wp_kses_attr_check( string $name, string $value, string $whole, string $vless, string $element, array $allowed_html )
Determines whether an attribute is allowed.
Parameters
- $name
-
(Required) The attribute name. Passed by reference. Returns empty string when not allowed.
- $value
-
(Required) The attribute value. Passed by reference. Returns a filtered value.
- $whole
-
(Required) The
name=value
input. Passed by reference. Returns filtered input. - $vless
-
(Required) Whether the attribute is valueless. Use 'y' or 'n'.
- $element
-
(Required) The name of the element to which this attribute belongs.
- $allowed_html
-
(Required) The full list of allowed elements and attributes.
Return
(bool) Whether or not the attribute is allowed.
Source
File: wp-includes/kses.php
function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
$allowed_attr = $allowed_html[strtolower( $element )];
$name_low = strtolower( $name );
if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) {
$name = $value = $whole = '';
return false;
}
if ( 'style' == $name_low ) {
$new_value = safecss_filter_attr( $value );
if ( empty( $new_value ) ) {
$name = $value = $whole = '';
return false;
}
$whole = str_replace( $value, $new_value, $whole );
$value = $new_value;
}
if ( is_array( $allowed_attr[$name_low] ) ) {
// there are some checks
foreach ( $allowed_attr[$name_low] as $currkey => $currval ) {
if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) {
$name = $value = $whole = '';
return false;
}
}
}
return true;
}
Changelog
Version | Description |
---|---|
5.0.0 | Added support for data-* wildcard attributes. |
4.2.3 | Introduced. |