wp_allowed_protocols()
Retrieves a list of protocols to allow in HTML attributes.
Hooks from the function
Return
String[]. Array of allowed protocols. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.
Usage
wp_allowed_protocols();
Notes
Changelog
| Since 3.3.0 | Introduced. |
| Since 4.3.0 | Added 'webcal' to the protocols array. |
| Since 4.7.0 | Added 'urn' to the protocols array. |
| Since 5.3.0 | Added 'sms' to the protocols array. |
| Since 5.6.0 | Added 'irc6' and 'ircs' to the protocols array. |
wp_allowed_protocols() wp allowed protocols code WP 6.5.2
function wp_allowed_protocols() {
static $protocols = array();
if ( empty( $protocols ) ) {
$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' );
}
if ( ! did_action( 'wp_loaded' ) ) {
/**
* Filters the list of protocols allowed in HTML attributes.
*
* @since 3.0.0
*
* @param string[] $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more.
*/
$protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) );
}
return $protocols;
}