wp_allowed_protocols(): string[]

Retrieves a list of protocols to allow in HTML attributes.

Contents

Description

Top ↑

See also

Top ↑

Return

string[] Array of allowed protocols. Defaults to an array containing 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'.
This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Top ↑

Source

File: wp-includes/functions.php. View all references 

function wp_allowed_protocols() {
	static $protocols = array();

	if ( empty( $protocols ) ) {
		$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' );
	}

	if ( ! did_action( 'wp_loaded' ) ) {
		/**
		 * Filters the list of protocols allowed in HTML attributes.
		 *
		 * @since 3.0.0
		 *
		 * @param string[] $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more.
		 */
		$protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) );
	}

	return $protocols;
}

View on Trac View on GitHub

Top ↑

Hooks

Top ↑

Top ↑

Uses

Uses
Uses Description
did_action() wp-includes/plugin.php

Retrieves the number of times an action has been fired during the current request.
apply_filters() wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

Top ↑

Used By

Used By
Used By Description
_make_clickable_rel_attr() wp-includes/formatting.php

Helper function used to build the “rel” attribute for a URL when creating an anchor using make_clickable() .
wp_is_internal_link() wp-includes/link-template.php

Determines whether or not the specified URL is of a host included in the internal hosts list.
wp_rel_callback() wp-includes/formatting.php

Callback to add a rel attribute to HTML A element.
wp_filter_oembed_iframe_title_attribute() wp-includes/embed.php

Filters the given oEmbed HTML to make sure iframes have a title attribute.
wp_targeted_link_rel_callback() wp-includes/formatting.php

Callback to add rel="noopener" string to HTML A element.
wp_kses_one_attr() wp-includes/kses.php

Filters one HTML attribute and ensures its value is allowed.
edit_user() wp-admin/includes/user.php

Edit user settings based on contents of $_POST
_links_add_base() wp-includes/formatting.php

Callback to add a base URL to relative links in passed content.
esc_url() wp-includes/formatting.php

Checks and cleans a URL.
safecss_filter_attr() wp-includes/kses.php

Filters an inline style attribute and removes disallowed rules.
wp_kses() wp-includes/kses.php

Filters text content and strips out disallowed HTML.
Show 6 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
5.6.0 Added 'irc6' and 'ircs' to the protocols array.
5.3.0 Added 'sms' to the protocols array.
4.7.0 Added 'urn' to the protocols array.
4.3.0 Added 'webcal' to the protocols array.
3.3.0 Introduced.

Top ↑

User Contributed Notes

You must log in before being able to contribute a note or feedback.