Filtering HTML to exclude all but a small number of HTML elements and attributes

How much do we trust user input? Not. At. All. That’s how much we trust user input. You just don’t know where they’ve been!

WordPress has such a plethora of functions for escaping and filtering input and output, that I’m always discovering new possibilities. One I found recently is wp_kses, which allows you to strip out all HTML leaving only a limited set of allowed elements and attributes.

Continue reading Filtering HTML to exclude all but a small number of HTML elements and attributes

Extending WP Help to users who can’t edit_posts

Yesterday I was explaining how I created a user role to edit a particular post type and only that post type. Today I want to show how you can use Mark Jaquith‘s excellent WP Help plugin to support these users. The issue I wanted to solve is that a freshly installed copy of WP Help only shows up for users with the edit_posts capability (i.e. any users who can access and edit posts on your WordPress site).

Continue reading Extending WP Help to users who can’t edit_posts