WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_allowed_protocols()

wp_allowed_protocols(): string[]

In this article

Back to top

Retrieves a list of protocols to allow in HTML attributes.

Description

See also

Return

string[] Array of allowed protocols. Defaults to an array containing 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'.
This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Source

function wp_allowed_protocols() {
	static $protocols = array();

	if ( empty( $protocols ) ) {
		$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' );
	}

	if ( ! did_action( 'wp_loaded' ) ) {
		/**
		 * Filters the list of protocols allowed in HTML attributes.
		 *
		 * @since 3.0.0
		 *
		 * @param string[] $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more.
		 */
		$protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) );
	}

	return $protocols;
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘kses_allowed_protocols’, string[] $protocols )

Filters the list of protocols allowed in HTML attributes.

UsesDescription
did_action()wp-includes/plugin.php

Retrieves the number of times an action has been fired during the current request.

apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Used byDescription
_make_clickable_rel_attr()wp-includes/formatting.php

Helper function used to build the “rel” attribute for a URL when creating an anchor using make_clickable() .

wp_is_internal_link()wp-includes/link-template.php

Determines whether or not the specified URL is of a host included in the internal hosts list.

wp_rel_callback()wp-includes/formatting.php

Callback to add a rel attribute to HTML A element.

wp_filter_oembed_iframe_title_attribute()wp-includes/embed.php

Filters the given oEmbed HTML to make sure iframes have a title attribute.

wp_targeted_link_rel_callback()wp-includes/formatting.php

Callback to add rel="noopener" string to HTML A element.

wp_kses_one_attr()wp-includes/kses.php

Filters one HTML attribute and ensures its value is allowed.

edit_user()wp-admin/includes/user.php

Edit user settings based on contents of $_POST

_links_add_base()wp-includes/formatting.php

Callback to add a base URL to relative links in passed content.

esc_url()wp-includes/formatting.php

Checks and cleans a URL.

safecss_filter_attr()wp-includes/kses.php

Filters an inline style attribute and removes disallowed rules.

wp_kses()wp-includes/kses.php

Filters text content and strips out disallowed HTML.

Show 6 moreShow less

Changelog

VersionDescription
5.6.0Added 'irc6' and 'ircs' to the protocols array.
5.3.0Added 'sms' to the protocols array.
4.7.0Added 'urn' to the protocols array.
4.3.0Added 'webcal' to the protocols array.
3.3.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.