Checks that a JSONP callback is a valid JavaScript callback name.
Description
Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.
Parameters
$callback
stringrequired- Supplied JSONP callback function name.
Source
function wp_check_jsonp_callback( $callback ) {
if ( ! is_string( $callback ) ) {
return false;
}
preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );
return 0 === $illegal_char_count;
}
Changelog
Version | Description |
---|---|
4.6.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.