WordPress 2.0 introduced some sophisticated HTML inspecting and de-linting courtesy of kses.
kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks.
It’s a good addition, but it was also removing the class names from some of the elements of my posts. The result is that the following structured XHTML was coming through without any structure.
<ul class=“fullrecord”>
<li class=“title”><h3>Title</h3>
<ul>
<li>The Effects Of A Modified Ball In Developing The Volleyball Pass And Set For High School Students</li>
</ul>
</li>
<li class=“attribution”>...
Without the semantic value of the classnames, the XHTML loses all the microformatting, making it not only less re-usable/remixable but also harder to style.
<ul>
<li><h3>Title</h3>
<ul>
<li>The Effects Of A Modified Ball In Developing The Volleyball Pass And Set For High School Students</li>
</ul>
</li>
<li>...
A WordPress form post pointed me to the includes/kses.php file, where the $allowedposttags array set the standards for the acceptable tags and attributes. It begins like this:
$allowedposttags = array ('address' => array (), 'a' => array ('href' => array (), 'title' => array (), 'rel' => array ()...
It’s a hack, but changing the entries for some of the tags got me through.
'ul' => array ('class' => array())
WordPress, strip tags, kses, code, fix, hack, class names, semantic markup
Posted May 15, 2007 by Casey Bisson
Categories: Technology. Tags: class names, code, fix, hack, kses, semantic markup, strip tags, wordpress.
6 Comments
Comments RSS
TrackBack Identifier URI
Leave a comment
User contributed tags for this post:
wordpress kses (39) - fix.89.com (27) - fix 89 (17) - php filter (17) - wordpress strip html (15) - FİX 89.COM (13) - Wordpress strips html (11) - wordpress allowedposttags (10) - Wordpress stripping HTML (9) - wordpress (9) - wordpress strips code (8) - kses wordpress (8) - wordpress strips css (8) - class (7) - wordpress xmlrpc strip tags (7) - wordpress strip (6) - wordpress strips classes (5) - fıx.89 (5) - allowedposttags (5) - wordpress avoid strip tag (5) - wordpress strip tags (5) - www.fix 89.net (4) - fix.89 net (4) - wordpress $allowedposttags (4) - allowedposttags style (4) - wordpress strip style tag (4) - wordpress removes html (4) - php strip html attributes (3) - php strip tags hack (3) - kses buffer wordpress (3) - www.fix.89 (3) - wordpress strips a (3) - wordpress kses.php (3) - wordpress stripping CSS (3) - wordpress strips HTML from comments (3) - wordpress strips tags (3) - www.fix.89.net (3) - wordpress delete pre attributes (3) - wordpress strips (3) - wordpress kses style (3) - fix 89.net (3) - wordpress strip class (2) - wordpress strips style attribute (2) - kses html wordpress (2) - fix89 (2) - wordpress strips class tags (2) - wordpress classes (2) - wordpress mu strip html (2) - wordpress kses plugin (2) - kses plugin (2) - wordpress strips style (2) - wordpress striptags (2) - wordpress strips css classes (2) - wordpress stripping tags fix (2) - fix 89 net (2) - kses.php wordpress (2) - wordpress strip post words (2) - wordpress rss strips html (2) - wordpress mu html filter (2) - wordpress strips (2) - wordpress strip word markup (2) - wordpress filter kses (2) - wordpress remove html tags (2) - wordpress class (2) - wordpress strip html fix bug (2) - wordpress code stripping form (2) - wordpress stripping tags (2) - wordpress archive strips out html (2) - wordpress post by email a href (2) - wordpress KSES -MU (2) - Wordpress removes attribute tag xmlrpc (2) - wordpress editor strip html (2) - replacing kses.php fixed the problem (2) - wordpress html filter (2) - wordpress removes IDs and classes (2) - html striping wordpress (2) - wordpress plugin strip tags (2) - wordpress kses disable (2) - xml-rpc stripping < (2) - wordpress stripping classes from tags (2) - kses.php CSS (2) - wordpress kses fix (2) - wordpress feed strips html (2) - wordpress strip tags rss feed (2) - using strip tags in wordpress (2) - wordpress strips my HTML (2) - word press strips tags (2) - wordpress strips class (2) - www.fix.89.com (2) - wordpress.org kses (2) - php strip attributes (2) - wordpress stripping classes (2) - wpmu $allowedposttags (2) - wordpress strips class attributes (2) - wordpress strips html tags (2) - F (2) - strip word markup wordpress (2) - kses (2) - fix wordpress strip html tags (1) - wordpress strips css attributes kses (1) - wordpress plugin: remove kses (1) - wordpress xmlrpc stripping html tag (1) - fix html code wordpress (1) - xml rpc strips < > (1) - wordpress removes styles (1) - site do mu strips (1) - WordPress strips all HTML (1) - strip date from wordpress post $post-> (1) - $allowedposttags (1) - wordpress strips css style tag (1) - wordpress removes html ecto (1) - wordpress stripping code (1) - wordpress element striping of tag (1) - php xml-rpc strips html (1) - xmlrpc stripping <> (1) - wordpress mu strips php (1) - fix wordpress xhtml (1) - wordpress strips
So this is why WP stripped out so many classes and IDs when I switched platforms and imported my old MT posts? Good to know. Man, that pissed me off, but by the time I’d realized what happened it seemed too late to go back and try again. Besides, I had no idea how to fix it.
Yeah, it’s pretty frustrating when you don’t know what’s going on. And only a little less frustrating once you do.
Still, it helps those who don’t know what they’re doing (and those who do, but have malicious intent) from breaking things.
Wordpress should replaces their kses code with the code used in this modified version of kses — http://sourceforge.net/tracker/index.php?func=detail&aid=1752954&group_id=81853&atid=564260
The modified kses produces better HTML, fixes bugs, allows CSS usage, etc.
woo hooo. that totally worked!
[...] and Flash embeds. This would be fine if it were configurable, but sadly it is not. Various hacks exist to remedy the situation, but for such a pluggable piece of software as WordPress - hacks just seem [...]
[...] in my span HTML elements. To fix the problem, I followed the trail of references leading from » WordPress Strips Classnames, And How To Fix It MaisonBisson.com. I learned that WordPress uses the kses PHP library to filter HTML of possibly invalid and [...]