wp_kses( string $string, array $allowed_html, array $allowed_protocols = array() )

Filters content and keeps only allowable HTML elements.

Description

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP’s magic quotes before you call this function.

The default allowed protocols are ‘http’, ‘https’, ‘ftp’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet, ‘mms’, ‘rtsp’ and ‘svn’. This covers all common link protocols, except for ‘javascript’ which should not be allowed for untrusted users.

Parameters

$string

(string) (Required) Content to filter through kses

$allowed_html

(array) (Required) List of allowed HTML elements

$allowed_protocols

(array) (Optional) Allowed protocol in links.

Default value: array()

Return

(string) Filtered content with only allowed HTML elements

Source

File: wp-includes/kses.php 

function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) )
		$allowed_protocols = wp_allowed_protocols();
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities($string);
	$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
	return wp_kses_split($string, $allowed_html, $allowed_protocols);
}

Expand Source Code View on GitHub

Related

Used By

Used By
Used By Description
wp-includes/media.php: img_caption_shortcode()

Builds the Caption shortcode output.
wp-includes/embed.php: wp_filter_oembed_result()

Filters the given oEmbed HTML.
wp-includes/class-wp-theme.php: WP_Theme::sanitize_header()

Sanitize a theme header.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_load_themes_request()

Load themes into the theme browsing/installation UI.
wp-includes/kses.php: wp_filter_kses()

Sanitize content with allowed HTML Kses rules.
wp-includes/kses.php: wp_kses_data()

Sanitize content with allowed HTML Kses rules.
wp-includes/kses.php: wp_filter_post_kses()

Sanitize content for allowed HTML tags for post content.
wp-includes/kses.php: wp_kses_post()

Sanitize content for allowed HTML tags for post content.
wp-includes/kses.php: wp_filter_nohtml_kses()

Strips all of the HTML in the content.
wp-includes/kses.php: wp_kses_split2()

Callback for wp_kses_split for fixing malformed HTML tags.
wp-includes/widgets.php: wp_sidebar_description()

Retrieve description for a sidebar.
wp-admin/includes/class-automatic-upgrader-skin.php: Automatic_Upgrader_Skin::feedback()
wp-admin/includes/plugin-install.php: install_plugin_information()

Display plugin information in dialog box form.
wp-admin/includes/ajax-actions.php: wp_ajax_query_themes()

Ajax handler for getting themes from themes_api().
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
wp-admin/includes/plugin.php: _get_plugin_data_markup_translate()

Sanitizes plugin data, optionally adds markup, optionally translates.
wp-admin/includes/file.php: wp_privacy_generate_personal_data_export_group_html()

Generate a single group for the personal data export report.
wp-admin/includes/update.php: wp_plugin_update_row()

Displays update information for a plugin.
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::single_row()

Prints a theme from the ClassicPress.net API.
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::install_theme_info()

Prints the info for a theme (to be used in the theme installer modal).
Show 15 more used by Hide more used by

Changelog

Changelog
Version Description
WP-1.0.0 Introduced.