O'Reilly

Allow More HTML Tags in WordPress Comments

By on  

WordPress allows a select few HTML tags within the content of post comments.  This is an awesome feature, of course, because it prevents XSS security holes and other malicious code from being injected by spammers, hackers, and jerks.  Unfortunately there are many other tags that bloggers may want to support;  for example, tech bloggers may want to support PRE tags so commenters can post code.  Luckily it's quite easy to allow more tags within your WordPress comments:

// Create function which allows more tags within comments
function allow_pres() {
	global $allowedtags;
	$allowedtags['pre'] = array('class'=>array());
}

// Add WordPress hook to use the function
add_action('comment_post', 'allow_pres');

The global $allowedtags variable holds an array of allowed comment tags, so adding the pre key will allow PRE elements within comments.  The class key within the pre array allows the class attribute for any PRE tags posted within the comment, so not only can you allow additional HTML tags, but you can also specify allowed attributes too!  This function is added to the comment_post hook (same hook that AJAX comments use) so as to only add desired tags when a comment is posted.

Treehouse Learning

Recent Features

  • Introducing MooTools Templated

    One major problem with creating UI components with the MooTools JavaScript framework is that there isn't a great way of allowing customization of template and ease of node creation. As of today, there are two ways of creating: new Element Madness The first way to create UI-driven...

  • How I Stopped WordPress Comment Spam

    I love almost every part of being a tech blogger:  learning, preaching, bantering, researching.  The one part about blogging that I absolutely loathe:  dealing with SPAM comments.  For the past two years, my blog has registered 8,000+ SPAM comments per day.  PER DAY.  Bloating my database...

Incredible Demos

  • Duplicate the jQuery Homepage Tooltips Using Dojo

    The jQuery homepage has a pretty suave tooltip-like effect as seen below: Here's how to accomplish this same effect using Dojo. The XHTML The above HTML was taken directly from the jQuery homepage -- no changes. The CSS The above CSS has been slightly modified to match the CSS rules already...

  • iPad Detection Using JavaScript or PHP

    The hottest device out there right now seems to be the iPad. iPad this, iPad that, iPod your mom. I'm underwhelmed with the device but that doesn't mean I shouldn't try to account for such devices on the websites I create. In Apple's...

Discussion

  1. Richard

    Awesome :P

  2. I’m still pretty new to custom functions within WordPress. I tried adding the code to the functions file, but for some odd reason, I still am unable to use the “pre” tag in my template. Any ideas/suggestions?

    • ^trying to allow them in comments

  3. Sven

    Very useful tip, thanks!

    Any way to remove tags from comments?

  4. Is there a wordpress plugin that would allow us to add these HTML tags instead of dorking with the code? Code changes are great but are obliterated when the core gets updated.

    • It would be a simple plugin but I’m not aware of one.

  5. Never thought that this would be that easy! Cool!

  6. toma

    How to add more tags like p or br ?

    Thanks

  7. Thanks David, this works. However I’m wondering if it is safe to allow [pre] in comments? Is there any additional filtering we should be doing to prevent XSS vulnerabilities? Actually I’m wondering why WordPress removed the [pre] tag if it’s safe to allow in comments…any thoughts?

    Thanks again

  8. bart

    Hello,

    do you know how to allow use a word in comments?

  9. bart

    do you know how to allow use a span style display:… in comments? in the previous my comment i put it in the correct html and comments was filtered..

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!