HTML elements in comments (of non-logged in users)

  • I’m running into an issue that is perplexing to me, and I’m curious if it is a WordPress feature that I simply wasn’t aware of.

    When a visitor to my site adds a comment, they are presented with a simple textarea, and not given any (easy) way to add formatting via HTML or any other method.

    When I reply (generally via the admin UI), there are a limited number of buttons that allow for simple HTML formatting – a, ol, ul, li, etc. – essentially the same toolbar as is available here as I type this question.

    Today, I was editing a comment from a visitor (not a logged in user), to convert a manually numbered list to an actual ol. However, when I submitted the updated comment – again, in the admin UI, as an admin – the HTML elements for the list (and items) were stripped.

    Confounded, I tried adding my own comment (me, an admin, as the author). Worked fine.

    So, questions:

    1. is this expected?
    2. Is there a way to allow for simple HTML elements in visitor (not logged in users) comments?

    Thanks!
    Dan

    • This topic was modified 2 years, 4 months ago by turbodb.
Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @turbodb ,
    Could you add your website’s URL and the theme it is using? It would be helpful for answering your question.

    is this expected?

    Yes.

    Is there a way to allow for simple HTML elements in visitor (not logged in users) comments?

    WordPress already has this built-in, with two caveats:

    1. You and WordPress apparently differ on what should be considered “simple HTML elements” ??
    2. No toolbar is provided on the comment form at all, so commenters need to type in the HTML tags!

    By default, WordPress only allows (last time I checked) the following HTML elements and attributes:

    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Of course, being an open-source software, you can always add to this list of allowed codes and even show the Quicktag toolbar on the comment form via custom PHP programming. And being WordPress, there are likely plugins out there that can help with this.

    • This reply was modified 2 years, 4 months ago by George Appiah.
    Thread Starter turbodb

    (@turbodb)

    @olgabulat – My site is https://adventuretaco.com, and the comment form is available on most pages (posts) off of the home page. I’ve also uploaded a screenshot of the Admin UI I have for modifying comments that have been posted; it is this UI where *some* of the elements are stripped if the original commenter is not a logged in user, even when I make the edits as an admin:

    https://imgur.com/a/3fAmdwf

    @gappiah – Thanks. So, some follow-ups based on your response:

    1. You mention that this is expected. I should have been more precise with my question: Is the fact that different elements work for logged in users vs. visitors expected? (it seems logged in users can use <ol>, <li> at least.
    2. As far as a toolbar being provided – I’m actually 100% good with no HTML coming from my site visitors ??. What I’m surprised about is that when I edit their comment (as a WP admin), that elements are stripped from the comment content. I would think that when editing through the admin UI, I’d be able to use any of the elements on the toolbar, even if the post was originally from a non-logged in visitor. Is the behavior documented somewhere?

    Thanks for the quick reply!

    You mention that this is expected. I should have been more precise with my question: Is the fact that different elements work for logged in users vs. visitors expected? (it seems logged in users can use <ol>, <li> at least.

    Yes, but it’s not just the login state per se, but also the user role.

    I just tested this, and only users with the Editor and Administrator roles can post any HTML… and that’s because these roles have the unfiltered_html capability.

    So even logged-in users with the Author, Contributor and Subscriber roles (and, of course, commenters with no role and thus not logged-in) cannot post HTML other than the allowed tags.

    Please WordPress Roles and Capabilities.

    As far as a toolbar being provided – I’m actually 100% good with no HTML coming from my site visitors ??. What I’m surprised about is that when I edit their comment (as a WP admin), that elements are stripped from the comment content. I would think that when editing through the admin UI, I’d be able to use any of the elements on the toolbar, even if the post was originally from a non-logged-in visitor. Is the behavior documented somewhere?

    I don’t have any documentation on this. But I was able to reproduce this as well, even when the post was originally posted by a user with the Author role.

    And, yes, I would expect that when a comment is edited, the capability of the user editing the comment would be used, and not that of the original poster. But, apparently, this is not the case… it seems the original poster’s capability is still used. But, again, I couldn’t find any documentation on this.

    Thread Starter turbodb

    (@turbodb)

    Thanks @gappiah. Nice to get confirmation that it’s not something weird with my setup/some plugin misbehavin.

    Cheers!

    Same problem…. suddenly with the new update (6.1.1, from something a few months ago) non-logged-in users can’t enter into comments HTML like <span class=”> that they could before. I look at kses.php and see that <span> and class=” seem to be allowed, and hours of digging through code hasn’t been fruitful.

    I’d very much appreciate an idea where to look. I particularly need to allow the CLASS attribute for <p>, <div>, and <span>….

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘HTML elements in comments (of non-logged in users)’ is closed to new replies.