wp_kses( string $string, array[]|string $allowed_html, string[] $allowed_protocols = array() )
Filters text content and strips out disallowed HTML.
Description
This function makes sure that only the allowed HTML element names, attribute names, attribute values, and HTML entities will occur in the given text string.
This function expects unslashed data.
See also
- wp_kses_post(): for specifically filtering post content and fields.
- wp_allowed_protocols(): for the default allowed protocols in link URLs.
Parameters
- $string
-
(string) (Required) Text content to filter.
- $allowed_html
-
(array[]|string) (Required) An array of allowed HTML elements and attributes, or a context name such as 'post'.
- $allowed_protocols
-
(string[]) (Optional) Array of allowed URL protocols.
Default value: array()
Return
(string) Filtered content containing only the allowed HTML.
Source
File: wp-includes/kses.php
function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) { if ( empty( $allowed_protocols ) ) { $allowed_protocols = wp_allowed_protocols(); } $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) ); $string = wp_kses_normalize_entities( $string ); $string = wp_kses_hook( $string, $allowed_html, $allowed_protocols ); return wp_kses_split( $string, $allowed_html, $allowed_protocols ); }
Changelog
Version | Description |
---|---|
1.0.0 | Introduced. |
Allowed HTML tags array
This is an example of how to format an array of allowed HTML tags and attributes.
See
wp_kses_allowed_html()
and /wp-includes/kses.php to get a list of the possible default values of the allowed HTML tags.