wp_filter_kses()
Cleans text, leaving only allowed HTML tags. Expects escaped data.
The type of cleaning is determined by the function current_filter().
Before cleaning all escaped slashes are removed, and before returning the result these slashes are added back. Therefore if text is passed without escaped slashes, they will be added in the result (see PHP function addslashes()).
wp_kses_data() - is a copy of this function, except that it does not process slashes in the passed text and processes the text as is.
This function is usually preferable to wp_kses_data(), because wp_magic_quotes() cleans $_GET, $_POST, $_COOKIE, $_SERVER and $_REQUEST at an early stage in the hooks system, immediately after the plugins_loaded filter and before init.
All allowed tags by default are in the global variable global $allowedtags.
KSES is a security filter written in PHP for cleaning text with HTML tags. It removes all «dangerous» elements and is designed to protect against SQL injection and XSS.
No Hooks.
Returns
String. Filtered text.
Usage
wp_filter_kses( $data );
- $data(string) (required)
- The text from which to remove unwanted HTML tags. It is expected that the text is escaped (\).
Examples
#1 Demo:
$text = "<a href='some'>text</a> <div>text</div>"; echo wp_filter_kses( $text ); //return: <a href=\'some\'>text</a> text
Changelog
| Since 1.0.0 | Introduced. |
wp_filter_kses() wp filter kses code WP 6.9.1
function wp_filter_kses( $data ) {
return addslashes( wp_kses( stripslashes( $data ), current_filter() ) );
}