Disable WordPress’ KSES to prevent HTML filtering

WordPress has a healthy bit of functionality that filters out dangerous HTML tags from posts and comments. The super-helpful recursive acronym sheds a bit of light on what KSES filtering does – KSES Stops Evil Scripts.

This is all fine and dandy until you decide that you don’t want WordPress to perform this filtering. Perhaps you’re in a controlled environment, or in our case, doing a deep integration between two systems.

None of this is really a problem until you hit up Google and find some pretty solid misinformation. The first hit (right now, for me, at least) states that KSES is not the problem:

And this isn’t really a problem (who trusts this hippie with long hair, anyway?) until you realize that Matt Mullenweg’s name looks familiar because, uhh, he practically invented WordPress.

But then you catch a glimmer of hope – you see the text, “Posted 8 years ago”.  Eight years?! Hmm… Perchance this information is a bit outdated?

The sole reason I am writing this post is in the hopes that it can unseat the current dictator for Google searches for “disable kses”.  If my coup is successful, developers everywhere might be able to spend less time being burned by WordPress’ idiosyncracies (kses, wpautop, WP magic quotes, etc) and more time playing with puppies.

The problem

Yes.  KSES does apply to comments and posts.  Copied straight from the source:

function kses_init_filters() {
	// Normal filtering
	add_filter('title_save_pre', 'wp_filter_kses');

	// Comment filtering
	if ( current_user_can( 'unfiltered_html' ) )
		add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
	else
		add_filter( 'pre_comment_content', 'wp_filter_kses' );

	// Post filtering
	add_filter('content_save_pre', 'wp_filter_post_kses');
	add_filter('excerpt_save_pre', 'wp_filter_post_kses');
	add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
}

See those bits about “titles”, “comments”, “excerpts”, and “content”? Yes, all of these things are affected by our nasty nemesis, KSES, or, if you’d like to use its full name, kses_init_filters().

The solution

Rejoice! There is a solution!

kses_remove_filters()

Yup. That’s it. Srsly. If you want to be nice and restore KSES once you’re done doing your sneakybusiness, you can just call kses_init_filters() to restore the filters again.

So, to make this super clear:

//A sad place
kses_remove_filters();

//Puppies!  Happily create/update posts without WordPress munging your HTML.

kses_init_filters();
//Back to the sad place

Have fun with the puppies!

3 thoughts on “Disable WordPress’ KSES to prevent HTML filtering”

  1. Found it. Placed the kses_remove_filters(); in the import_posts() function in the RssImporter plugin by editing it.

  2. hello,

    i have this problem with the filters and i want madly to solve it….

    please tell me step by step what can i do because i am begginer not expert.

    i want to remove the filters and appearing my embed youtube or etc codes after importing….

Comments are closed.