wp_check_jsonp_callback( string $callback )

Checks that a JSONP callback is a valid JavaScript callback.


Description

Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.


Parameters

$callback

(Required) Supplied JSONP callback function.


Return

(bool) True if valid callback, otherwise false.


Source

File: wp-includes/functions.php

function wp_check_jsonp_callback( $callback ) {
	if ( ! is_string( $callback ) ) {
		return false;
	}

	preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );

	return 0 === $illegal_char_count;
}


Changelog

Changelog
Version Description
WP-4.6.0 Introduced.