wp_kses_bad_protocol() WordPress Function
The wp_kses_bad_protocol() function is used to remove bad protocols from a string. This is useful for making sure that links and other content are safe to display on a website.
wp_kses_bad_protocol( string $string, string[] $allowed_protocols ) #
Sanitizes a string and removed disallowed URL protocols.
Description
This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won’t be fooled by a string like javascript:javascript:alert(57).
Parameters
- $string
(string)(Required)Content to filter bad protocols from.
- $allowed_protocols
(string[])(Required)Array of allowed URL protocols.
Return
(string) Filtered content.
Source
File: wp-includes/kses.php
function wp_kses_bad_protocol( $string, $allowed_protocols ) {
$string = wp_kses_no_null( $string );
$iterations = 0;
do {
$original_string = $string;
$string = wp_kses_bad_protocol_once( $string, $allowed_protocols );
} while ( $original_string != $string && ++$iterations < 6 );
if ( $original_string != $string ) {
return '';
}
return $string;
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 1.0.0 | Introduced. |