WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_strip_all_tags()

wp_strip_all_tags( string $text, bool $remove_breaks = false ): string

In this article

Back to top

Properly strips all HTML tags including ‘script’ and ‘style’.

Description

This differs from strip_tags() because it removes the contents of the <script> and <style> tags. E.g. strip_tags( '<script>something</script>' ) will return ‘something’. wp_strip_all_tags() will return an empty string.

Parameters

$textstringrequired
String containing HTML tags
$remove_breaksbooloptional
Whether to remove left over line breaks and white space chars

Default:false

Return

string The processed string.

More Information

wp_strip_all_tags() is added to the following filters by default (see wp-includes/default-filters.php):

  • pre_comment_author_url
  • pre_user_url
  • pre_link_url
  • pre_link_image
  • pre_link_rss
  • pre_post_guid

It is also applied to these filters by default when on the administration side of the site:

  • user_url
  • link_url
  • link_image
  • link_rss
  • comment_url
  • post_guid

Source

function wp_strip_all_tags( $text, $remove_breaks = false ) {
	if ( is_null( $text ) ) {
		return '';
	}

	if ( ! is_scalar( $text ) ) {
		/*
		 * To maintain consistency with pre-PHP 8 error levels,
		 * wp_trigger_error() is used to trigger an E_USER_WARNING,
		 * rather than _doing_it_wrong(), which triggers an E_USER_NOTICE.
		 */
		wp_trigger_error(
			'',
			sprintf(
				/* translators: 1: The function name, 2: The argument number, 3: The argument name, 4: The expected type, 5: The provided type. */
				__( 'Warning: %1$s expects parameter %2$s (%3$s) to be a %4$s, %5$s given.' ),
				__FUNCTION__,
				'#1',
				'$text',
				'string',
				gettype( $text )
			),
			E_USER_WARNING
		);

		return '';
	}

	$text = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $text );
	$text = strip_tags( $text );

	if ( $remove_breaks ) {
		$text = preg_replace( '/[\r\n\t ]+/', ' ', $text );
	}

	return trim( $text );
}

View all references View on Trac View on GitHub

UsesDescription
wp_trigger_error()wp-includes/functions.php

Generates a user-level error/warning/notice/deprecation message.

Used byDescription
WP_Font_Face::generate_and_print()wp-includes/fonts/class-wp-font-face.php

Generates and prints the @font-face styles for the given fonts.

WP_Style_Engine_CSS_Declarations::filter_declaration()wp-includes/style-engine/class-wp-style-engine-css-declarations.php

Filters a CSS property + value pair.

WP_REST_URL_Details_Controller::prepare_metadata_for_output()wp-includes/rest-api/endpoints/class-wp-rest-url-details-controller.php

Prepares the metadata by: – stripping all HTML tags and tag entities.

WP_Application_Passwords_List_Table::print_js_template_row()wp-admin/includes/class-wp-application-passwords-list-table.php

Prints the JavaScript template for the new row item.

WP_REST_Block_Directory_Controller::prepare_item_for_response()wp-includes/rest-api/endpoints/class-wp-rest-block-directory-controller.php

Parse block metadata for a block, and prepare it for an API response.

wp_check_comment_disallowed_list()wp-includes/comment.php

Checks if a comment contains disallowed characters or words.

Plugin_Installer_Skin::do_overwrite()wp-admin/includes/class-plugin-installer-skin.php

Checks if the plugin can be overwritten and outputs the HTML for overwriting a plugin on upload.

Theme_Installer_Skin::do_overwrite()wp-admin/includes/class-theme-installer-skin.php

Checks if the theme can be overwritten and outputs the HTML for overwriting a theme on upload.

WP_Recovery_Mode_Email_Service::send_recovery_mode_email()wp-includes/class-wp-recovery-mode-email-service.php

Sends the Recovery Mode email to the site admin email address.

_sanitize_text_fields()wp-includes/formatting.php

Internal helper function to sanitize a string from user input or from the database.

WP_Screen::render_list_table_columns_preferences()wp-admin/includes/class-wp-screen.php

Renders the list table columns preferences.

WP_List_Table::single_row_columns()wp-admin/includes/class-wp-list-table.php

Generates the columns for a single row of the table.

WP_Users_List_Table::single_row()wp-admin/includes/class-wp-users-list-table.php

Generates HTML for a single row on the users.php admin panel.

media_upload_form_handler()wp-admin/includes/media.php

Handles form submissions for the legacy media uploader.

edit_post()wp-admin/includes/post.php

Updates an existing post with values provided in $_POST.

wp_ajax_save_attachment()wp-admin/includes/ajax-actions.php

Handles updating attachment attributes via AJAX.

wp_html_excerpt()wp-includes/formatting.php

Safely extracts not more than the first $count characters from HTML string.

wp_trim_words()wp-includes/formatting.php

Trims text to a certain number of words.

sanitize_user()wp-includes/formatting.php

Sanitizes a username, stripping out unsafe characters.

wp_setup_nav_menu_item()wp-includes/nav-menu.php

Decorates a menu item object with the shared navigation menu item properties.

Show 15 moreShow less

Changelog

VersionDescription
2.9.0Introduced.

User Contributed Notes

  2. Skip to note 4 content
    Giuseppe
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

    Be aware that wp_strip_all_tags() cannot be used to check if a text is html by a simple comparison between the original string and the parsed string.
    The difference is in the trim() applied to the returned value.

    function wrong_is_html( $my_string ) {
    return wp_strip_all_tags( $my_string ) !== $my_string ? true : false;
}

function is_html( $my_string ) {
    return wp_strip_all_tags( $my_string ) !== trim ( $my_string ) ? true : false;
}

$a_string = 'this is a simple text string with no html tag, but with an end of line' . PHP_EOL;
if ( true === wrong_is_html( $a_string ) ) {
    echo 'Is HTML';
} else {
    echo 'Is not HTML';
}

if ( true === is_html( $a_string ) ) {
    echo 'Is HTML';
} else {
    echo 'Is not HTML';
}

// outputs 
// Is HTML
// Is not HTML

You must log in before being able to contribute a note or feedback.