內容簡介
預設情況下,擁有管理員或編輯權限的用戶可以在文章標題和內容中發布未經篩檢的 HTML。畢竟,WordPress 是一個出版工具,人們需要能夠包含他們需要的任何標記以進行溝通。較低權限的用戶不允許發布未經篩選的內容。
未經篩選的 HTML 可能會帶來安全風險。它允許用戶包含 JavaScript、物件嵌入和其他潛在惡意的程式碼。因此,此功能僅應該提供給受信任的用戶。WordPress 預設提供編輯者和管理員可使用未篩選的 HTML。
使用此外掛可防止編輯者發布未篩選的 HTML 文章,管理員不受影響。
詳細資訊,請參閱 常見問題。
外掛標籤
開發者團隊
原文外掛簡介
By default, users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate. Users with lesser privileges are not allowed to post unfiltered content.
Unfiltered HTML is potentially dangerous. It allows users to include JavaScript, object embeds, and other code that has the potential to be malicious. The capability should only be given to trusted users. By default, WordPress provides the unfiltered HTML ability to Editors and Administrators.
Use this plugin to prevent Editors from publishing unfiltered HTML posts. Administrators will not be affected.
For more information, check out the FAQ.
