This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

wp_kses_split2( string $string, array $allowed_html, array $allowed_protocols )

Callback for wp_kses_split for fixing malformed HTML tags.

Description

This function does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string, if the element isn’t allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an attribute list.

After the tag is split into an element and an attribute list, it is run through another filter which will remove illegal attributes and once that is completed, will be returned.

Parameters

$string

(string) (Required) Content to filter

$allowed_html

(array) (Required) Allowed HTML elements

$allowed_protocols

(array) (Required) Allowed protocols to keep

Return

(string) Fixed HTML element

Source

File: wp-includes/kses.php 

function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
	$string = wp_kses_stripslashes($string);

	if (substr($string, 0, 1) != '<')
		return '&gt;';
	// It matched a ">" character

	if ( '<!--' == substr( $string, 0, 4 ) ) {
		$string = str_replace( array('<!--', '-->'), '', $string );
		while ( $string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) )
			$string = $newstring;
		if ( $string == '' )
			return '';
		// prevent multiple dashes in comments
		$string = preg_replace('/--+/', '-', $string);
		// prevent three dashes closing a comment
		$string = preg_replace('/-$/', '', $string);
		return "<!--{$string}-->";
	}
	// Allow HTML comments

	if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches))
		return '';
	// It's seriously malformed

	$slash = trim($matches[1]);
	$elem = $matches[2];
	$attrlist = $matches[3];

	if ( ! is_array( $allowed_html ) )
		$allowed_html = wp_kses_allowed_html( $allowed_html );

	if ( ! isset($allowed_html[strtolower($elem)]) )
		return '';
	// They are using a not allowed HTML element

	if ($slash != '')
		return "</$elem>";
	// No attributes are allowed for closing elements

	return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
}

Expand Source Code View on GitHub

Related

Uses

Uses
Uses Description
wp-includes/kses.php: wp_kses_stripslashes()

Strips slashes from in front of quotes.
wp-includes/kses.php: wp_kses_attr()

Removes all attributes, if none are allowed for this element.
wp-includes/kses.php: wp_kses()

Filters content and keeps only allowable HTML elements.
wp-includes/kses.php: wp_kses_allowed_html()

Return a list of allowed tags and attributes for a given context.

Changelog

Changelog
Version Description
WP-1.0.0 Introduced.