wp_check_jsonp_callback( string $callback )

Checks that a JSONP callback is a valid JavaScript callback.

Description Description

Only allows alphanumeric characters and the dot character in callback function names. This helps to mitigate XSS attacks caused by directly outputting user input.

Parameters Parameters


(string) (Required) Supplied JSONP callback function.

Top ↑

Return Return

(bool) True if valid callback, otherwise false.

Top ↑

Source Source

File: wp-includes/functions.php

function wp_check_jsonp_callback( $callback ) {
	if ( ! is_string( $callback ) ) {
		return false;

	preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count );

	return 0 === $illegal_char_count;

Top ↑

Changelog Changelog

Version Description
4.6.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.