wp_kses_data( string $data ): string

User Contributed Notes

1. Skip to note 3 content

   Codex 10 years ago

   You must log in to vote on the helpfulness of this noteVote results for this note: 2You must log in to vote on the helpfulness of this note

   Example

   Below example sanitizes input HTML string by removing non allowed tag <div> and <script>.

   $s = '<div id="1st"><strong><i>Foo</i></strong><script>alert("Bar");</script></div>';
   $x = wp_kses_data($s);
   // Now, $x is <strong><i>Foo</i></strong>alert("Bar");
2. Skip to note 4 content

   Tessa (they/them), AuRise Creative 1 year ago

   You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

   To find out what tags are allowed in this function, just access global $allowedtags;. The code here…

   global $allowedtags;
   var_dump($allowedtags);

   …outputs the following:

   array (size=14)
       'a' => array (size=2)
           'href' => boolean true
           'title' => boolean true
   
       'abbr' => array (size=1)
           'title' => boolean true
   
       'acronym' => array (size=1)
           'title' => boolean true
   
       'b' => array (size=0)
   
       'blockquote' => array (size=1)
           'cite' => boolean true
   
       'cite' => array (size=0)
   
       'code' => array (size=0)
   
       'del' => array (size=1)
           'datetime' => boolean true
   
       'em' => array (size=0)
   
       'i' => array (size=0)
   
       'q' => array (size=1)
           'cite' => boolean true
   
       's' => array (size=0)
   
       'strike' => array (size=0)
   
       'strong' => array (size=0)

   And if you wish to modify it to customize the allowed/disallowed tags for everything that uses this function, you can do so using the wp_kses_allowed_html filter and check that the second parameter is equal to 'data'.