WordPress at Your Fingertips

wp_kses_post() WP 2.9.0

Sanitizes the passed string (content), leaving in it only allowed post content HTML tags for the current user.

This function is a wrapper for such code:

wp_kses( $data, 'post' );

This function can be used to sanitize raw user input data passed in $_POST:

$some_array = array_map( 'wp_kses_post', $_POST['some_array'] );
Uses: wp_kses()
1 time — 0.000492 sec (fast) | 50000 times — 10.07 sec (slow) | PHP 7.1.5, WP 4.8

No Hooks.


String. Filtered post content with allowed HTML tags and attributes intact.


wp_kses_post( $data );
$data(string) (required)
Post content to filter.


#1 Sanitize the string

Demonstration of how sanitize the string $str from unwanted HTML tags.

$str = $_POST['text'];
$str = wp_kses_post( $str );

// now $str can be safely written to the database or displayed on the screen


Since 2.9.0 Introduced.

Code of wp_kses_post() WP 5.8

function wp_kses_post( $data ) {
	return wp_kses( $data, 'post' );

From tag: kses (html cleanup sanitize)

More from category: Security

No comments
    Log In