Title: wp_kses_check_attr_val
Published: April 25, 2014
Last modified: May 20, 2026

---

# wp_kses_check_attr_val( string $value, string $vless, string $checkname, mixed $checkvalue ): bool

## In this article

 * [Description](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#description)
 * [Parameters](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#parameters)
 * [Return](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#source)
 * [Related](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#changelog)

[ Back to top](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#wp--skip-link--target)

Performs different checks for attribute values.

## 󠀁[Description](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#description)󠁿

The currently implemented checks are “maxlen”, “minlen”, “maxval”, “minval”, and“
valueless”.

## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#parameters)󠁿

 `$value`stringrequired

Attribute value.

`$vless`stringrequired

Whether the attribute is valueless. Use `'y'` or `'n'`.

`$checkname`stringrequired

What $checkvalue is checking for.

`$checkvalue`mixedrequired

What constraint the value should pass.

## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#return)󠁿

 bool Whether check passes.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#source)󠁿

    ```php
    function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
    	$ok = true;

    	switch ( strtolower( $checkname ) ) {
    		case 'maxlen':
    			/*
    			 * The maxlen check makes sure that the attribute value has a length not
    			 * greater than the given value. This can be used to avoid Buffer Overflows
    			 * in WWW clients and various Internet servers.
    			 */

    			if ( strlen( $value ) > $checkvalue ) {
    				$ok = false;
    			}
    			break;

    		case 'minlen':
    			/*
    			 * The minlen check makes sure that the attribute value has a length not
    			 * smaller than the given value.
    			 */

    			if ( strlen( $value ) < $checkvalue ) {
    				$ok = false;
    			}
    			break;

    		case 'maxval':
    			/*
    			 * The maxval check does two things: it checks that the attribute value is
    			 * an integer from 0 and up, without an excessive amount of zeroes or
    			 * whitespace (to avoid Buffer Overflows). It also checks that the attribute
    			 * value is not greater than the given value.
    			 * This check can be used to avoid Denial of Service attacks.
    			 */

    			if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
    				$ok = false;
    			}
    			if ( $value > $checkvalue ) {
    				$ok = false;
    			}
    			break;

    		case 'minval':
    			/*
    			 * The minval check makes sure that the attribute value is a positive integer,
    			 * and that it is not smaller than the given value.
    			 */

    			if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
    				$ok = false;
    			}
    			if ( $value < $checkvalue ) {
    				$ok = false;
    			}
    			break;

    		case 'valueless':
    			/*
    			 * The valueless check makes sure if the attribute has a value
    			 * (like `<a href="blah">`) or not (`<option selected>`). If the given value
    			 * is a "y" or a "Y", the attribute must not have a value.
    			 * If the given value is an "n" or an "N", the attribute must have a value.
    			 */

    			if ( strtolower( $checkvalue ) !== $vless ) {
    				$ok = false;
    			}
    			break;

    		case 'values':
    			/*
    			 * The values check is used when you want to make sure that the attribute
    			 * has one of the given values.
    			 */

    			if ( false === array_search( strtolower( $value ), $checkvalue, true ) ) {
    				$ok = false;
    			}
    			break;

    		case 'value_callback':
    			/*
    			 * The value_callback check is used when you want to make sure that the attribute
    			 * value is accepted by the callback function.
    			 */

    			if ( ! call_user_func( $checkvalue, $value ) ) {
    				$ok = false;
    			}
    			break;
    	} // End switch.

    	return $ok;
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/kses.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/kses.php#L1783)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/kses.php#L1783-L1878)

## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#related)󠁿

| Used by | Description | 
| [wp_kses_attr_check()](https://developer.wordpress.org/reference/functions/wp_kses_attr_check/)`wp-includes/kses.php` |

Determines whether an attribute is allowed.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_kses_check_attr_val/?output_format=md#changelog)󠁿

| Version | Description | 
| [1.0.0](https://developer.wordpress.org/reference/since/1.0.0/) | Introduced. |

## User Contributed Notes

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_kses_check_attr_val%2F)
before being able to contribute a note or feedback.