wp_kses( string $string, array[]|string $allowed_html, string[] $allowed_protocols = array() )

Filters text content and strips out disallowed HTML.

Description

This function makes sure that only the allowed HTML element names, attribute names, attribute values, and HTML entities will occur in the given text string.

This function expects unslashed data.

See also

Top ↑

Parameters

$string

(string) (Required) Text content to filter.

$allowed_html

(array[]|string) (Required) An array of allowed HTML elements and attributes, or a context name such as 'post'.

$allowed_protocols

(string[]) (Optional) Array of allowed URL protocols.

Default value: array()

Top ↑

Return

(string) Filtered content containing only the allowed HTML.

Top ↑

Source

File: wp-includes/kses.php 

function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) ) {
		$allowed_protocols = wp_allowed_protocols();
	}
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities( $string );
	$string = wp_kses_hook( $string, $allowed_html, $allowed_protocols );
	return wp_kses_split( $string, $allowed_html, $allowed_protocols );
}

View on Trac

Top ↑

Changelog

Version Description
1.0.0 Introduced.

Top ↑

Top ↑

Used By

Used By Description
wp-admin/includes/class-wp-debug-data.php: WP_Debug_Data::debug_data()

Static function for generating site debug data when required.
wp-admin/includes/class-wp-site-health.php: WP_Site_Health::get_test_sql_server()

Test if the SQL server is up to date.
wp-admin/includes/privacy-tools.php: wp_privacy_generate_personal_data_export_group_html()

Generate a single group for the personal data export report.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_load_themes_request()

Load themes into the theme browsing/installation UI.
wp-includes/embed.php: wp_filter_oembed_result()

Filters the given oEmbed HTML.
wp-admin/includes/class-automatic-upgrader-skin.php: Automatic_Upgrader_Skin::feedback()
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::install_theme_info()

Prints the info for a theme (to be used in the theme installer modal).
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::single_row()

Prints a theme from the WordPress.org API.
wp-admin/includes/update.php: wp_plugin_update_row()

Displays update information for a plugin.
wp-admin/includes/plugin-install.php: install_plugin_information()

Display plugin information in dialog box form.
wp-admin/includes/plugin.php: _get_plugin_data_markup_translate()

Sanitizes plugin data, optionally adds markup, optionally translates.
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
wp-admin/includes/ajax-actions.php: wp_ajax_query_themes()

Ajax handler for getting themes from themes_api().
wp-includes/kses.php: wp_kses_data()

Sanitize content with allowed HTML KSES rules.
wp-includes/kses.php: wp_filter_post_kses()

Sanitizes content for allowed HTML tags for post content.
wp-includes/kses.php: wp_kses_post()

Sanitizes content for allowed HTML tags for post content.
wp-includes/kses.php: wp_filter_nohtml_kses()

Strips all HTML from a text string.
wp-includes/kses.php: wp_filter_kses()

Sanitize content with allowed HTML KSES rules.
wp-includes/class-wp-theme.php: WP_Theme::sanitize_header()

Sanitize a theme header.
wp-includes/media.php: img_caption_shortcode()

Builds the Caption shortcode output.
wp-includes/widgets.php: wp_sidebar_description()

Retrieve description for a sidebar.