WordPress at a glance

wp_kses() WP 1.0

Filters content and keeps only allowable HTML elements.

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function.

The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Works based on: wp_kses_allowed_html()
✈ 1 time = 0.000364s = fast | 50000 times = 2.26s = fast PHP 7.1.1, WP 4.7.2

No Hooks.

Return

String. Filtered content with only allowed HTML elements

Usage

wp_kses( $string, $allowed_html, $allowed_protocols );
$string(string) (required)
Content to filter through kses
$allowed_html(array) (required)
List of allowed HTML elements
$allowed_protocols(array)
Allowed protocol in links.
Default: array()

Code of wp_kses: wp-includes/kses.php VER 4.9.8

<?php
function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) )
		$allowed_protocols = wp_allowed_protocols();
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities($string);
	$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
	return wp_kses_split($string, $allowed_html, $allowed_protocols);
}

Related Functions

From tag: kses (html cleanup sanitize)

More from category: Sanitizing, Escaping

No comments
    Hello, !     Log In . Register