关于OptionsFramework主题选项框架过滤常用标签
相信很多主题作者,在使用Options Framework主题选项框架时都遇到一个棘手的问题,就是该框架出于安全会过滤掉常用标签,最关键是过滤掉加载 javascript的常用标签,造成无法添加广告及站点统计代码,虽然通过使用编辑器模式替代textarea文本域,可解决上述问题,但主题控制面板都是编辑器窗口看上去有些怪异。
其实官方已给出解决办法:展开收缩
Options Framework: Sanitization Filters
- /*
- * This is an example of how to override a default filter
- * for ‘textarea’ sanitization and $allowedposttags + embed and script.
- */
- add_action(‘admin_init’,’optionscheck_change_santiziation’, 100);
- function optionscheck_change_santiziation() {
- remove_filter( ‘of_sanitize_textarea’, ‘of_sanitize_textarea’ );
- add_filter( ‘of_sanitize_textarea’, ‘custom_sanitize_textarea’ );
- }
- function custom_sanitize_textarea($input) {
- global $allowedposttags;
- $custom_allowedtags[“embed”] = array(
- “src” => array(),
- “type” => array(),
- “allowfullscreen” => array(),
- “allowscriptaccess” => array(),
- “height” => array(),
- “width” => array()
- );
- $custom_allowedtags[“script”] = array();
- $custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags);
- $output = wp_kses( $input, $custom_allowedtags);
- return $output;
- }
不过这个实例只是不过滤<script>标签,像这种:
- <script type=“text/javascript” src=“zmingcx.js”></script>
还是会过滤掉type、src等标签,可能造成JS文件不能正常加载。
下面是经过我修改的完整不过滤 javascript 常用标签代码:展开收缩
- /*
- * This is an example of how to override a default filter
- * for ‘textarea’ sanitization and $allowedposttags + embed and script.
- */
- add_action(‘admin_init’,’optionscheck_change_santiziation’, 100);
- function optionscheck_change_santiziation() {
- remove_filter( ‘of_sanitize_textarea’, ‘of_sanitize_textarea’ );
- add_filter( ‘of_sanitize_textarea’, ‘custom_sanitize_textarea’ );
- }
- function custom_sanitize_textarea($input) {
- global $allowedposttags;
- $custom_allowedtags[“embed”] = array(
- “src” => array(),
- “type” => array(),
- “allowfullscreen” => array(),
- “allowscriptaccess” => array(),
- “height” => array(),
- “width” => array()
- );
- $custom_allowedtags[“script”] = array( “type” => array(),“src” => array() );
- $custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags);
- $output = wp_kses( $input, $custom_allowedtags);
- return $output;
- }
该代码在Options Framework 1.91版中测试通过,其它较早版本未测试。