wp_kses( string $content, array[]|string $allowed_html, string[] $allowed_protocols = array() )
Filters text content and strips out disallowed HTML.
Description
This function makes sure that only the allowed HTML element names, attribute names, attribute values, and HTML entities will occur in the given text string.
This function expects unslashed data.
See also
wp_kses_post(): for specifically filtering post content and fields.
wp_allowed_protocols(): for the default allowed protocols in link URLs.
Parameters
- $content
-
(Required) Text content to filter.
- $allowed_html
-
(Required) An array of allowed HTML elements and attributes, or a context name such as 'post'. See wp_kses_allowed_html() for the list of accepted context names.
- $allowed_protocols
-
(Optional) Array of allowed URL protocols.<br> Defaults to the result of wp_allowed_protocols().
Default value: array()
Return
(string) Filtered content containing only the allowed HTML.
Source
File: wp-includes/kses.php
function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
if ( empty( $allowed_protocols ) )
$allowed_protocols = wp_allowed_protocols();
$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
$string = wp_kses_normalize_entities($string);
$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html, $allowed_protocols);
}
Changelog
Version | Description |
---|---|
1.0.0 | Introduced. |