wp_allowed_protocols(): string[]

In this article

Retrieves a list of protocols to allow in HTML attributes.

Description

See also

Return

string[] Array of allowed protocols. Defaults to an array containing 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'.
This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Source

	 *
	 * @since 4.9.0
	 * @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'.
	 *
	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
	 *
	 * @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'.
	 */
	$policy = apply_filters( 'admin_referrer_policy', $policy );

	header( sprintf( 'Referrer-Policy: %s', $policy ) );
}

/**
 * Retrieves a list of protocols to allow in HTML attributes.
 *
 * @since 3.3.0
 * @since 4.3.0 Added 'webcal' to the protocols array.
 * @since 4.7.0 Added 'urn' to the protocols array.
 * @since 5.3.0 Added 'sms' to the protocols array.

Changelog

VersionDescription
5.6.0Added 'irc6' and 'ircs' to the protocols array.
5.3.0Added 'sms' to the protocols array.
4.7.0Added 'urn' to the protocols array.
4.3.0Added 'webcal' to the protocols array.
3.3.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.