wp_kses_hair_parse() WordPress Function
The wp_kses_hair_parse() function in WordPress allows you to specify which HTML elements and attributes are allowed in your content. This is useful for preventing malicious code from being injected into your posts and pages.
wp_kses_hair_parse( string $attr ) #
Builds an attribute list from string containing attributes.
Description
Does not modify input. May return "evil" output. In case of unexpected input, returns false instead of stripping things.
Based on wp_kses_hair() but does not return a multi-dimensional array.
Parameters
- $attr
(string)(Required)Attribute list from HTML element to closing HTML element tag.
Return
(array|false) List of attributes found in $attr. Returns false on failure.
Source
File: wp-includes/kses.php
function wp_kses_hair_parse( $attr ) {
if ( '' === $attr ) {
return array();
}
// phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation
$regex =
'(?:'
. '[_a-zA-Z][-_a-zA-Z0-9:.]*' // Attribute name.
. '|'
. '\[\[?[^\[\]]+\]\]?' // Shortcode in the name position implies unfiltered_html.
. ')'
. '(?:' // Attribute value.
. '\s*=\s*' // All values begin with '='.
. '(?:'
. '"[^"]*"' // Double-quoted.
. '|'
. "'[^']*'" // Single-quoted.
. '|'
. '[^\s"\']+' // Non-quoted.
. '(?:\s|$)' // Must have a space.
. ')'
. '|'
. '(?:\s|$)' // If attribute has no value, space is required.
. ')'
. '\s*'; // Trailing space is optional except as mentioned above.
// phpcs:enable
// Although it is possible to reduce this procedure to a single regexp,
// we must run that regexp twice to get exactly the expected result.
$validation = "%^($regex)+$%";
$extraction = "%$regex%";
if ( 1 === preg_match( $validation, $attr ) ) {
preg_match_all( $extraction, $attr, $attrarr );
return $attrarr[0];
} else {
return false;
}
}
Expand full source codeCollapse full source codeView on TracView on GitHub
Changelog
| Version | Description |
|---|---|
| 4.2.3 | Introduced. |