wp_trigger_error()wp-includes/functions.php | Generates a user-level error/warning/notice/deprecation message.
|
WP_Site_Health::get_test_persistent_object_cache()wp-admin/includes/class-wp-site-health.php | Tests if the site uses persistent object cache and recommends to use it if not.
|
Walker_Comment::filter_comment_text()wp-includes/class-walker-comment.php | Filters the comment text.
|
filter_block_kses_value()wp-includes/blocks.php | Filters and sanitizes a parsed block attribute value to remove non-allowable HTML.
|
WP_Site_Health::get_test_sql_server()wp-admin/includes/class-wp-site-health.php | Tests if the SQL server is up to date.
|
wp_privacy_generate_personal_data_export_group_html()wp-admin/includes/privacy-tools.php | Generate a single group for the personal data export report.
|
WP_Customize_Manager::handle_load_themes_request()wp-includes/class-wp-customize-manager.php | Loads themes into the theme browsing/installation UI.
|
wp_filter_oembed_result()wp-includes/embed.php | Filters the given oEmbed HTML.
|
Automatic_Upgrader_Skin::feedback()wp-admin/includes/class-automatic-upgrader-skin.php | Stores a message about the upgrade.
|
WP_Theme_Install_List_Table::install_theme_info()wp-admin/includes/class-wp-theme-install-list-table.php | Prints the info for a theme (to be used in the theme installer modal).
|
WP_Theme_Install_List_Table::single_row()wp-admin/includes/class-wp-theme-install-list-table.php | Prints a theme from the WordPress.org API.
|
wp_plugin_update_row()wp-admin/includes/update.php | Displays update information for a plugin.
|
install_plugin_information()wp-admin/includes/plugin-install.php | Displays plugin information in dialog box form.
|
_get_plugin_data_markup_translate()wp-admin/includes/plugin.php | Sanitizes plugin data, optionally adds markup, optionally translates.
|
WP_Plugin_Install_List_Table::display_rows()wp-admin/includes/class-wp-plugin-install-list-table.php | Generates the list table rows.
|
wp_ajax_query_themes()wp-admin/includes/ajax-actions.php | Handles getting themes from themes_api() via AJAX.
|
wp_kses_data()wp-includes/kses.php | Sanitize content with allowed HTML KSES rules.
|
wp_filter_post_kses()wp-includes/kses.php | Sanitizes content for allowed HTML tags for post content.
|
wp_kses_post()wp-includes/kses.php | Sanitizes content for allowed HTML tags for post content.
|
wp_filter_nohtml_kses()wp-includes/kses.php | Strips all HTML from a text string.
|
wp_filter_kses()wp-includes/kses.php | Sanitize content with allowed HTML KSES rules.
|
WP_Theme::sanitize_header()wp-includes/class-wp-theme.php | Sanitizes a theme header.
|
wp_sidebar_description()wp-includes/widgets.php | Retrieve description for a sidebar.
|
Many function names in WordPress are self-explanatory and if they aren’t, their documentation usually sheds some light on how they got their name. I find this makes it easier to later recall their names and uses. However,
wp_kses
is an exception. So for anyone else wondering:kses
comes from the terms XSS (cross-site scripting) and access. It’s also a recursive acronym (every open-source project should have one!) for “kses strips evil scripts”.Allowed HTML tags array
This is an example of how to format an array of allowed HTML tags and attributes.
array( 'a' => array( 'href' => true, 'title' => true, ), 'br' => array(), 'em' => array(), 'strong' => array(), );
WordPress wp_kses is an HTML filtering mechanism. If you need to escape your output in a specific (custom) way, wp_kses function in WordPress will come handy.
Output:
Before
wp_kses
: Check Kses function I am stronger and cooler every single day Click HereAfter
wp_kses
: String using wp_kses function…. Check Kses function I am stronger and cooler every single day Click HereIt will display a resultant string as shown in the output screen. It only reflects the allowed tags
strong
,br
,p
as defined inwp_kses
function and anchor tag is removed. So, no link for click Here text is formed.See
wp_kses_allowed_html()
and /wp-includes/kses.php to get a list of the possible default values of the allowed HTML tags.If you want to keep certain style properties you have to use another filter.
Unortunately wp_kses will check the style properties against a list of allowed properties and it will still strip the style attribute if none of the styles are safe.
E.g. Use this filter if you want to keep the `display` property within a `style`:
a
Check kses.php for default:
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/kses.php
Sanitize SVG markup for front-end display using
wp_kses
, and a list of allowed HTML elements and attributes specific to a SVG tag.If you are using wp_kses to escape SVG, be warned `wp_kses() ` will strip camelcased attributes in your args. Make sure your args are converted to lowercase for their uppercase equivalents. For example:
Allowed HTML elements attributes don’t need to be empty arrays, but simply a boolean,