wp_kses_bad_protocol( string $string, array $allowed_protocols )
Sanitize string from bad protocols.
Description
This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won’t be fooled by a string like "javascript:javascript:alert(57)".
Parameters
- $string
-
(Required) Content to filter bad protocols from
- $allowed_protocols
-
(Required) Allowed protocols to keep
Return
(string) Filtered content
Source
File: wp-includes/kses.php
function wp_kses_bad_protocol($string, $allowed_protocols) {
$string = wp_kses_no_null($string);
$iterations = 0;
do {
$original_string = $string;
$string = wp_kses_bad_protocol_once($string, $allowed_protocols);
} while ( $original_string != $string && ++$iterations < 6 );
if ( $original_string != $string )
return '';
return $string;
}
Changelog
Version | Description |
---|---|
WP-1.0.0 | Introduced. |