wp_check_jsonp_callback( string $callback )

Checks that a JSONP callback is a valid JavaScript callback name.


Description

Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.


Top ↑

Parameters

$callback

(string) (Required) Supplied JSONP callback function name.


Top ↑

Return

(bool) Whether the callback function name is valid.


Top ↑

Source

File: wp-includes/functions.php

function wp_check_jsonp_callback( $callback ) {
	if ( ! is_string( $callback ) ) {
		return false;
	}

	preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );

	return 0 === $illegal_char_count;
}


Top ↑

Changelog

Changelog
Version Description
4.6.0 Introduced.

Top ↑

User Contributed Notes

You must log in before being able to contribute a note or feedback.