wp_kses_named_entities() WordPress Function

The wp_kses_named_entities() function is a security measure to prevent cross-site scripting (XSS) attacks. This function allows for only certain named entities to be passed through in a string. This function should be used when you want to allow only certain HTML entities in a string.

wp_kses_named_entities( array $matches ) #

Callback for wp_kses_normalize_entities() regular expression.

Contents

Description
Parameters
Return
Source
Changelog

Description

This function only accepts valid named entity references, which are finite, case-sensitive, and highly scrutinized by HTML and XML validators.

Parameters

$matches: (array)(Required)preg_replace_callback() matches array.

Return

(string) Correctly encoded entity.

Source

File: wp-includes/kses.php

function wp_kses_named_entities( $matches ) {
	global $allowedentitynames;

	if ( empty( $matches[1] ) ) {
		return '';
	}

	$i = $matches[1];
	return ( ! in_array( $i, $allowedentitynames, true ) ) ? "&amp;$i;" : "&$i;";
}

Expand full source code Collapse full source codeView on TracView on GitHub

Changelog

Changelog
Version	Description
3.0.0	Introduced.

Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by the Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.