wp_kses_uri_attributes()WP 5.0.1

Helper function listing HTML attributes containing a URL.

This function returns a list of all HTML attributes that must contain a URL according to the HTML specification.

This list includes URI attributes both allowed and disallowed by KSES.

1 time — 0.000001 sec (speed of light) | 50000 times — 0.10 sec (speed of light) | PHP 7.2.5, WP 5.0.1
Hooks from the function

Return

String[]. HTML attribute names whose value contains a URL.

Usage

wp_kses_uri_attributes();

Examples

0

#1 What the function returns 

$uris = wp_kses_uri_attributes();

/* $uris = 
Array
(
	[0] => action
	[1] => archive
	[2] => background
	[3] => cite
	[4] => classid
	[5] => codebase
	[6] => data
	[7] => formaction
	[8] => href
	[9] => icon
	[10] => longdesc
	[11] => manifest
	[12] => poster
	[13] => profile
	[14] => src
	[15] => usemap
	[16] => xmlns
)
*/
0

#2 Sanitize the value of the attribute in which the URI is specified

This demo shows how to clear the value of the attribute where the URI should be. This is the logic used to clean values in WP KSES:

$uris              = wp_kses_uri_attributes();
$allowed_protocols = wp_allowed_protocols();
$attrname          = 'href';
$thisval           = 'http://example.com';

if( in_array( strtolower( $attrname ), $uris ) ){
	$thisval = wp_kses_bad_protocol( $thisval, $allowed_protocols );
}

// if $thisval = 'foo://example.com'
echo $thisval; //> //example.com

// if $thisval = 'http://example.com'
echo $thisval; //> http://example.com

Changelog

Since 5.0.1 Introduced.

wp_kses_uri_attributes() code WP 6.1.1

wp-includes/kses.php 
function wp_kses_uri_attributes() {
	$uri_attributes = array(
		'action',
		'archive',
		'background',
		'cite',
		'classid',
		'codebase',
		'data',
		'formaction',
		'href',
		'icon',
		'longdesc',
		'manifest',
		'poster',
		'profile',
		'src',
		'usemap',
		'xmlns',
	);

	/**
	 * Filters the list of attributes that are required to contain a URL.
	 *
	 * Use this filter to add any `data-` attributes that are required to be
	 * validated as a URL.
	 *
	 * @since 5.0.1
	 *
	 * @param string[] $uri_attributes HTML attribute names whose value contains a URL.
	 */
	$uri_attributes = apply_filters( 'wp_kses_uri_attributes', $uri_attributes );

	return $uri_attributes;
}

kses (html cleanup sanitize)

Helper Functions