How to disable HTML in WordPress comments without a plugin.

By /

The code presented is a WordPress code snippet that modifies the behavior of comments on a WordPress site. Specifically, it modifies the content of the comments to sanitize and escape any malicious or unintended input that could be submitted by users.

function wpb_comment_post($incoming_comment)
{
  $incoming_comment[\'comment_content\'] = htmlspecialchars($incoming_comment[\'comment_content\']);
  $incoming_comment[\'comment_content\'] = str_replace(\"\'\", \"\\\'\", $incoming_comment[\'comment_content\']);
  return ($incoming_comment);
}
function wpb_comment_display($comment_to_display)
{
  $comment_to_display = str_replace(\"\'\", \"\\\'\", $comment_to_display);
  return $comment_to_display;
}
add_filter(\'preprocess_comment\', \'wpb_comment_post\', 1);
add_filter(\'comment_text\', \'wpb_comment_display\', 1);
add_filter(\'comment_text_rss\', \'wpb_comment_display\', 1);
add_filter(\'comment_excerpt\', \'wpb_comment_display\', 1);
remove_filter(\'comment_text\', \'make_clickable\', 1);

The wpb_comment_post function is called when a new comment is submitted and it applies two filters to the comment\’s content. The first filter applies the htmlspecialchars function, which converts special characters to their HTML entity equivalents. This ensures that any malicious input is sanitized and does not pose a security risk to the website. The second filter uses str_replace to replace any single quotes in the comment\’s content with their escaped equivalent. This prevents any unintended effects of unescaped quotes in the comment\’s content.

Trending
My Personal Journey with Hostinger: An Affordable and Reliable Hosting Solution

The wpb_comment_display function is called when a comment is displayed on the site, and it applies a filter to the comment\’s content to ensure that any escaped single quotes are displayed correctly.

Finally, there are four add_filter calls that hook into various WordPress comment functions to apply the wpb_comment_display function and one remove_filter call to remove the default filter that makes links clickable in comments.

Overall, this code is an example of how WordPress filters can be used to modify the behavior of a site\’s comment system, particularly to ensure the security and integrity of the user-generated content.

---- 
Ready for a supercharged online presence with Hostinger? Use my 20% discount link (CODE: 1LUKE485)  to start your journey today. Your website deserves the powerhouse performance that Hostinger delivers.

Related Posts