这里就照搬知更鸟博客的,主要是他博客的这篇文章已经看不到代码了,找了半天才找到。
以下是原文:
相信很多主题作者,在使用Options Framework主题选项框架时都遇到一个棘手的问题,就是该框架出于安全会过滤掉常用标签,最关键是过滤掉加载 javascript的常用标签,造成无法添加广告及站点统计代码,虽然通过使用编辑器模式替代textarea文本域,可解决上述问题,但主题控制面板都是编辑器窗口看上去有些怪异。
其实官方已给出解决办法:
Options Framework: Sanitization Filters /* * This is an example of how to override a default filter * for ‘textarea’ sanitization and $allowedposttags + embed and script. */ add_action('admin_init','optionscheck_change_santiziation', 100); function optionscheck_change_santiziation() { remove_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' ); add_filter( 'of_sanitize_textarea', 'custom_sanitize_textarea' ); } function custom_sanitize_textarea($input) { global $allowedposttags; $custom_allowedtags["embed"] = array( "src" => array(), "type" => array(), "allowfullscreen" => array(), "allowscriptaccess" => array(), "height" => array(), "width" => array() ); $custom_allowedtags["script"] = array(); $custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags); $output = wp_kses( $input, $custom_allowedtags); return $output; }不过这个实例只是不过滤<script>标签,像这种:
<script type="text/javascript" src="zmingcx.js"></script>还是会过滤掉type、src等标签,可能造成JS文件不能正常加载。
下面是经过我修改的完整不过滤 javascript 常用标签代码:
/* * This is an example of how to override a default filter * for ‘textarea’ sanitization and $allowedposttags + embed and script. */ add_action('admin_init','optionscheck_change_santiziation', 100); function optionscheck_change_santiziation() { remove_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' ); add_filter( 'of_sanitize_textarea', 'custom_sanitize_textarea' ); } function custom_sanitize_textarea($input) { global $allowedposttags; $custom_allowedtags["embed"] = array( "src" => array(), "type" => array(), "allowfullscreen" => array(), "allowscriptaccess" => array(), "height" => array(), "width" => array() ); $custom_allowedtags["script"] = array( "type" => array(),"src" => array() ); $custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags); $output = wp_kses( $input, $custom_allowedtags); return $output; }该代码在Options Framework 1.91版中测试通过,其它较早版本未测试。
个人感觉默认过滤常用标签根本没这个必要,可能就是在故意难为我这样的二把刀主题作者。
因为爱游博客使用的是自建的umami统计(Docker搭建自己的网站统计工具umami),所以还是得改下才能用代码如下:
//允许脚本和嵌入标签,设置中可以加入js统计代码
add_action('admin_init','optionscheck_change_santiziation', 100);
function optionscheck_change_santiziation() {
remove_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' );
add_filter( 'of_sanitize_textarea', 'custom_sanitize_textarea' );
}
function custom_sanitize_textarea($input) {
global $allowedposttags;
$custom_allowedtags["embed"] = array(
"src" => array(),
"type" => array(),
"allowfullscreen" => array(),
"allowscriptaccess" => array(),
"height" => array(),
"width" => array()
);
$custom_allowedtags["script"] = array( "type" => array(),"data-website-id" => array(),"src" => array() );
$custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags);
$output = wp_kses( $input, $custom_allowedtags);
return $output;
}
以上代码放置在主题的functions.php文件即可生效。
原文链接:https://www.vipiu.net/archives/2023/10/24/19748.html,转载请注明出处。
请先 !