wp_allowed_protocols() – Function | Developer.WordPress.org

Retrieves a list of protocols to allow in HTML attributes.

string[] Array of allowed protocols. Defaults to an array containing 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'.
This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Source

	 *
	 * @since 4.9.0
	 * @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'.
	 *
	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
	 *
	 * @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'.
	 */
	$policy = apply_filters( 'admin_referrer_policy', $policy );

	header( sprintf( 'Referrer-Policy: %s', $policy ) );
}

/**
 * Retrieves a list of protocols to allow in HTML attributes.
 *
 * @since 3.3.0
 * @since 4.3.0 Added 'webcal' to the protocols array.
 * @since 4.7.0 Added 'urn' to the protocols array.
 * @since 5.3.0 Added 'sms' to the protocols array.

View all references View on Trac View on GitHub

Changelog

Version	Description
5.6.0	Added `'irc6'` and `'ircs'` to the protocols array.
5.3.0	Added `'sms'` to the protocols array.
4.7.0	Added `'urn'` to the protocols array.
4.3.0	Added `'webcal'` to the protocols array.
3.3.0	Introduced.

wp_allowed_protocols(): string[]

In this article

Description

See also

Return

Source

Changelog

User Contributed Notes