considered “safe” for all submitted posts:
article, header, footer, h1, h2, h3, h4, h5, p, ul, ol, dl, dt, d, div, span, br, table, tr, td, th, thead, tbody, tfoot, blockquote, pre, code, img, a, strong, b, em, i, center
Not recommended (unsafe) for unmoderated posts:
html, head, body, script, style, meta, link
It’s best to never allow these tags in any submitted post content.
For more information about how USP sanitizes submitted content, check out the following functions:
- General Content:
sanitize_content()
- Email Alerts:
get_email_vars()