wp_kses_allowed_html()WP 3.5.0

Returns an array of allowed HTML tags and attributes for a given context.

Used By: wp_kses()
1 time — 0.000061 sec (very fast) | 50000 times — 1.72 sec (fast)
Hooks from the function

Return

Array. Array of allowed HTML tags and their allowed attributes.

Usage

wp_kses_allowed_html( $context );
$context(string|array)
The context for which to retrieve tags. Allowed values are 'post', 'strip', 'data', 'entities', or the name of a field filter such as pre_user_description, or an array of allowed HTML elements and attributes.
Default: ''

Examples

0

#1 Get the default list of allowed tags

Here the list is obtained for the user with the role of Administrator.

The list may differ, depending on the role and the specified context.

$data = wp_kses_allowed_html( $context );

print_r( $data );

/* we get
Array
(
	[a] => Array
		(
			[href] => 1
			[title] => 1
		)

	[abbr] => Array
		(
			[title] => 1
		)

	[acronym] => Array
		(
			[title] => 1
		)

	[b] => Array()
	[blockquote] => Array
		(
			[cite] => 1
		)

	[cite] => Array()
	[code] => Array()
	[del] => Array
		(
			[datetime] => 1
		)

	[em] => Array()
	[i] => Array()
	[q] => Array
		(
			[cite] => 1
		)

	[s] => Array()
	[strike] => Array()
	[strong] => Array()
	[pre] => Array
		(
			[class] => 1
			[name] => 1
			[code] => 1
		)

	[var] => Array()
	[h3] => Array()
	[h4] => Array()
	[img] => Array
		(
			[class] => 1
			[alt] => 1
			[src] => 1
		)

	[li] => Array()
	[ol] => Array()
	[ul] => Array()

)
*/
0

#2 If you specify the context

// strips all html (empty array)
$data = wp_kses_allowed_html( 'strip' );
/*
Array
(
)
*/

// allows a list of HTML Entities such as 
$data = wp_kses_allowed_html( 'entities' );
/*
Array
(
	[0] => nbsp
	[1] => iexcl
	[2] => cent
	[3] => pound
	[4] => curren
	[5] => yen
	[6] => brvbar
	[7] => sect
	[8] => uml
	[9] => copy
	[10] => ordf
	[11] => laquo
	[12] => not
	[13] => shy
	[14] => reg
	[15] => macr
	[16] => deg
	[17] => plusmn
	[18] => acute
	[19] => micro
	[20] => para
	[21] => middot
	etc. ...
)
*/
// allows all most inline elements and strips all block-level elements except blockquote
$allowed_html = wp_kses_allowed_html( 'data' );

// very permissive: allows pretty much all HTML to pass - same as what's normally applied to the_content by default
$allowed_html = wp_kses_allowed_html( 'post' );

Notes

  • Global. Array. $allowedposttags
  • Global. Array. $allowedtags
  • Global. Array. $allowedentitynames

Changelog

Since 3.5.0 Introduced.
Since 5.0.1 form removed as allowable HTML tag.

wp_kses_allowed_html() code WP 6.5.4

function wp_kses_allowed_html( $context = '' ) {
	global $allowedposttags, $allowedtags, $allowedentitynames;

	if ( is_array( $context ) ) {
		// When `$context` is an array it's actually an array of allowed HTML elements and attributes.
		$html    = $context;
		$context = 'explicit';

		/**
		 * Filters the HTML tags that are allowed for a given context.
		 *
		 * HTML tags and attribute names are case-insensitive in HTML but must be
		 * added to the KSES allow list in lowercase. An item added to the allow list
		 * in upper or mixed case will not recognized as permitted by KSES.
		 *
		 * @since 3.5.0
		 *
		 * @param array[] $html    Allowed HTML tags.
		 * @param string  $context Context name.
		 */
		return apply_filters( 'wp_kses_allowed_html', $html, $context );
	}

	switch ( $context ) {
		case 'post':
			/** This filter is documented in wp-includes/kses.php */
			$tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );

			// 5.0.1 removed the `<form>` tag, allow it if a filter is allowing it's sub-elements `<input>` or `<select>`.
			if ( ! CUSTOM_TAGS && ! isset( $tags['form'] ) && ( isset( $tags['input'] ) || isset( $tags['select'] ) ) ) {
				$tags = $allowedposttags;

				$tags['form'] = array(
					'action'         => true,
					'accept'         => true,
					'accept-charset' => true,
					'enctype'        => true,
					'method'         => true,
					'name'           => true,
					'target'         => true,
				);

				/** This filter is documented in wp-includes/kses.php */
				$tags = apply_filters( 'wp_kses_allowed_html', $tags, $context );
			}

			return $tags;

		case 'user_description':
		case 'pre_user_description':
			$tags             = $allowedtags;
			$tags['a']['rel'] = true;
			/** This filter is documented in wp-includes/kses.php */
			return apply_filters( 'wp_kses_allowed_html', $tags, $context );

		case 'strip':
			/** This filter is documented in wp-includes/kses.php */
			return apply_filters( 'wp_kses_allowed_html', array(), $context );

		case 'entities':
			/** This filter is documented in wp-includes/kses.php */
			return apply_filters( 'wp_kses_allowed_html', $allowedentitynames, $context );

		case 'data':
		default:
			/** This filter is documented in wp-includes/kses.php */
			return apply_filters( 'wp_kses_allowed_html', $allowedtags, $context );
	}
}