In this tutorial I will show you how to display the WordPress default allowed HTML Tags list for the comment form on your WordPress blog, as shown in the image below:
Also, I will show you how to modify the allowed HTML tags and attributes list to fit your needs. I will show you how to remove tags from the default list and how to add HTML tags to the list for the Comment textarea in WordPress.
Do you know that readers can use some HTML tags in the comment section? Specifically in the Comment´s textarea? To make things easier for your readers, you should notify them about what HTML tags they can use in the comment form.
Display/Show Allowed (X)HTML Tags in WordPress Comments
In order to make things convenient for your readers, you should notify them about what (X)HTML tags they can use in the comment form. Here is a simple way to do it.
Open comments.php file located in your theme´s folder, and add the following CODE-1 to below the comment´s textarea. Save the file and upload it to the server.
CODE-1 :: comments.php File
The allowed_tags() function is defined in wp-includes/general-template.php of your WordPress directory. This function calls the $allowedtags global variable defined in wp-includes/kses.php. The allowed_tags() function displays all of WordPress default allowed HTML tags with their respective attributes.
It is preferable to use CSS for styling as a better approach than using the <strong> tag.
In some themes, the allowed_tags() function is just commented out. In this case, all you have to do is Uncommenting that line of code, in order to show what HTML tags are allowed to use in the Comment textarea.
If the below line of code (or something similar) already exists in your theme´s comments.php file, then all you have to do is to Uncomment it (meaning remove <!–– from the beginning of the line AND ––> from the end of the Line. That´s ALL.
Note: The allowed_tags() function merely shows the user what are the allowed HTML tags for WordPress comment textarea. Commenting this function out or removing it from comments.php file does not prevent a knowledgeable WordPress user from using the default WordPress allowed HTML tags in the Comment textarea. This function merely displays the tag on the browser´s window, it does not prevent the user from using them. Hidden tags does not mean that they can´t be used.
Real Example | Diary Theme
To give you an example. One of the themes I am using for this Blog is the Diary Theme. Below is where I added CODE-1 in the comments.php file. Some sections of the file are removed for brevity.
comments.php File :: Diary Theme
Note: To scroll within the code, you can also click on the code window and use your keyboard´s arrow keys.
In other themes and theme frameworks, you can display the allowed HTML tags in the comment section by changing the theme´s setting in WordPress dashboard. In this case, CODE-1 is NOT needed.
For example, for this blog I am also using the Clear Line Theme. The below image shows you where to change the setting.
In the case of this blog, which is beyond the scope of this tutorial, I did modify comments.php file for the Clear Line Theme, since I also wanted to show what shortcodes commenters can use.
For WordPress Version 3.3.1, the default allowed HTML tags list for comments are the following:
<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
The above list is what is allowed and displayed by default. The code that lists the above HTML tags in Comments is located in kses.php file in wp-includes folder of your WordPress directory. The code can also be found at WordPress Trac. The code is displayed below for your convenience (with some modifications from the original):
kses.php File :: CODE-default :: default $allowedtags global variable for the Comment Textarea :: WP 3.3.1
How To: Remove HTML Tags from the Allowed Default List
As I said before, the default set of allowed HTML tags and attributes for blog comments are stored in the $allowedtags global variable.
If you want to remove some of the allowed HTML tags and attributes from the default list. You can either add CODE-2 to your functions.php, or you can hack the kses.php file. Of course, modifying the kses.php file is not advisable, since you will loose your changes on the next WordPress version upgrade.
The second option is to add the following code to your theme´s functions.php file.
CODE-2 :: functions.php File
CODE-2 will override WordPress default allowed HTML tags list set in kses.php file. Feel free to modify the tags list to fit your needs.
The result of CODE-2 is shown in the image below:
Some theme frameworks have more variations of the functions.php file, so look at their documentation and see where best to add the code.
What will happen to the Non-allowed tags? The non-allowed tags will be removed, and in the case of the img tag for example, the image will not be displayed.
How To: Add HTML Tags to the Allowed Default List
By default, WordPress prevents potentially harmful and/or invalid HTML tags and attributes from the Comments Section. But in some cases you might need to add some HTML tags to the allowed list. Meaning, you want to add HTML tags that are not originally defined in the $allowedtags list.
I would advice against adding any HTML tags to the allowed list not already approved by WordPress. There is a reason they are not allowed in the first place. But if you insist, open your theme´s functions.php file, and add (copy and paste) the following code.
CODE-2A :: functions.php File
The <pre> and <p> tags are just an example. These tags were not included in the default list (in CODE-default). You can add any tags you like, but as I said, I would not advice this, unless you really have to.
You can use either CODE-2 or CODE-2A but NOT both.
When you add several PHP code blocks in your theme´s funtions.php file, make sure that you don´t leave any white space (spaces, newline) before the opening PHP tag or after the closing PHP tag. Like so (the correct way):
In the above code, if you leave any white space or a newline between lines 4 and 5, you will get the following error: Warning: Cannot modify header information – headers already sent by (… , in your login screen and after you login to your WordPress dashboard.
Your Turn to Talk
In this tutorial, I showed you how to display the allowed (X)HTML Tags in WordPress Comment section, to make it easier for your users. Also I showed how to unobtrusively modify the WordPress default Allowed Tags list for the Comment textarea by either removing tags from the default list or adding tags to the list.
If you have something to add, or anything else to say, please share it in the comment section. Your opinion matters, unless it is a Spam.