Limiting allowed html elements/strip harmful scripts from editor

2 Views

How can I limit html elements allowed in the tinymce editor in WordPress 3.1 and ensure harmful scripts have been removed (script/embed tags, etc)

Post Views: 2

Related posts

Leave a Reply

1 comment

  1. Adjust HTML-Filter:

    <?php
function fb_change_mce_options($initArray) {
    // Comma separated string od extendes tags
    // Command separated string of extended elements
    $ext = 'pre[id|name|class|style],iframe[align|longdesc|name|width|height|frameborder|scrolling|marginheight|marginwidth|src]';
    if ( isset( $initArray['extended_valid_elements'] ) ) {
        $initArray['extended_valid_elements'] .= ',' . $ext;
    } else {
        $initArray['extended_valid_elements'] = $ext;
    }
    // maybe; set tiny paramter verify_html
    //$initArray['verify_html'] = false;
    return $initArray;
}
add_filter('tiny_mce_before_init', 'fb_change_mce_options');
?>

    Customizing the function of the buttons in your Editor:

    <?php
function fb_change_mce_buttons( $initArray ) {
    //@see http://wiki.moxiecode.com/index.php/TinyMCE:Control_reference
    $initArray['theme_advanced_blockformats'] = 'p,address,pre,code,h3,h4,h5,h6';
    $initArray['theme_advanced_disable'] = 'forecolor';
    return $initArray;
}
add_filter('tiny_mce_before_init', 'fb_change_mce_buttons');
?>

    Change language of spelling:

    <?php
function fb_mce_external_languages($initArray){
    $initArray['spellchecker_languages'] = '+German=de, English=en';
    return $initArray;
}
add_filter('tiny_mce_before_init', 'fb_mce_external_languages');
?>

    The default values of WordPress:

    'mode' => 'specific_textareas'
'editor_selector' => 'theEditor'
'width' => '100%'
'theme' => 'advanced'
'skin' => 'wp_theme'
'theme_advanced_buttons1' => 'bold,italic,strikethrough,|,bullist,numlist,blockquote,|,justifyleft,justifycenter,justifyright,|,link,unlink,wp_more,|,spellchecker,fullscreen,wp_adv'
'theme_advanced_buttons2' => 'formatselect,underline,justifyfull,forecolor,|,pastetext,pasteword,removeformat,|,media,charmap,|,outdent,indent,|,undo,redo,wp_help'
'theme_advanced_buttons3' => ''
'theme_advanced_buttons4' => ''
'language' => 'de'
'spellchecker_languages' => 'English=en,Danish=da,Dutch=nl,Finnish=fi,French=fr,+German=de,Italian=it,Polish=pl,Portuguese=pt,Spanish=es,Swedish=sv'
'theme_advanced_toolbar_location' => 'top'
'theme_advanced_toolbar_align' => 'left'
'theme_advanced_statusbar_location' => 'bottom'
'theme_advanced_resizing' => true
'theme_advanced_resize_horizontal' => false
'dialog_type' => 'modal'
'relative_urls' => false
'remove_script_host' => false
'convert_urls' => false
'apply_source_formatting' => false
'remove_linebreaks' => true
'gecko_spellcheck' => true
'entities' => '38,amp,60,lt,62,gt'
'accessibility_focus' => true
'tabfocus_elements' => 'major-publishing-actions'
'media_strict' => false
'paste_remove_styles' => true
'paste_remove_spans' => true
'paste_strip_class_attributes' => 'all'
'wpeditimage_disable_captions' => false
'plugins' => 'safari,inlinepopups,spellchecker,paste,wordpress,media,fullscreen,wpeditimage,wpgallery,tabfocus'

    I hope this helps you. You should be able to change just about anything you like.