wp_check_jsonp_callback( string $callback )

Checks that a JSONP callback is a valid JavaScript callback name.

Description Description

Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.

Top ↑

Parameters Parameters


(string) (Required) Supplied JSONP callback function name.

Top ↑

Return Return

(bool) Whether the callback function name is valid.

Top ↑

Source Source

File: wp-includes/functions.php

function wp_check_jsonp_callback( $callback ) {
	if ( ! is_string( $callback ) ) {
		return false;

	preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );

	return 0 === $illegal_char_count;

Top ↑

Changelog Changelog

Version Description
4.6.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.