Subscribe to Articles

Knowledge Base > Post Templates > How to Include Blocked HTML Tags

 

How to Include Blocked HTML Tags

Category: Post Templates Tags: embed, form, frames, html, javascript, object, Post Templates, tags, video

Mar 10, 2010

For security reasons AutoBlogged strips out certain HTML tags by default. These filtered tags include those for embedding objects, forms, frames, and scripts. It would be fairly simple for someone to inject malicious content into your blog using these tags.

However, if you only pull content from trusted sources, you can configure AutoBlogged to allow certain tags. This is useful, for example, to include content such as videos embedded using the OBJECT tag.

To include these tags, you need to open autoblogged.php in a text editor and search for this code block:

define("ALLOW_OBJECT_AND_EMBED_TAGS", false);  // Allows object, embed, param
define("ALLOW_FORM_TAGS", false);  // Allows form, input
define("ALLOW_FRAME_TAGS", false); // Allows frame, iframe, frameset
define("ALLOW_SCRIPT_TAGS", false); // Allows class, expr, script, noscript...

These settings allow you to include specific sets of tags by changing the false to true. For example, if you want to include videos that use the OBJECT or EMBED tags, change the first line to this:

define("ALLOW_OBJECT_AND_EMBED_TAGS", true);  // Allows object, embed, param

After editing these settings, save the file and upload the changes to your server.

It is important to note that if you use the %excerpt% variable in your post template, these settings will have no effect. This is because the %excerpt% variable is simply a text-only excerpt of the content. If you wish to include these HTML tags, you should use other variables such as %content%, %description%, or %content:encoded%, depending on how your feed is configured.  Note also that AutoBlogged may not automatically recognize certain embedded videos, so the %video% variable may not work properly.

Right below this section there are also two other related settings:

// This turns off all HTML tag and attribute filtering.
define("ALLOW_ALL_TAGS", false);

If you set this value to true, all HTML tags will be included in each post. We certainly do not recommend this setting.

// Set the next line to true if you want HTML tags encoded rather than stripped out
define("ENCODE_INSTEAD_OF_STRIP", false);

This setting will include all HTML tags, but will encode these tags to deactivate them. Encoded HTML will display as part of the content. This is useful, for example, when the content contains unencoded code samples.

// This turns off all HTML tag and attribute filtering.
define(“ALLOW_ALL_TAGS”, false);

// Set the next line to true if you want HTML tags encoded rather than stripped out
define(“ENCODE_INSTEAD_OF_STRIP”, false);


Share:
image image image image image image

Comment Form