close
The Wayback Machine - https://web.archive.org/web/20090423085341/http://support.wordpress.com:80/code/

Support

Writing & Editing

Code

, , , , , ,

WordPress.com is a type of shared environment, where all users are running off of the same software. This is great because it allows us at Automattic to update millions of blogs at the same time with a single click. It means we can fix bugs or offer new features very quickly, which is a win for you as users. Having all users running on the same software can also be dangerous. If we aren’t careful, one user has the potential to take down the entire site. So this is why we need to limit some of the things you post on your blog.

If you wrote some code or pasted it in from another web site and then it disappeared after publishing the post, the code is likely being stripped out. If you feel it’s being stripped out improperly or if you would like to suggest additional types of code we should allow, please contact support.

HTML Tags

WordPress.com allows the following HTML code in your posts, pages, and widgets:

address, a, abbr, acronym, b, big, blockquote, br, caption, cite, class, code, col, del, dd, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, img, ins, kbd, li, p, pre, q, s, span, strike, strong, sub, sup, table, tbody, td, tfoot, tr, tt, ul, ol, var

Check out W3 Schools for more information about what each of these HTML codes are used for.

If you are familiar with HTMl, you’ll notice that codes such as embed, frame, iframe, form, input, object, textarea and others are missing from the above list. Those codes are not allowed on WordPress.com for security reasons.

↑ Table of Contents ↑

Javascript

Users are not allowed to post JavaScript on WordPress.com blogs. Javascript can be used for malicious purposes. Your code and intentions may be perfectly harmless, but it does not mean all javascript will be okay. The security of all the blogs is a top priority and until we can guarantee scripting languages will not be harmful they will not be permitted.

If you need proof of what javascript can do, it has taken both MySpace.com and LiveJournal offline in the past.

You may want a bit of javascript and it may well be harmless but as soon as the system allows it someone will try and exploit it.

JavaScript from trusted partners, such as YouTube and Google Video, is converted into a WordPress shortcode when a post is saved.

↑ Table of Contents ↑

Flash and Other Embeds

Flash and all other embeds are not allowed in WordPress.com posts, pages, or text widgets. For security reasons we remove the tags needed for these to work. Your intentions may be innocent but someone somewhere would try to damage the site, affecting all of our users.

There are several safe ways to post Videos, Audio, and other items to your WordPress.com blog.

↑ Table of Contents ↑

Posting Source Code

While WordPress.com doesn’t allow you to use potentially dangerous code on your blog, there is a way to post source code for viewing. We have created a shortcode you can wrap around source code that preserves its formatting and even provides syntax highlighting for certain languages, like so:


#button {

font-weight: bold;

border: 2px solid #fff;

}

Wrap your code in these tags:

[sourcecode language='css']

your code here

[/sourcecode]

Any of the following can be used for the language parameter (using one is required):

  • cpp
  • csharp
  • css
  • delphi
  • html
  • java
  • jscript
  • php
  • python
  • ruby
  • sql
  • vb
  • xml

Code in between the [sourcecode] tags will automatically be encoded for display, you don’t need to worry about HTML entities or anything.

Alex Gorbatchev’s syntaxhighligher Google Code project was used to implement this feature.

BERJAYA