Function Reference/wp kses

Languages: English • 日本語 (Add your language)

1 Description
2 Usage
3 Parameters
4 Return
5 Examples
- 5.1 Allowed HTML Tags Array
6 Notes
7 Change Log
8 Source File
9 Related

Description

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function.

Usage

<?php wp_kses($string, $allowed_html, $allowed_protocols); ?>

Parameters

$string

(string) (required) Content to filter through kses

Default: None

$allowed_html

(array) (required) List of allowed HTML elements

Default: None

$allowed_protocols

(array) (optional) Allow links in $string to these protocols.

Default: The default allowed protocols are http, https, ftp, mailto, news, irc, gopher, nntp, feed, and telnet. This covers all common link protocols, except for javascript, which should not be allowed for untrusted users.

Return

(string): Filtered string of HTML.

Examples

Allowed HTML Tags Array

This is an example of how to format an array of allowed HTML tags and attributes.

array(
    'a' => array(
        'href' => array(),
        'title' => array()
    ),
    'br' => array(),
    'em' => array(),
    'strong' => array(),
);

Notes

KSES is a recursive acronym which stands for “KSES Strips Evil Scripts".

Change Log

Since: 1.0.0

Source File

wp_kses() is located in wp-includes/kses.php.

Function: wp_kses()
Function: wp_kses_post()
Function: wp_kses_allowed_html()
Filter Hook: pre_kses

See: Data Validation article for an in-depth discussion of input and output sanitization.

See also index of Function Reference and index of Template Tags.

WordPress.org

Codex