Additional tags plugin

Want to allow your users to actually use regular embed codes in html tabs or text widgets... no worries, we give you:

http://premium.wpmudev.org/project/additional-tags

Enjoy!

    Klark

    I thought allowing this on a public site is a no-no. What about security ?

    James Farmer
    • Staff
    • 851
    • #94

    I, ahem, don't personally think there are any huge security issues. But others have different opinions :)

    Ovidiu

    right, I agree with d_kc. The "public" or general consensus seems to be that offering that on a public site is a no-no. can anyone else share his knowledge about this? I was extremely surprised to find this plugin available here...

    andrea_r

    If you read the plugin, you have to specifically allow each tag you want. Or take out the ones you don't. :) There are semi-public sites that have legit uses for being a bit more open. Or public sites with no public registrations or trusted users.

    This plugin makes it easier to manage those kinds of sites, as allowing for a whole pile of varying embed codes for some niches is a huge pain in the butt otherwise.

    I don't think all plugins here would be suitable for all sites. It'd be up to you to decide that. :)

    Ovidiu

    I know Andrea, I checked the code and saw which tags are included, know we can remove some and include additional ones. Just wanted to get some opinions ;-)
    Thanks for sharing your position.

    drmike

    A lot of folks have private mu's where signups aren't allowed outside of commenters. (ie: Our *cough* adult mus for example.) This would work well for those.

    Luke

    In general, it depends on your users and your site set-up.

    Me personally, I wouldn't allow embed or script tags in a completely open set-up. While the odds may be low, the risk to me is just too great. One possibility would be to further filter based on the url (if it wasn't youtube, google, etc, then strip it), but even that could be open to potential malicious use.

    One may find they get away with it for quite a while without issue. But it only takes one time to kill it.

    That being said, I'm not surprised it's available here as this site tries to cater to as many people and uses as possible. It would of course be up to the site admin installing such a plugin to take the responsibility for it, as the plugins here are without warranty or liability. :)

    Klark

    Thanks for clarification, guys.

    Enseignement
    • 63
    • #1,758

    What would be the ones you would not allow on a public mu site ?
    How could we filter these like suggested ? (ex: just google.com / youtube / whatever).

    Benjamin

    drmike

    I think the issue is just not allowing any embed to be allowed, just specific ones from specific sites.

    andrea_r

    It depends on the site. If it's videos, then I plunk in a video plugin. :)

    Enseignement
    • 63
    • #1,758

    It's ok for videos :)
    But I need it for all the rest (google maps, deezer, popfly, etc.)

    So what's the difference with the unfiltered-mu plugin then ?
    Benjamin

    drmike

    I believe the unfiltered one allows all code to be added in, this lets you pick and choose.

    Ovidiu

    I just tried using the unfiltered plugin and adding this: `'br' => array(
    'class' => array(), 'id' => array(),
    'style' => array()
    ),` to the array but wpmu 2.6.2 is still filtering my br tags ;-( can I please have some ideas how to allow myself to insert br tags?

    Andrew
    • Erstwhile founder
    • 7,430
    • #14

    Hrm, that should be working. Which unfiltered plugin are you using?

    Thanks,
    Andrew

    Ovidiu

    well I first used the unfiltered plugin from automatic which should allow all tags, but it didn't work then I tried the additional tags plugin you published here and added the above but still didn't work.

    didn't work meaning: I edit a post with the code editor/view, enter a br tag, then switch to the wysiwyg editor then back to the code view again and the br tag is gone.

    Andrew
    • Erstwhile founder
    • 7,430
    • #14

    I edit a post with the code editor/view, enter a br tag, then switch to the wysiwyg editor then back to the code view again and the br tag is gone.

    I'm afraid that our plugin doesn't interact with TinyMCE in any way. It just interacts with kses. If TinyMCE is stripping the br tags then I'm afraid our plugin won't help.

    Thanks,
    Andrew

    Ovidiu

    ahhh, now I get it. Reading your post, I realized, I had an tinyMCE plugin activated to offer more plugins for tinyMCE itsself.
    Thx. for pushing me in the right direction :-)

    KennethJ
    • 19
    • #6,007

    Hi there - im trying to figure out how this plugin works. I have placed the additional_tags.php in /mu-plugins but nothing else.

    How do I use these new tags?

    Thanks,
    Kenneth

    drmike

    You use them in the post content that you write. It allows you the use of additional html tags in your content. (ie embeds, iframes, etc.)

    If you're running a public mu site where outsiders can sign up and create accounts, you may want to think about the use of such a plugin. For example, take a look at how blogspot has all those hacked blogs that, for example, jump you to another site when you try to view them.

    KennethJ
    • 19
    • #6,007

    Maybe im kinda slow today - but what additional tags can I use? Is there a list or do 'every' tag work?

    drmike

    iframe, object, param, embed, script, div and style. If you open up the file, you should see what's now available to you.

    wpcdn

    Revisiting a question above, is there any way to sanitize input, for example to only allow JavaScript that includes a certain string ("AdSense", "YouTube", etc.)?

    drmike

    Depends.

    For youtube, I'd just point folks to the oembed support that they now offer:

    http://codex.wordpress.org/Embeds

    For adsense, you;re going to have to create something yourself. I say that because you;re going to want to add that to the themes directly and you;re going to have to work that into your themes. You may want to look at the advert sharing plugin though. There's a sticky about this.

    I;m against using the unfiltered plugin. No matter what you do for security, you;re doing to get people playing with it, trying to find a way around it. Someone may find a way around it and that'll cause you problems.

    Hope this helps,
    -drmike

Join 366230 happy members

Get access to our entire collection of epic plugins, astonishing themes & genius support

Become a member