Removes a lot of HTML tags from post and page content before inserting it to database. Preventing users to paste undesired HTML tags to content.
WordPress do a great job by default filtering potentially dangerous code inside your content. So this plugin is NOT about security.
But people can break your site design without compromising your security… That’s the purpose of this little plugin.
Do you have users that creates content for you?. Do you own an online Magazine?
If you answer yes to at least one of the above questions, I’m sure you have minor design troubles in your site because of your users using copy/paste (ofcourse without using TinyMCE buttons to remove code) while not being aware of all the HTML tags they are pasting…
This plugin simply removes a lot of HTML tags (and non breaking space HTML entitie) from post and page content before inserting it to database. Preventing users (including you) to paste undesired HTML tags to the content.
It only does his work while you’re editing your post/page (it can be in any status). So it’ll do the job on the new post/pages you create after the activation of the plugin and in old content that you edit after the plugin activation.
These are the HTML tags that stays:
<p>
<a> (allowed attributes: href, title).
<img> (allowed attributes: src, alt, class).
<h1>
<h2>
<h3>
<h4>
<h5>
<h6>
<blockquote>
<ol>
<ul>
<li>
<em>
<strong>
<del>
<code>
<ins>
Any other HTML tag (or attributes) and (non breaking space) should be removed.
Users with ‘unfiltered_html’ WP core capability (by default administrator and editor roles), will be excluded from the filter.
NOTE: This program is distributed under GPL2 licence in the hope that it will be useful, but WITHOUT ANY WARRANTY. I’m not responsible of ANY trouble or damage your site may have due to the use of this plugin. YOU and only YOU are responsible of your site and having backups and restoration plans. If you use this plugin you’re accepting this.
wp-content/plugins/
directory of your WordPress installation (or install it directly from your dashboard) and then activate the plugin from Plugins page.Maybe… But the question is… WTF are you using anything older than that?
Starting from Safe Paste 1.1.7 you can use the filters safepaste_allowed_tags and safepaste_allowed_protocols to add a snippet to your theme functions.php file (or create a child theme).
The format used to pass the tags and protocols is the same that uses the wp_kses() function.
Examples:
add_filter( 'safepaste_allowed_tags', 'my_custom_tags'); function my_custom_tags( $allowed_tags ) { //Add <b> to allowed tags $allowed_tags['b'] = array(); return $allowed_tags; } add_filter( 'safepaste_allowed_protocols', 'my_custom_protocols'); function my_custom_protocols( $allowed_protocols ) { //Add ftp to allowed protocols $allowed_protocols[] = 'ftp'; return $allowed_protocols; }
By default only ‘post’ and ‘page’ post types are filterd by Safe Paste. But you can use the safepaste_post_types filter to set modify this.
Example:
add_filter( 'safepaste_post_types', 'my_custom_post_types'); function my_custom_types( $types_to_filter ) { //Add book post type $types_to_filter[] = 'book'; return $types_to_filter }