In some versions of WordPress there is a filter that strips some tags from the html code. If you want to remove this filter just open wp-includes/kses.php and find this row:
function kses_init_filters() { // Normal filtering. add_filter('pre_comment_content', 'wp_filter_kses'); add_filter('title_save_pre', 'wp_filter_kses'); // Post filtering add_filter('content_save_pre', 'wp_filter_post_kses'); add_filter('excerpt_save_pre', 'wp_filter_post_kses'); add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); }
and comment out the rows that you need:
function kses_init_filters() { // Normal filtering. add_filter('pre_comment_content', 'wp_filter_kses'); add_filter('title_save_pre', 'wp_filter_kses'); // Post filtering //add_filter('content_save_pre', 'wp_filter_post_kses'); add_filter('excerpt_save_pre', 'wp_filter_post_kses'); //add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); }
Then if you save the post in html it’s OK, but if you switch to normal view and then go back to html view the tags could be stripped again. This hapens most likely from the MCE Editor and to resolve this issue you could install a plugin called TinyMCE Valid Elements or some similar plugin.
Is there a way to do this without altering the core? I’ve created a new user role in our WordPress theme and our users need to be able to embed YouTube Videos. I tried adding ‘unfiltered_html’ => true to our add_role array but it’s not working. I’ve done some googling and I’m thinking that doesn’t work because we’re working in a network (multisite) environment.
You can accomplish essentially the same thing without editing the core by simply calling kses_remove_filters(). More info here: http://endorkins.com/2013/08/27/disable-wordpress-kses-to-prevent-html-filtering/
It should be noted KSES strips evil scripts, and if any process lets users create posts on the site they could bypass this security filter and add nasty hacks to your site.
Naturally in a production site you should *never* edit wp core as this suggests, but rather run remove_filter function in specific instances it should not filter.
Thank you KAV.. this is saving my headache