Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
05/06/2018 10:47:08 AM (7 years ago)
Author:
imath
Message:

BP Nouveau: restrict the allowed HTML tags for Messages.

BP Nouveau is using the WP Editor to improve the user experience of the Messages component when people are writing a new message or replying to a thread. So far allowed HTML tags for the messages content *when BP Nouveau is the active template pack* were the same than WordPress Posts. When BP Nouveau is not the active template pack, the allowed tags are those of the WordPress global .

This commit is introducing a new function that is used to filter the allowed HTML tags for activity content and message content. It extends the with new tags (img, span, ul, ol & li) and leaves specific functions to the 2 components to include filters so that it is possible to restrict/extend allowed HTML tags for both content types or one of them. It also restricts the WP Editor available buttons when used into the BP Nouveau Messages UI so that they are consistent with the allowed HTML tags.

Props DJPaul

Fixes #7795

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/bp-activity/bp-activity-filters.php

    r11763 r12067  
    203203 */
    204204function bp_activity_filter_kses( $content ) {
    205     global $allowedtags;
    206 
    207     $activity_allowedtags = $allowedtags;
    208     $activity_allowedtags['a']['aria-label']      = array();
    209     $activity_allowedtags['a']['class']           = array();
    210     $activity_allowedtags['a']['data-bp-tooltip'] = array();
    211     $activity_allowedtags['a']['id']              = array();
    212     $activity_allowedtags['a']['rel']             = array();
    213     $activity_allowedtags['a']['title']           = array();
    214 
    215     $activity_allowedtags['b']    = array();
    216     $activity_allowedtags['code'] = array();
    217     $activity_allowedtags['i']    = array();
    218 
    219     $activity_allowedtags['img']           = array();
    220     $activity_allowedtags['img']['src']    = array();
    221     $activity_allowedtags['img']['alt']    = array();
    222     $activity_allowedtags['img']['width']  = array();
    223     $activity_allowedtags['img']['height'] = array();
    224     $activity_allowedtags['img']['class']  = array();
    225     $activity_allowedtags['img']['id']     = array();
    226 
    227     $activity_allowedtags['span']                   = array();
    228     $activity_allowedtags['span']['class']          = array();
    229     $activity_allowedtags['span']['data-livestamp'] = array();
    230 
    231     $activity_allowedtags['ul'] = array();
    232     $activity_allowedtags['ol'] = array();
    233     $activity_allowedtags['li'] = array();
    234 
    235205    /**
    236206     * Filters the allowed HTML tags for BuddyPress Activity content.
     
    240210     * @param array $value Array of allowed HTML tags and attributes.
    241211     */
    242     $activity_allowedtags = apply_filters( 'bp_activity_allowed_tags', $activity_allowedtags );
     212    $activity_allowedtags = apply_filters( 'bp_activity_allowed_tags', bp_get_allowedtags() );
    243213    return wp_kses( $content, $activity_allowedtags );
    244214}
Note: See TracChangeset for help on using the changeset viewer.