Allowed HTML tags and attributes in Editor field

Support articles → Simple Fields

If you are using Editor field in your meta boxes, you should know, that by default it doesn’t allow users to input anything they want inside the field. This is made for security reasons.

The list of default tags is: <h1-h6>, <p>, <br>, <hr>, <strong>, <em>, <i>, <s>, <del>, <ul>, <ol>, <li>, <code>, <iframe> (almost all its attributes), <a> (href, target, rel attributes).

But the list of supported tags can be changed with simple_sanitize_editor_allowed_html. For example let’s add class attribute for <h1> and <a> tags.

add_filter( 'simple_sanitize_editor_allowed_html', function( $tags ) {
	// this will allow only class attribute for <h1>
	$tags[ 'h1' ] = array( 
		'class' => true,
	);
	// this will allow all existing attributes plug class attribute for <a>
	$tags[ 'a' ][ 'class' ] = true;
	
	return $tags;
} );

Or maybe you would like to remove support of <iframe>:

add_filter( 'simple_sanitize_editor_allowed_html', function( $tags ) {
	unset( $tags[ 'iframe' ] );
	return $tags;
} );

As you would’ve guessed my plugin uses wp_kses() WordPress default function to sanitize HTML of Editor field. So you can find more examples there.