wp_check_jsonp_callback( string $callback )

Checks that a JSONP callback is a valid JavaScript callback.

Description

Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.

Parameters

$callback: (string) (Required) Supplied JSONP callback function.

Return

(bool) True if valid callback, otherwise false.

Source

File: wp-includes/functions.php

function wp_check_jsonp_callback( $callback ) {
	if ( ! is_string( $callback ) ) {
		return false;
	}

	preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );

	return 0 === $illegal_char_count;
}

Expand Source Code View on GitHub

Used By
Used By	Description
wp-includes/rest-api/class-wp-rest-server.php: WP_REST_Server::serve_request()	Handles serving an API request.

Changelog

Changelog
Version	Description
WP-4.6.0	Introduced.