wp_kses_uri_attributes()
Helper function listing HTML attributes containing a URL.
This function returns a list of all HTML attributes that must contain a URL according to the HTML specification.
This list includes URI attributes both allowed and disallowed by KSES.
1 time — 0.000001 sec (speed of light) | 50000 times — 0.10 sec (speed of light) | PHP 7.2.5, WP 5.0.1
Hooks from the function
Return
String[]
. HTML attribute names whose value contains a URL.
Usage
wp_kses_uri_attributes();
Examples
#1 What the function returns
$uris = wp_kses_uri_attributes(); /* $uris = Array ( [0] => action [1] => archive [2] => background [3] => cite [4] => classid [5] => codebase [6] => data [7] => formaction [8] => href [9] => icon [10] => longdesc [11] => manifest [12] => poster [13] => profile [14] => src [15] => usemap [16] => xmlns ) */
#2 Sanitize the value of the attribute in which the URI is specified
This demo shows how to clear the value of the attribute where the URI should be. This is the logic used to clean values in WP KSES:
$uris = wp_kses_uri_attributes(); $allowed_protocols = wp_allowed_protocols(); $attrname = 'href'; $thisval = 'http://example.com'; if( in_array( strtolower( $attrname ), $uris ) ){ $thisval = wp_kses_bad_protocol( $thisval, $allowed_protocols ); } // if $thisval = 'foo://example.com' echo $thisval; //> //example.com // if $thisval = 'http://example.com' echo $thisval; //> http://example.com
Changelog
Since 5.0.1 | Introduced. |