HTML code stripped

  • Unknown's avatar
    ultimatefrager · Member ·

    Hello,

    I have troubles addind third party widgets to my website hosted at wordpress.com.

    Edit Themes (/wp-admin/theme-editor.php) which I used to use when administrating websites with WP at some regular hosting is not available (404 error page).
    Appearance – Widgets (/wp-admin/widgets.php) also not available (“theme does not support widgets”, unfortunately I was not able to find any that supports, also I have not find filtering by features etc).

    When I was editing page, there is a possibility to add a block of the type “html code”, but all tags except standart text formatting are stripped when I save the page.

    < script > tags are removed making all javascript code broken, < iframe > is also removed except the embed youtube codes (in that case it’s replaced by short code).

    Same happens when I edit themes using that new theme editor. All necessary HTML tags are stripped.

    So how to add a widjet (embed external javascript or iframe) to the website hosted at wordpress.com?

  • Unknown's avatar
    staartmees · Member ·

    You can’t embed an external javascript or iframe on the wordpress.com platform due to security reasons. If you want to do so, you must upgrade to the Business Plan.

  • Unknown's avatar
    ultimatefrager · Member ·

    I would not agree generic external javascript or frames could cause security issues. Such limitations make impossible embedding of any external widgets because all of them are script-based or frame-based.

    OK, this is about external scripts, e.g. https://some/external/script.js? Why this tag is stripped?

  • Unknown's avatar
    ultimatefrager · Member ·

    I would change this forum to encode all post text with htmlspecialchars, rather then strip_tags. I mean script src=”external url” vs script some code /script locally inside the template.

    Following this manual I’m trying to add Google Analytics code. Formally it’s also an external Javascript that may cause a security issue. Unfortunately, I see a blank white page at the address (Tools → Marketing → Traffic.):

    https://wordpress.com/marketing/traffic/MYLOGIN.wordpress.com

    is it a bug or feature? Exactly, there is a drop-down list from few items, all except “Traffic” work.

  • Unknown's avatar
    staartmees · Member ·

    As I already said, you can’t run, embed, … or whatever, scripts on the wordpress.com platform – https://wordpress.com/support/code/

  • Unknown's avatar
    ultimatefrager · Member ·

    OK. Thank you for answer. This stupid limitation puts wordpress.com below free web hostings with PHP support since self-hosted WordPress CMS at free hosting gives more possibilities then (if I understood correctly) paid Premium and Personal plans at WordPress.com.

    Looks like here there is no FTP even on paid plans…

  • Unknown's avatar
    aisajib · Member ·

    Hi there!

    Hope you’re doing well! I wanted to briefly mention why some code requires the WordPress.com Business plan.

    Unlike WordPress.org sites you would host on any other platform, WordPress.com sites are customized and come with many features already built-in. We have a guide that goes into the detailed differences between WordPress.com and WordPress.org, but a WordPress.org site you install somewhere will have far fewer features than a WordPress.com site by default.

    It’s true that you’ll be able to install plugins right away on a WordPress.org site hosted on a low-cost hosting, and you will need plugins to add some of the basic features like sharing buttons, but we include many features on WordPress.com sites that don’t even need a plugin. (Features vary based on WordPress.com plans.)

    For example, we include sharing buttons, stats, the ability to integrate with Google Analytics, truly unlimited bandwidth (your site will never go down due to high traffic), email newsletters, and many more.

    To enable these features, some of which are available even on free WordPress.com sites, we run these sites on a custom environment where we don’t allow scripts to run, as they would affect other sites. That’s why certain types of code can only be run on plugin-enabled WordPress.com sites (with the WordPress.com Business plan or higher).

    With the WordPress.com Business plan, your site has access to plugins and third-party themes. And you can insert/embed scripts on your site just like you can with a WordPress.org site. But you get many more features as well.

    SFTP, SSH, real-time automatic backups, security scanning, a spam prevention system powered by Akismet, and many more advanced hosting features are enabled with a WordPress.com Business plan.

    I understand that you may not want to upgrade to the Business plan just to embed code, but I wanted to highlight some of the benefits of the Business plan and how a WordPress.org site on low-cost hosting compares to WordPress.com sites, even those without access to plugins.

    Hope that helps! Please let us know if you have any further questions. We’ll be happy to answer them for you. :)

  • The topic ‘HTML code stripped’ is closed to new replies.