Allow Author’s and Contributor’s to use special HTML Attributes in WordPress
kses filter, user roles
You may have noticed, that normal users (especially Author’s and Contributor’s) are not allowed to use all kind of HTML Tags and related Attributes.
Those elements got removed by the WordPress buil-in KSES Filter – and it’s a very useful feature in matter of security to prevent html-code-injection.
But sometimes it is required to enable some additional html tags and/or attributes. You can modify the list of allowed html tags and attributes by appling a custom filter:
The Filter#
Example how to allow EnlighterJS related attributes for pre and code tags
function ksesAllowHtmlCodeAttributes($data, $context){ // only apply filter on post-context if ($context === 'post'){ // list of all available enlighterjs attributes $allowedAttributes = array( 'data-enlighter-language' => true, 'data-enlighter-theme' => true, 'data-enlighter-group' => true, 'data-enlighter-title' => true, 'data-enlighter-linenumbers' => true, 'data-enlighter-highlight' => true, 'data-enlighter-lineoffset' => true ); // apply to pre and code tags $data['pre'] = array_merge($data['pre'], $allowedAttributes); $data['code'] = array_merge($data['code'], $allowedAttributes); } return $data; } // add the filter function (2 arguments and priority 100) add_filter('wp_kses_allowed_html', 'ksesAllowHtmlCodeAttributes', 100, 2);