wp_filter_post_kses()
Cleans the content, leaving only allowed HTML tags and adds escaping slashes.
Same as wp_kses_post(), but expects data to be escaped.
The function removes slashes (stripslashes()) from the provided text, processes it, and then adds the slashes back. Therefore if you are cleaning $_POST data, this should be done before the slashes in the text are removed, before inserting the data into the database.
Allowed tags vary depending on the user's capabilities.
Uses the global variable: $allowedposttags.
Uses: wp_kses()
No Hooks.
Returns
String.
Usage
<?php wp_filter_post_kses( $data ) ?>
- $data(string) (required)
- The content of the post to be filtered.
Examples
#1 Demo
This is how the function will work if you are an administrator:
$data = '<p data-url="foo">Auto.</p> <span>rules</span> <div>Check div</div> <script>check script</script> <em>Example. Source numbers: 66, 43.</em> <ol> <li>Lists</li> </ol>'; $data = wp_filter_post_kses( $data ); echo htmlspecialchars( $data ); /* It will: <p>automat.</p> <span>rules</span> <div>Check div</div> Checking the script <em>Example. Source numbers: 66, 43.</em> <ol> <li>Lists</li> </ol> */
Changelog
| Since 2.0.0 | Introduced. |
wp_filter_post_kses() wp filter post kses code WP 6.9.1
function wp_filter_post_kses( $data ) {
return addslashes( wp_kses( stripslashes( $data ), 'post' ) );
}