wp_kses( string $string, array $allowed_html, array $allowed_protocols = array() )

Filters content and keeps only allowable HTML elements.

Contents

Description Description

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP’s magic quotes before you call this function.

The default allowed protocols are ‘http’, ‘https’, ‘ftp’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet, ‘mms’, ‘rtsp’ and ‘svn’. This covers all common link protocols, except for ‘javascript’ which should not be allowed for untrusted users.

Parameters Parameters

$string

(string) (Required) Content to filter through kses

$allowed_html

(array) (Required) List of allowed HTML elements

$allowed_protocols

(array) (Optional) Allowed protocol in links.

Default value: array()

Top ↑

Return Return

(string) Filtered content with only allowed HTML elements

Top ↑

Source Source

File: wp-includes/kses.php 

function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) )
		$allowed_protocols = wp_allowed_protocols();
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities($string);
	$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
	return wp_kses_split($string, $allowed_html, $allowed_protocols);
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
1.0.0 Introduced.

Top ↑

Top ↑

Used By Used By

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.