wp_strip_all_tags( string $string, bool $remove_breaks = false ): string

Properly strips all HTML tags including script and style

Description
Parameters
Return
More Information
Source
Related
- Used By
Changelog
User Contributed Notes

Description

This differs from strip_tags() because it removes the contents of the <script> and <style> tags. E.g. strip_tags( '<script>something</script>' ) will return ‘something’. wp_strip_all_tags will return ”

Top ↑

Parameters

$string string Required: String containing HTML tags
$remove_breaks bool Optional: Whether to remove left over line breaks and white space chars

Default: false

Top ↑

Return

string The processed string.

Top ↑

More Information

wp_strip_all_tags() is added to the following filters by default (see wp-includes/default-filters.php):

pre_comment_author_url
pre_user_url
pre_link_url
pre_link_image
pre_link_rss
pre_post_guid

It is also applied to these filters by default when on the administration side of the site:

user_url
link_url
link_image
link_rss
comment_url
post_guid

Top ↑

Source

File: wp-includes/formatting.php. View all references

function wp_strip_all_tags( $string, $remove_breaks = false ) {
	$string = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $string );
	$string = strip_tags( $string );

	if ( $remove_breaks ) {
		$string = preg_replace( '/[\r\n\t ]+/', ' ', $string );
	}

	return trim( $string );
}

View on Trac View on GitHub

Top ↑

Used By

Used By
Used By	Description
WP_REST_URL_Details_Controller::prepare_metadata_for_output() wp-includes/rest-api/endpoints/class-wp-rest-url-details-controller.php	Prepares the metadata by: – stripping all HTML tags and tag entities.
WP_Application_Passwords_List_Table::print_js_template_row() wp-admin/includes/class-wp-application-passwords-list-table.php	Prints the JavaScript template for the new row item.
WP_REST_Block_Directory_Controller::prepare_item_for_response() wp-includes/rest-api/endpoints/class-wp-rest-block-directory-controller.php	Parse block metadata for a block, and prepare it for an API response.
wp_check_comment_disallowed_list() wp-includes/comment.php	Checks if a comment contains disallowed characters or words.
Plugin_Installer_Skin::do_overwrite() wp-admin/includes/class-plugin-installer-skin.php	Check if the plugin can be overwritten and output the HTML for overwriting a plugin on upload.
Theme_Installer_Skin::do_overwrite() wp-admin/includes/class-theme-installer-skin.php	Check if the theme can be overwritten and output the HTML for overwriting a theme on upload.
WP_Recovery_Mode_Email_Service::send_recovery_mode_email() wp-includes/class-wp-recovery-mode-email-service.php	Sends the Recovery Mode email to the site admin email address.
_sanitize_text_fields() wp-includes/formatting.php	Internal helper function to sanitize a string from user input or from the database.
WP_Screen::render_list_table_columns_preferences() wp-admin/includes/class-wp-screen.php	Render the list table columns preferences.
WP_List_Table::single_row_columns() wp-admin/includes/class-wp-list-table.php	Generates the columns for a single row of the table.
WP_Users_List_Table::single_row() wp-admin/includes/class-wp-users-list-table.php	Generate HTML for a single row on the users.php admin panel.
media_upload_form_handler() wp-admin/includes/media.php	Handles form submissions for the legacy media uploader.
edit_post() wp-admin/includes/post.php	Updates an existing post with values provided in `$_POST`.
wp_ajax_save_attachment() wp-admin/includes/ajax-actions.php	Ajax handler for updating attachment attributes.
wp_html_excerpt() wp-includes/formatting.php	Safely extracts not more than the first $count characters from HTML string.
wp_trim_words() wp-includes/formatting.php	Trims text to a certain number of words.
sanitize_user() wp-includes/formatting.php	Sanitizes a username, stripping out unsafe characters.
wp_setup_nav_menu_item() wp-includes/nav-menu.php	Decorates a menu item object with the shared navigation menu item properties.