WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#8786 closed feature request (wontfix)

Add option to disable unfiltered_html for all users (and explain it in the process)

Reported by: jeremyclarke Owned by: ryan
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

Right now the unfiltered_html capability is really confusing to users and admins. It's not explained anywhere and it can have really annoying effects, including admins being unable to reproduce html stripping that their users are reporting, which is frustrating for everyone involved.

I think that a concise checkbox setting in SETTINGS > WRITING would make a really big difference to these problems. It could simultaneously offer an easy way for admins on sites where JS etc are neccessary to loossen restrictions (without installing the Role Manager plugin just for that, which is annoying and causes compatibility problems) and it would put the fact that different user levels have different filters in front of admins in a way that will let them know that it exists at all (its pretty silent at the moment).

My proposed text for the setting (it would go in the 'Formatting section'):

"[x] Let all users post unfiltered html ( allow <style>, <div> ...others)".

I think it would fit well with the other formatting options and have little cluttering effect (geez, that emoticon one is still there?). It would also have the above-mentioned effect of making admins aware that some users don't have full HTML privileges and let them know exactly what tags are and aren't allowed for some users.

The effect of the option would be to give all roles the freedom to use forbidden html tags. Either by lowering the user_level needed to access it or by modifying the serialized roles option in wp_options.

Admittedly this setting might be controversial (Jacob Santos expressed paranoia about it in IRC) because it could encourage people to loosen security, but I think the benefits outweigh the dangers:

  • a lot of setups really don't have to worry about security as much as they do about inexpliccable formatting problems (which WP is famous for, probably in large part due to the effects of unfiltered_html).
  • in the absence of this option, a lot of sites probably just increase the role of all users to admin because they don't understand the problem, which is definitely not a good solution.
  • if you use roles that can't publish (like the default 'contributor') you are probably reading through the posts anyway, so you might not care about js because you can catch it yourself.


Thanks for reading. I don't have a patch or anything but it seems like it would probably be relatively simple. The main concern would probably be keeping it safe for use with the other capability-modifying plugins, which shouldnt' be too hard.

Change History (3)

comment:1 @jacobsantos6 years ago

  • Milestone changed from 2.8 to 2.9
  • Type changed from defect (bug) to feature request

No patch, sending to 2.9, since it is a feature request and should be debated elsewhere.

comment:2 @Denis-de-Bernardy6 years ago

I'd say wontfix.

The use-case you suggest deals with admins not being able to reproduce what users are saying because kses allows them to post anything. But the checkbox you suggest would make all contributors eligible to insert scripts into the site. It's not very desirable.

At the very most, we'd want a verbose option that offers to disable unfiltered html for roles that have it. But in this case, we'll end up introducing even more confusion...

comment:3 @Denis-de-Bernardy6 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

you can additionally override this with a plugin.

Note: See TracTickets for help on using tickets.