wp_kses( string $string, array $allowed_html, array $allowed_protocols = array() )
Filters content and keeps only allowable HTML elements.
Table of Contents
Description Description
This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP’s magic quotes before you call this function.
The default allowed protocols are ‘http’, ‘https’, ‘ftp’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet, ‘mms’, ‘rtsp’ and ‘svn’. This covers all common link protocols, except for ‘javascript’ which should not be allowed for untrusted users.
Parameters Parameters
- $string
-
(string) (Required) Content to filter through kses
- $allowed_html
-
(array) (Required) List of allowed HTML elements
- $allowed_protocols
-
(array) (Optional) Allowed protocol in links.
Default value: array()
Return Return
(string) Filtered content with only allowed HTML elements
Source Source
File: wp-includes/kses.php
function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
if ( empty( $allowed_protocols ) )
$allowed_protocols = wp_allowed_protocols();
$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
Expand full source code Collapse full source code View on Trac
Changelog Changelog
| Version | Description |
|---|---|
| 1.0.0 | Introduced. |
User Contributed Notes User Contributed Notes
You must log in before being able to contribute a note or feedback.
Allowed HTML tags array
This is an example of how to format an array of allowed HTML tags and attributes.
array( 'a' => array( 'href' => array(), 'title' => array() ), 'br' => array(), 'em' => array(), 'strong' => array(), );See
wp_kses_allowed_html()and /wp-includes/kses.php to get a list of the possible default values of the allowed HTML tags.