By default, WordPress strips out any content that might be unescaped HTML in comments from unregistered users, which is good to protect against XSS, but it unnecessarily extends that filtering into <pre> elements too. On my blog, where almost every post generates comments that benefit from HTML code snippets, that filtering has caused my users (and myself) lots of frustrating trouble.
Is there a way to “fix” that overly aggressive filtering inside <pre> elements within unregistered comments, without disabling it for the rest of the comment? Preferably, in a way that survives upgrades.
2 Answers
a small solution; the highlighting was in my blog via javascript
function pre_esc_html($content) {
return preg_replace_callback(
'#(<pre.*?>)(.*?)(</pre>)#imsu',
create_function(
'$i',
'return $i[1].esc_html($i[2]).$i[3];'
),
$content
);
}
add_filter(
'the_content',
'pre_esc_html',
9
);
