Sanitize string from bad protocols.
This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like 'javascript:javascript:alert(57)'.
<?php wp_kses_bad_protocol( $string, $allowed_protocols ); ?>
Since: 1.0.0
wp_kses_bad_protocol() is located in wp-includes/kses.php
.