Where should I add the necessary code to add an extra attribute to the kses allowed tags array?

In trying to post an article on one of the new SE blogs, I came across the following problem. I’m listed as an author which means that my abilities are somewhat restricted. In particular, I’m not allowed to post arbitrary HTML, rather my entries are sent through the kses parser first. This seems a Good Thing in general (I don’t want to be held responsible for the HTML!) but it interferes with one piece of the Markdown processor: quotes. I can’t write:

> this is a quote

because the > gets escaped by the kses routines. Now, modifying the kses code to allow that through is tricky, and is the Wrong Solution (because it would make the kses parser knit too tightly to the Markdown one; actually, the Right Solution would be to validate the data after it had been processed, but never mind …). This isn’t a big problem because, of course, I can just use the <blockquote>...</blockquote> tags directly. Only that turns off the Markdown processor inside it. Since we’re using PHPMarkdownExtra (at least, tests seem to indicate that we are), I can use the markdown="1" fake attribute to turn on Markdown inside the blockquote. But this gets taken out by kses as it’s not on the list of approved attributes!

Read More

However, adding markdown to the list of approved attributes seems much easier than adding support for the > quote syntax; in particular there is an array $allowedposttags that holds this information so it would mean simply changing that array in an obvious way.

But, and this is the question, where is the right place to do that modification? Clearly, modifying kses.php is the Last Resort. My guess would be that the Right Place would be for the markdown.php file to do this modification (since that’s the file that knows that Markdown is going to be used). But if I don’t want to change anything that might be changed upstream, where should I put the required change?

(When I say “I” in the above, I don’t actually mean “me” since I want this to be changed on the SE blogs; so please explain it in language that Rebecca Chernoff can understand!)

Related posts

Leave a Reply

1 comment

  1. In detail there’s the constant CUSTOM_TAGS that allowes defining $allowedposttags, $allowedtags, $allowedentitynames.

    Then you can simply set CUSTOM_TAGS to true and define the globals in a function hooked before kses gets included.

    The first available hook to fire an action that defines $allowedposttags would be muplugins_loaded, but I don’t know if kses is loaded before or after it.

    // Set custom tags to override $allowedposttags, $allowedtags, $allowedentitynames
    if ( ! defined( 'CUSTOM_TAGS' ) )
        define( 'CUSTOM_TAGS', true );
    

    You also got the wp_kses_hook() that contains a self explanatory filter:

    apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols);