» WordPress Strips Classnames, And How To Fix It MaisonBisson.com

WordPress Strips Classnames, And How To Fix It

WordPress 2.0 introduced some sophisticated HTML inspecting and de-linting courtesy of kses.

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks.

It’s a good addition, but it was also removing the class names from some of the elements of my posts. The result is that the following structured XHTML was coming through without any structure.

<ul class=“fullrecord”> <li class=“title”><h3>Title</h3> <ul> <li>The Effects Of A Modified Ball In Developing The Volleyball Pass And Set For High School Students</li> </ul> </li> <li class=“attribution”>...

Without the semantic value of the classnames, the XHTML loses all the microformat ting, making it not only less re-usable/remixable but also harder to style.

<ul> <li><h3>Title</h3> <ul> <li>The Effects Of A Modified Ball In Developing The Volleyball Pass And Set For High School Students</li> </ul> </li> <li>...

A WordPress form post pointed me to the includes/kses.php file, where the $allowedposttags array set the standards for the acceptable tags and attributes. It begins like this:

$allowedposttags = array ('address' => array (), 'a' => array ('href' => array (), 'title' => array (), 'rel' => array ()...

It’s a hack, but changing the entries for some of the tags got me through.

'ul' => array ('class' => array())

WordPress, strip tags, kses, code, fix, hack, class names, semantic markup

Posted May 15, 2007 by Casey
Categories: Technology. Tags: class names, code, fix, hack, kses, semantic markup, strip tags, wordpress.

4 Comments

Comment by Steve Lawson on May 15, 2007 5:18 pm
So this is why WP stripped out so many classes and IDs when I switched platforms and imported my old MT posts? Good to know. Man, that pissed me off, but by the time I’d realized what happened it seemed too late to go back and try again. Besides, I had no idea how to fix it.
Comment by Casey on May 16, 2007 9:42 pm
Yeah, it’s pretty frustrating when you don’t know what’s going on. And only a little less frustrating once you do.

Still, it helps those who don’t know what they’re doing (and those who do, but have malicious intent) from breaking things.
Comment by Alpha on August 13, 2007 4:43 pm
Wordpress should replaces their kses code with the code used in this modified version of kses — http://sourceforge.net/tracker/index.php?func=detail&aid=1752954&group_id=81853&atid=564260

The modified kses produces better HTML, fixes bugs, allows CSS usage, etc.
Comment by dieselboi on March 6, 2008 12:30 am
woo hooo. that totally worked!

Comments RSS TrackBack Identifier URI

Leave a comment

Projects

Elsewhere...

Meta