Site icon Dhanendran's Blog

Allow iFrames and Scripts tags in WordPress Editor

When you are trying to embed iFrames and Scripts tags in your post, WordPress won’t allow you to do so. It’s mainly because of the security reason. Users might add unsecured iFrames which may show unrelated content or tries to access the paren site content or the script tag might add anonymous JS file to the site which may hack the user details.

If you decided to allow them on your site you can do so. But you should be very careful on what URL you are adding to the site. WordPress allows you to modify the allowed HTML tags which will be added to the post edit screen.

wp_kses_allowed_html will allow you to add these two HTML tags. Add the following code to your functions.php file to enable them.

 

// allow script & iframe tag within posts
function allow_iframe_script_tags( $allowedposttags ){
    $allowedposttags[‘script’] = array(
        ‘type’ => true,
        ‘src’ => true,
        ‘height’ => true,
        ‘width’ => true,
    );

    $allowedposttags[‘iframe’] = array(
        ‘src’ => true,
        ‘width’ => true,
        ‘height’ => true,
        ‘class’ => true,
        ‘frameborder’ => true,
        ‘webkitAllowFullScreen’ => true,
        ‘mozallowfullscreen’ => true,
        ‘allowFullScreen’ => true
    );

    return $allowedposttags;
}
add_filter( ‘wp_kses_allowed_html’, allow_iframe_script_tags, 1 );

That’s all. Now you can able to add iFrames and script tags into your post 🙂

Exit mobile version