How much do we trust user input? Not. At. All. That’s how much we trust user input. You just don’t know where they’ve been!
WordPress has such a plethora of functions for escaping and filtering input and output, that I’m always discovering new possibilities. One I found recently is
wp_kses, which allows you to strip out all HTML leaving only a limited set of allowed elements and attributes.
Continue reading Filtering HTML to exclude all but a small number of HTML elements and attributes
Yesterday I was explaining how I created a user role to edit a particular post type and only that post type. Today I want to show how you can use Mark Jaquith‘s excellent WP Help plugin to support these users. The issue I wanted to solve is that a freshly installed copy of WP Help only shows up for users with the
edit_posts capability (i.e. any users who can access and edit posts on your WordPress site).
Continue reading Extending WP Help to users who can’t edit_posts