Does this plugin work on multisite installations?

Multisite limits the HTML tags the users can use. Having this plugin and adding more advanced functionality/buttons will insert some tags or attributes that will be removed on saving.

It is possible to allow multisite users to add these tags and attributes, but that makes the network unsafe.

So, in brief: this plugin it’s not recommended to use in multisite environments, except if I trust the users. right?

Hello, I wanted to revisit this thread to ask a simple question. What elements from TinyMCE could be potentially dangerous in a multisite environment? is there any uploader for photos or attachments? What features would recommend to keep disabled even if a trust the users and even if I’m the webmasters for the entire network of websites?

I’m asking this because I really, really, would like to use the plugin in several websites that nowadays are inside MU. So, your answers will be greatly appreciated.

@marcelo if it helps I can confirm that I’ve used this plugin on a few multisite installations without any problems.

I think (correct me if I’m wrong Andrew) that Andrew means the plugin theoretically could allow users to embed scripts, iframes and object tags, which could compromise the whole MU installation. You should be able to mitigate this by restricting access to the plugin settings using roles though.

ok then. If Andrew confirm, it shouldn’t be a problem. I have to multisite where I’m the webmaster and all the users are editors, contributors and guests. It shouldnt pose a problem, right? If the features to embed scripts, iframes and object tags is disabled, it cannot be used by users. Neither it can be exploited if a bot scan one of these sites and encounter it is using the plugin, right?

It’s not much of a security concern as all content is run through kses. It’s a user expectations problem: if a user enables the “media” plugin and uses it to add an <iframe>, that will be stripped on saving by kses.

I’ve been working on a new major version for some time, one of the new features there is to predetermine the buttons for all sites on a network and show a minimal settings page to admins on individual sites. Then the superadmin can decide what will be available and adjust kses if needed.