wp_kses_post()
Sanitizes the passed string (content), leaving in it only allowed post content HTML tags for the current user.
This function is a wrapper for such code:
wp_kses( $data, 'post' );
This function can be used to sanitize raw user input data passed in $_POST
:
$some_array = array_map( 'wp_kses_post', $_POST['some_array'] );
This function expects unslashed string (data)! It means that before using it you need to remove all slashes, see wp_unslash(), that WP automatically adds to any global data, for example $_POST, see wp_magic_quotes().
Uses: wp_kses()
1 time — 0.000492 sec (fast) | 50000 times — 10.07 sec (slow) | PHP 7.1.5, WP 4.8
No Hooks.
Return
String
. Filtered post content with allowed HTML tags and attributes intact.
Usage
wp_kses_post( $data );
- $data(string) (required)
- Post content to filter.
Examples
#1 Sanitize the string
Function demonstration: clears string $str of unwanted HTML tags.
$str = $str = wp_unslash( $_POST['text'] ); $str = wp_kses_post( $str ); // now $str can be safely written to the database or displayed
var_dump( wp_kses_post( '' ) ); // string(0) "" var_dump( wp_kses_post( '\'foo<foo>' ) ); // string(4) "'foo" var_dump( wp_kses_post( '\'foo <p>bar</p>' ) ); // string(15) "'foo <p>bar</p>"
#2 More examples
See examples of wp_kses().
Changelog
Since 2.9.0 | Introduced. |
wp_kses_post() wp kses post code WP 6.7.1
function wp_kses_post( $data ) { return wp_kses( $data, 'post' ); }