wp_kses( string $string, array[]|string $allowed_html, string[] $allowed_protocols = array() )

Filters text content and strips out disallowed HTML.


Description Description

This function makes sure that only the allowed HTML element names, attribute names, attribute values, and HTML entities will occur in the given text string.

This function expects unslashed data.

See also See also


Top ↑

Parameters Parameters

$string

(string) (Required) Text content to filter.

$allowed_html

(array[]|string) (Required) An array of allowed HTML elements and attributes, or a context name such as 'post'.

$allowed_protocols

(string[]) (Optional) Array of allowed URL protocols.

Default value: array()


Top ↑

Return Return

(string) Filtered content containing only the allowed HTML.


Top ↑

Source Source

File: wp-includes/kses.php

function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) ) {
		$allowed_protocols = wp_allowed_protocols();
	}
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities( $string );
	$string = wp_kses_hook( $string, $allowed_html, $allowed_protocols );
	return wp_kses_split( $string, $allowed_html, $allowed_protocols );
}

Top ↑

Changelog Changelog

Changelog
Version Description
1.0.0 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.