wp_kses_bad_protocol( string $string, string[] $allowed_protocols )

Sanitizes a string and removed disallowed URL protocols.

Contents

Description Description

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won’t be fooled by a string like javascript:javascript:alert(57).

Parameters Parameters

$string

(string) (Required) Content to filter bad protocols from.

$allowed_protocols

(string[]) (Required) Array of allowed URL protocols.

Top ↑

Return Return

(string) Filtered content.

Top ↑

Source Source

File: wp-includes/kses.php 

function wp_kses_bad_protocol( $string, $allowed_protocols ) {
	$string     = wp_kses_no_null( $string );
	$iterations = 0;

	do {
		$original_string = $string;
		$string          = wp_kses_bad_protocol_once( $string, $allowed_protocols );
	} while ( $original_string != $string && ++$iterations < 6 );

	if ( $original_string != $string ) {
		return '';
	}

	return $string;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
1.0.0 Introduced.

Top ↑

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/kses.php: wp_kses_one_attr()

Filters one HTML attribute and ensures its value is allowed.
wp-includes/formatting.php: esc_url()

Checks and cleans a URL.
wp-includes/kses.php: safecss_filter_attr()

Filters an inline style attribute and removes disallowed rules.
wp-includes/kses.php: wp_kses_hair()

Builds an attribute list from string containing attributes.
wp-includes/class-http.php: WP_Http::request()

Send an HTTP request to a URI.
wp-includes/http.php: wp_http_validate_url()

Validate a URL for safe use in the HTTP API.
Show 1 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.