Adding code to allow an iframe in WordPress

I know there are security risks, a bad implementation, bad user experience, etc, but sometimes the client insists on it. Here is how allow iframes in posts and pages:

add_filter( 'wp_kses_allowed_html', 'ar_allowed_tags_filter', 1, 1 );
function ar_allowed_tags_filter( $allowed_tags ) {
	if ( ! current_user_can( 'publish_posts' ) ) {
		return $allowedposttags;
	}
	$allowed_tags['iframe'] = array(
		'align'        => true,
		'class'        => true,
		'frameborder'  => true,
		'height'       => true,
		'id'           => true,
		'name'         => true,
		'marginheight' => true,
		'scrolling'    => true,
		'src'          => true,
		'style'        => true,
		'marginwidth'  => true,
		'width'        => true,
	);

	return $allowed_tags;
}

2 Comments

  1. Colin on October 20, 2015 at 7:46 pm

    Man, thanks so much, because I had no idea this was a feature and not a bug when I finally ran into this.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.