wp_kses_bad_protocol_once() │ WP 1.0.0

Sanitizes content from bad protocols and other characters.

This function searches for URL protocols at the beginning of the string, while handling whitespace and HTML entities.

No Hooks.

Returns

String. Sanitized content.

Usage

wp_kses_bad_protocol_once( $content, $allowed_protocols, $count );

$content(string) (required)

Content to check for bad protocols.

$allowed_protocols(string[]) (required)

Array of allowed URL protocols.

$count(int)

Depth of call recursion to this function.
Default: 1

Changelog

wp_kses_bad_protocol_once() wp kses bad protocol once code ^{WP 6.9.1}

function wp_kses_bad_protocol_once( $content, $allowed_protocols, $count = 1 ) {
	$content  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $content );
	$content2 = preg_split( '/:|&#0*58;|&#x0*3a;|:/i', $content, 2 );

	if ( isset( $content2[1] ) && ! preg_match( '%/\?%', $content2[0] ) ) {
		$content  = trim( $content2[1] );
		$protocol = wp_kses_bad_protocol_once2( $content2[0], $allowed_protocols );
		if ( 'feed:' === $protocol ) {
			if ( $count > 2 ) {
				return '';
			}
			$content = wp_kses_bad_protocol_once( $content, $allowed_protocols, ++$count );
			if ( empty( $content ) ) {
				return $content;
			}
		}
		$content = $protocol . $content;
	}

	return $content;
}