wp_check_jsonp_callback( string $callback ): bool

Checks that a JSONP callback is a valid JavaScript callback name.

Description

Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.

Parameters

$callbackstringrequired
Supplied JSONP callback function name.

Return

bool Whether the callback function name is valid.

Source

function wp_check_jsonp_callback( $callback ) {
	if ( ! is_string( $callback ) ) {
		return false;
	}

	preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );

	return 0 === $illegal_char_count;
}

Changelog

VersionDescription
4.6.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.