wp_allowed_protocols() WordPress Function

The wp_allowed_protocols() function is used to specify which protocols are allowed in WordPress. This is useful for restricting access to certain parts of the site or for security purposes. The function takes an array of protocols as its argument and returns an array of allowed protocols.

wp_allowed_protocols() #

Retrieve a list of protocols to allow in HTML attributes.

Contents

Description

Top ↑

See also

Top ↑

Return

(string[]) Array of allowed protocols. Defaults to an array containing 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Top ↑

Source

File: wp-includes/functions.php

function wp_allowed_protocols() {
	static $protocols = array();

	if ( empty( $protocols ) ) {
		$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' );
	}

	if ( ! did_action( 'wp_loaded' ) ) {
		/**
		 * Filters the list of protocols allowed in HTML attributes.
		 *
		 * @since 3.0.0
		 *
		 * @param string[] $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more.
		 */
		$protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) );
	}

	return $protocols;
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/functions.php:kses_allowed_protocols

Filters the list of protocols allowed in HTML attributes.

wp-includes/plugin.php:did_action()

Retrieves the number of times an action has been fired during the current request.

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

Top ↑

Used By

Used By
Used ByDescription
wp-includes/formatting.php:wp_rel_callback()

Callback to add a rel attribute to HTML A element.

wp-includes/embed.php:wp_filter_oembed_iframe_title_attribute()

Filters the given oEmbed HTML to make sure iframes have a title attribute.

wp-includes/formatting.php:wp_targeted_link_rel_callback()

Callback to add rel="noopener" string to HTML A element.

wp-includes/kses.php:wp_kses_one_attr()

Filters one HTML attribute and ensures its value is allowed.

wp-admin/includes/user.php:edit_user()

Edit user settings based on contents of $_POST

wp-includes/formatting.php:_links_add_base()

Callback to add a base URL to relative links in passed content.

wp-includes/formatting.php:esc_url()

Checks and cleans a URL.

wp-includes/kses.php:safecss_filter_attr()

Filters an inline style attribute and removes disallowed rules.

wp-includes/kses.php:wp_kses()

Filters text content and strips out disallowed HTML.

Show 4 more used byHide more used by

Top ↑

Changelog

Changelog
VersionDescription
5.6.0Added 'irc6' and 'ircs' to the protocols array.
5.3.0Added 'sms' to the protocols array.
4.7.0Added 'urn' to the protocols array.
4.3.0Added 'webcal' to the protocols array.
3.3.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.

Show More
Show More