Description
Filters content and keeps only allowable HTML elements.
This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function. The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.
Usage
$string = wp_kses( $string, $allowed_html, $allowed_protocols );
Parameters
- $string
- ( string ) required – Content to filter through kses
- $allowed_html
- ( array ) required – List of allowed HTML elements
- $allowed_protocols
- ( array ) optional – Optional. Allowed protocol in links.
Returns
string Filtered content with only allowed HTML elements
Source
File name: wordpress/wp-includes/kses.php
Lines: 1 to 8 of 8
function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) { if ( empty( $allowed_protocols ) ) $allowed_protocols = wp_allowed_protocols(); $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) ); $string = wp_kses_normalize_entities($string); $string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook return wp_kses_split($string, $allowed_html, $allowed_protocols); }
Called by
1 to 22 of 22
- _get_plugin_data_markup_translate() – Sanitizes plugin data, optionally adds markup, optionally translates.
- Automatic_Upgrader_Skin::feedback() –
- genesis_formatting_kses() – Wrapper for `wp_kses()` that can be used as a filter function.
- img_caption_shortcode() – Builds the Caption shortcode output.
- install_plugin_information() – Display plugin information in dialog box form.
- lib/views/pages/genesis-admin-upgraded.php
- wp_ajax_query_themes() – Ajax handler for getting themes from themes_api().
- WP_Customize_Manager::handle_load_themes_request() – Load themes into the theme browsing/installation UI.
- wp_filter_kses() – Sanitize content with allowed HTML Kses rules.
- wp_filter_nohtml_kses() – Strips all of the HTML in the content.
- wp_filter_oembed_result() – Filters the given oEmbed HTML.
- wp_filter_post_kses() – Sanitize content for allowed HTML tags for post content.
- wp_kses_data() – Sanitize content with allowed HTML Kses rules.
- wp_kses_post() – Sanitize content for allowed HTML tags for post content.
- wp_kses_split2() – Callback for wp_kses_split for fixing malformed HTML tags.
- WP_Plugin_Install_List_Table::display_rows() –
- wp_plugin_update_row() – Displays update information for a plugin.
- WP_Press_This::fetch_source_html() – Downloads the source’s HTML via server-side call for the given URL.
- wp_privacy_generate_personal_data_export_group_html() – Generate a single group for the personal data export report.
- WP_Theme_Install_List_Table::install_theme_info() – Prints the info for a theme (to be used in the theme installer modal).
- WP_Theme_Install_List_Table::single_row() – Prints a theme from the WordPress.org API.
- WP_Theme::sanitize_header() – Sanitize a theme header.
Invoked by
Calls
1 to 6 of 6
- wp_allowed_protocols() – Retrieve a list of protocols to allow in HTML attributes.
- wp_kses_hook() – You add any kses hooks here.
- wp_kses_no_null() – Removes any invalid control characters in $string.
- wp_kses_normalize_entities() – Converts and fixes HTML entities.
- wp_kses_split() – Searches for HTML tags, no matter how malformed.
- wp_kses() – Filters content and keeps only allowable HTML elements.
