{"id":37770,"date":"2021-08-11T08:37:08","date_gmt":"2021-08-11T08:37:08","guid":{"rendered":"http:\/\/getshortcodes.com\/?post_type=docs&#038;p=37770"},"modified":"2025-05-21T17:09:03","modified_gmt":"2025-05-21T17:09:03","slug":"unsafe-features","status":"publish","type":"docs","link":"https:\/\/getshortcodes.com\/docs\/unsafe-features\/","title":{"rendered":"Unsafe features"},"content":{"rendered":"<p class=\"h2\">Table of contents<\/p>\n\n<ol><li><a href=\"#what-is-unsafe-features\">What is unsafe features<\/a><\/li><li><a href=\"#what-features-are-disabled\">What features are disabled<\/a><\/li><li><a href=\"#how-to-turn-unsafe-features-on\">How to turn unsafe features on<\/a><\/li><\/ol><\/li><\/ol>\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-unsafe-features\">What is unsafe features<\/h2>\n\n\n\n<p>Unsafe features is a set of plugin features that may potentially harm your website if you have non-admin users (registered users with edit permissions) on your site. For example, a regular user with Subscriber role may use the following shortcode to display arbitrary Javascript code on your site:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#091;su_button onclick=\"alert();\"]&#091;\/su_button]<\/code><\/pre>\n\n\n\n<p>To prevent possible vulnerabilities the plugin will automatically disable such features once you have at least one non-admin user on your site.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-features-are-disabled\">What features are disabled<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><a href=\"https:\/\/getshortcodes.com\" class=\"su-button su-button-style-default\" style=\"color:#FFFFFF;background-color:#2D89EF;border-color:#246ec0;border-radius:5px\" target=\"_self\"><span style=\"color:#FFFFFF;padding:0px 16px;font-size:13px;line-height:26px;border-color:#6cadf4;border-radius:5px;text-shadow:none\">  ... <\/span><\/a><\/code> (the <code>onclick<\/code> attribute)<\/li>\n\n\n\n<li><code><\/code> shortcode<\/li>\n\n\n\n<li><code><\/code> (the <code>url<\/code> attribute)<\/li>\n\n\n\n<li><code><div class=\"su-table su-table-alternate\"><\/div><\/code> (the <code>url<\/code> attribute)<\/li>\n\n\n\n<li><code><\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-turn-unsafe-features-on\">How to turn unsafe features on<\/h2>\n\n\n\n<p>If you are 100% sure your users won&#8217;t harm your website and you need to use an unsafe feature, navigate to <em>Dashboard \u2192 Shortcodes \u2192 Settings \u2192 Advanced settings<\/em> and turn on the <em>Unsafe features<\/em> option.<\/p>\n","protected":false},"featured_media":0,"template":"","docs_category":[20],"class_list":["post-37770","docs","type-docs","status-publish","hentry","docs_category-getting-started"],"_links":{"self":[{"href":"https:\/\/getshortcodes.com\/api\/wp\/v2\/docs\/37770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/getshortcodes.com\/api\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/getshortcodes.com\/api\/wp\/v2\/types\/docs"}],"wp:attachment":[{"href":"https:\/\/getshortcodes.com\/api\/wp\/v2\/media?parent=37770"}],"wp:term":[{"taxonomy":"docs_category","embeddable":true,"href":"https:\/\/getshortcodes.com\/api\/wp\/v2\/docs_category?post=37770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}