esc_url( string $url, array $protocols = null, string $_context = 'display' )

Checks and cleans a URL.

Contents

Description Description

A number of characters are removed from the URL. If the URL is for displaying (the default behaviour) ampersands are also replaced. The ‘clean_url’ filter is applied to the returned cleaned URL.

Parameters Parameters

$url

(string) (Required) The URL to be cleaned.

$protocols

(array) (Optional) An array of acceptable protocols. Defaults to return value of wp_allowed_protocols()

Default value: null

$_context

(string) (Optional) Private. Use esc_url_raw() for database usage.

Default value: 'display'

Top ↑

Return Return

(string) The cleaned $url after the 'clean_url' filter is applied.

Top ↑

Source Source

File: wp-includes/formatting.php 

function esc_url( $url, $protocols = null, $_context = 'display' ) {
	$original_url = $url;

	if ( '' == $url ) {
		return $url;
	}

	$url = str_replace( ' ', '%20', $url );
	$url = preg_replace( '|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url );

	if ( '' === $url ) {
		return $url;
	}

	if ( 0 !== stripos( $url, 'mailto:' ) ) {
		$strip = array( '%0d', '%0a', '%0D', '%0A' );
		$url   = _deep_replace( $strip, $url );
	}

	$url = str_replace( ';//', '://', $url );
	/* If the URL doesn't appear to contain a scheme, we
	 * presume it needs http:// prepended (unless a relative
	 * link starting with /, # or ? or a php file).
	 */
	if ( strpos( $url, ':' ) === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
		! preg_match( '/^[a-z0-9-]+?\.php/i', $url ) ) {
		$url = 'http://' . $url;
	}

	// Replace ampersands and single quotes only when displaying.
	if ( 'display' == $_context ) {
		$url = wp_kses_normalize_entities( $url );
		$url = str_replace( '&', '&', $url );
		$url = str_replace( "'", ''', $url );
	}

	if ( ( false !== strpos( $url, '[' ) ) || ( false !== strpos( $url, ']' ) ) ) {

		$parsed = wp_parse_url( $url );
		$front  = '';

		if ( isset( $parsed['scheme'] ) ) {
			$front .= $parsed['scheme'] . '://';
		} elseif ( '/' === $url[0] ) {
			$front .= '//';
		}

		if ( isset( $parsed['user'] ) ) {
			$front .= $parsed['user'];
		}

		if ( isset( $parsed['pass'] ) ) {
			$front .= ':' . $parsed['pass'];
		}

		if ( isset( $parsed['user'] ) || isset( $parsed['pass'] ) ) {
			$front .= '@';
		}

		if ( isset( $parsed['host'] ) ) {
			$front .= $parsed['host'];
		}

		if ( isset( $parsed['port'] ) ) {
			$front .= ':' . $parsed['port'];
		}

		$end_dirty = str_replace( $front, '', $url );
		$end_clean = str_replace( array( '[', ']' ), array( '%5B', '%5D' ), $end_dirty );
		$url       = str_replace( $end_dirty, $end_clean, $url );

	}

	if ( '/' === $url[0] ) {
		$good_protocol_url = $url;
	} else {
		if ( ! is_array( $protocols ) ) {
			$protocols = wp_allowed_protocols();
		}
		$good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
		if ( strtolower( $good_protocol_url ) != strtolower( $url ) ) {
			return '';
		}
	}

	/**
	 * Filters a string cleaned and escaped for output as a URL.
	 *
	 * @since 2.3.0
	 *
	 * @param string $good_protocol_url The cleaned URL to be returned.
	 * @param string $original_url      The URL prior to cleaning.
	 * @param string $_context          If 'display', replace ampersands and single quotes only.
	 */
	return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context );
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
2.8.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/class-pop3.php: stripos()
wp-includes/http.php: wp_parse_url()

A wrapper for PHP’s parse_url() function that handles consistency in the return values across PHP versions.
wp-includes/formatting.php: _deep_replace()

Perform a deep string replace operation to ensure the values in $search are no longer present
wp-includes/formatting.php: clean_url

Filters a string cleaned and escaped for output as a URL.
wp-includes/kses.php: wp_kses_normalize_entities()

Converts and fixes HTML entities.
wp-includes/kses.php: wp_kses_bad_protocol()

Sanitizes a string and removed disallowed URL protocols.
wp-includes/functions.php: wp_allowed_protocols()

Retrieve a list of protocols to allow in HTML attributes.
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
Show 3 more uses Hide more uses

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/functions.php: wp_direct_php_update_button()

Display a button directly linking to a PHP update process.
wp-includes/functions.php: wp_update_php_annotation()

Prints the default annotation for the web host altering the “Update PHP” page URL.
wp-admin/includes/dashboard.php: wp_dashboard_php_nag()

Displays the PHP update nag.
wp-includes/blocks/latest-comments.php: render_block_core_latest_comments()

Renders the core/latest-comments block on server.
wp-includes/blocks/latest-posts.php: render_block_core_latest_posts()

Renders the core/latest-posts block on server.
wp-includes/script-loader.php: wp_get_script_polyfill()

Returns contents of an inline script used in appending polyfill scripts for browsers which fail the provided tests. The provided array is a mapping from a condition to verify feature support to its polyfill script handle.
wp-admin/includes/template.php: do_block_editor_incompatible_meta_box()

Function that renders a “fake” meta box with an information message, shown on the block editor, when an incompatible meta box is found.
wp-admin/includes/post.php: the_block_editor_meta_box_post_form_hidden_fields()

Renders the hidden form required for the meta boxes form.
wp-includes/comment.php: wp_comments_personal_data_exporter()

Finds and exports personal data associated with an email address from the comments table.
wp-includes/link-template.php: get_the_privacy_policy_link()

Returns the privacy policy link with formatting, when applicable.
wp-admin/includes/misc.php: WP_Privacy_Policy_Content::policy_text_changed_notice()

Output a warning when some privacy info has changed.
wp-admin/includes/file.php: wp_privacy_generate_personal_data_export_group_html()

Generate a single group for the personal data export report.
wp-admin/includes/user.php: WP_Privacy_Requests_Table::column_email()

Actions column. Overridden by children.
wp-admin/includes/user.php: WP_Privacy_Data_Export_Requests_Table::column_email()

Actions column.
wp-admin/includes/user.php: WP_Privacy_Data_Export_Requests_Table::column_next_steps()

Displays the next steps column.
wp-admin/includes/user.php: WP_Privacy_Data_Removal_Requests_Table::column_email()

Actions column.
wp-admin/includes/user.php: WP_Privacy_Data_Removal_Requests_Table::column_next_steps()

Next steps column.
wp-admin/includes/user.php: WP_Privacy_Requests_Table::get_views()

Get an associative array ( id => link ) with the list of views available on this table.
wp-includes/widgets/class-wp-widget-custom-html.php: WP_Widget_Custom_HTML::add_help_text()

Add help text to widgets admin screen.
wp-includes/ms-functions.php: update_network_option_new_admin_email()

Send a confirmation request email when a change of network admin email address is attempted.
wp-admin/press-this.php: wp_load_press_this()
wp-admin/includes/misc.php: wp_print_plugin_file_tree()

Outputs the formatted file list for the plugin editor.
wp-admin/includes/misc.php: wp_print_theme_file_tree()

Outputs the formatted file list for the theme editor.
wp-includes/category-template.php: get_term_parents_list()

Retrieve term parents with separator.
wp-includes/widgets/class-wp-widget-media-audio.php: WP_Widget_Media_Audio::__construct()

Constructor.
wp-includes/widgets/class-wp-widget-media-video.php: WP_Widget_Media_Video::__construct()

Constructor.
wp-includes/widgets/class-wp-widget-media.php: WP_Widget_Media::__construct()

Constructor.
wp-includes/widgets/class-wp-widget-media-image.php: WP_Widget_Media_Image::render_media()

Render the media on the frontend.
wp-includes/widgets/class-wp-widget-media-image.php: WP_Widget_Media_Image::__construct()

Constructor.
wp-admin/includes/dashboard.php: wp_print_community_events_markup()

Prints the markup for the Community Events section of the Events and News Dashboard widget.
wp-admin/includes/dashboard.php: wp_dashboard_events_news()

Renders the Events and News dashboard widget.
wp-includes/theme.php: get_header_video_url()

Retrieve header video URL for custom header.
wp-includes/theme.php: the_header_video_url()

Display header video URL.
wp-includes/general-template.php: wp_resource_hints()

Prints resource hints to browsers for pre-fetching, pre-rendering and pre-connecting to web sites.
wp-admin/includes/ms.php: network_edit_site_nav()

Outputs the HTML for a network’s “Edit Site” tabular interface.
wp-includes/embed.php: the_embed_site_title()

Prints the necessary markup for the site title in an embed template.
wp-includes/general-template.php: get_custom_logo()

Returns a custom logo, linked to home.
wp-includes/customize/class-wp-customize-site-icon-control.php: WP_Customize_Site_Icon_Control::content_template()

Renders a JS template for the content of the site icon control.
wp-includes/rest-api.php: rest_output_rsd()

Adds the REST API URL to the WP RSD endpoint.
wp-includes/rest-api.php: rest_output_link_wp_head()

Outputs the REST API link tag into page header.
wp-includes/embed.php: wp_filter_oembed_result()

Filters the given oEmbed HTML.
wp-includes/embed.php: wp_embed_excerpt_more()

Filters the string in the ‘more’ link displayed after a trimmed excerpt.
wp-includes/embed.php: wp_oembed_add_discovery_links()

Adds oEmbed discovery links in the website .
wp-includes/embed.php: get_post_embed_html()

Retrieves the embed code for a specific post.
wp-includes/author-template.php: get_the_author_posts_link()

Retrieves an HTML link to the author page of the current post’s author.
wp-includes/post-thumbnail-template.php: the_post_thumbnail_url()

Display the post thumbnail URL.
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::get_edit_link()

Helper to create links to edit.php with params.
wp-includes/general-template.php: wp_site_icon()

Display site icon meta tags.
wp-includes/general-template.php: site_icon_url()

Displays the Site Icon URL.
wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::handle_row_actions()

Generates and displays row action links.
wp-admin/includes/class-wp-ms-themes-list-table.php: WP_MS_Themes_List_Table::column_name()

Handles the name column output.
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::handle_row_actions()

Generate and display row actions links.
wp-admin/includes/class-wp-ms-sites-list-table.php: WP_MS_Sites_List_Table::handle_row_actions()

Generates and displays row action links.
wp-admin/includes/class-wp-ms-sites-list-table.php: WP_MS_Sites_List_Table::column_blogname()

Handles the site name column output.
wp-admin/includes/class-wp-ms-sites-list-table.php: WP_MS_Sites_List_Table::column_users()

Handles the users column output.
wp-admin/includes/class-wp-terms-list-table.php: WP_Terms_List_Table::handle_row_actions()

Generates and displays row action links.
wp-admin/includes/class-wp-ms-users-list-table.php: WP_MS_Users_List_Table::handle_row_actions()

Generates and displays row action links.
wp-admin/includes/class-wp-ms-users-list-table.php: WP_MS_Users_List_Table::column_username()

Handles the username column output.
wp-admin/includes/class-wp-ms-users-list-table.php: WP_MS_Users_List_Table::column_email()

Handles the email column output.
wp-admin/includes/class-wp-ms-users-list-table.php: WP_MS_Users_List_Table::column_blogs()

Handles the sites column output.
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_author()

Handles the author column output.
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_default()

Handles output for the default column.
wp-admin/includes/misc.php: wp_admin_canonical_url()

Remove single-use URL parameters and create canonical link based on new URL.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::remove_panel()

Remove a customize panel.
wp-login.php: login_footer()

Outputs the footer for the login page.
wp-login.php: login_header()

Output the login page header.
wp-signup.php: signup_another_blog()

Allow returning users to sign up for another site
wp-signup.php: confirm_another_blog_signup()

Confirm a new site signup.
wp-admin/includes/network.php: network_step1()

Prints step 1 for Network installation process.
wp-admin/includes/network.php: network_step2()

Prints step 2 for Network installation process.
wp-admin/install.php: display_header()

Display installation header.
wp-admin/includes/theme.php: wp_prepare_themes_for_js()

Prepare themes for JavaScript.
wp-admin/includes/theme.php: get_theme_update_available()

Retrieve the update link if there is a theme update available.
wp-admin/includes/class-wp-screen.php: WP_Screen::render_screen_meta()

Render the screen’s help section.
wp-admin/includes/class-wp-plugins-list-table.php: WP_Plugins_List_Table::single_row()
wp-admin/includes/class-wp-plugins-list-table.php: WP_Plugins_List_Table::no_items()
wp-admin/includes/class-theme-upgrader-skin.php: Theme_Upgrader_Skin::after()
wp-admin/includes/class-theme-installer-skin.php: Theme_Installer_Skin::after()
wp-admin/includes/class-wp-list-table.php: WP_List_Table::view_switcher()

Display a view switcher
wp-admin/includes/class-wp-list-table.php: WP_List_Table::comments_bubble()

Display a comment count bubble
wp-admin/includes/class-wp-list-table.php: WP_List_Table::pagination()

Display the pagination.
wp-admin/includes/class-wp-list-table.php: WP_List_Table::print_column_headers()

Print column headers, accounting for hidden and sortable columns.
wp-admin/includes/ms.php: _access_denied_splash()

Displays an access denied message when a user tries to view a site’s dashboard they do not have access to.
wp-admin/includes/ms.php: site_admin_notice()

Displays an admin notice to upgrade all sites after a core upgrade.
wp-admin/includes/ms.php: choose_primary_blog()

Handles the display of choosing a user’s primary site.
wp-admin/includes/misc.php: update_option_new_admin_email()

Send a confirmation request email when a change of site admin email address is attempted.
wp-includes/user.php: send_confirmation_on_profile_email()

Send a confirmation request email when a change of user email address is attempted.
wp-admin/includes/class-wp-ms-themes-list-table.php: WP_MS_Themes_List_Table::get_views()
wp-admin/includes/misc.php: admin_color_scheme_picker()

Display the default admin color scheme picker (Used in user-edit.php)
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::install_theme_info()

Prints the info for a theme (to be used in the theme installer modal).
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::single_row()

Prints a theme from the WordPress.org API.
wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::theme_installer_single()

Prints the wrapper for the theme installer with a provided theme’s data.
wp-admin/includes/update.php: update_nag()
wp-admin/includes/update.php: wp_plugin_update_row()

Displays update information for a plugin.
wp-admin/includes/update.php: wp_theme_update_row()

Displays update information for a theme.
wp-admin/includes/plugin-install.php: install_dashboard()
wp-admin/includes/plugin-install.php: install_plugin_information()

Display plugin information in dialog box form.
wp-admin/includes/deprecated.php: wp_dashboard_plugins_output()

Display plugins text for the WordPress news widget.
wp-admin/includes/dashboard.php: wp_dashboard_quota()

Display file upload quota on dashboard.
wp-admin/includes/dashboard.php: wp_dashboard_browser_nag()
wp-admin/includes/dashboard.php: wp_add_dashboard_widget()

Adds a new dashboard widget.
wp-admin/includes/dashboard.php: wp_dashboard_quick_press()

The Quick Draft widget display and creation of drafts.
wp-admin/includes/dashboard.php: wp_dashboard_recent_drafts()

Show recent drafts of the user on the dashboard.
wp-admin/includes/dashboard.php: _wp_dashboard_recent_comments_row()

Outputs a row for the Recent Comments widget.
wp-admin/includes/plugin.php: menu_page_url()

Get the url to access a particular menu page based on the slug it was registered with.
wp-admin/includes/upgrade.php: wp_install_defaults()

Creates the initial content for a newly-installed site.
wp-admin/includes/plugin.php: _get_plugin_data_markup_translate()

Sanitizes plugin data, optionally adds markup, optionally translates.
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
wp-admin/includes/template.php: wp_import_upload_form()

Outputs the form used by the importers to accept the data to be imported
wp-admin/includes/class-wp-themes-list-table.php: WP_Themes_List_Table::display_rows()
wp-admin/includes/class-wp-users-list-table.php: WP_Users_List_Table::single_row()

Generate HTML for a single row on the users.php admin panel.
wp-admin/includes/class-wp-users-list-table.php: WP_Users_List_Table::get_views()

Return an associative array listing all the views that can be used with this table.
wp-admin/includes/media.php: media_upload_type_form()

Outputs the legacy media upload form for a given media type.
wp-admin/includes/media.php: media_upload_type_url_form()

Outputs the legacy media upload form for external media.
wp-admin/includes/media.php: media_upload_gallery_form()

Adds gallery form to upload iframe
wp-admin/includes/media.php: media_upload_library_form()

Outputs the legacy media upload form for the media library.
wp-admin/includes/media.php: media_upload_max_image_resize()

Displays the checkbox to scale images.
wp-admin/includes/media.php: wp_media_upload_handler()

Handles the process of uploading media.
wp-admin/includes/media.php: the_media_upload_tabs()

Outputs the legacy media upload tabs UI.
wp-admin/includes/post.php: get_sample_permalink_html()

Returns the HTML of the sample permalink slug editor.
wp-admin/includes/post.php: _wp_post_thumbnail_html()

Output HTML for the post thumbnail meta-box.
wp-admin/includes/post.php: _admin_notice_post_locked()

Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post.
wp-admin/includes/ajax-actions.php: wp_ajax_send_attachment_to_editor()

Ajax handler for sending an attachment to the editor.
wp-admin/includes/ajax-actions.php: wp_ajax_send_link_to_editor()

Ajax handler for sending a link to the editor.
wp-admin/includes/meta-boxes.php: post_submit_meta_box()

Displays post submit form fields.
wp-admin/includes/bookmark.php: edit_link()

Updates or inserts a link using values provided in $_POST.
wp-admin/includes/bookmark.php: get_default_link_to_edit()

Retrieves the default link for editing.
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_author()
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_date()
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::column_comment()
wp-admin/includes/class-wp-terms-list-table.php: WP_Terms_List_Table::column_name()
wp-admin/includes/class-wp-terms-list-table.php: WP_Terms_List_Table::column_posts()
wp-admin/includes/class-walker-nav-menu-edit.php: Walker_Nav_Menu_Edit::start_el()

Start the element output.
wp-admin/includes/nav-menu.php: wp_nav_menu_item_post_type_meta_box()

Displays a meta box for a post type menu item.
wp-admin/includes/nav-menu.php: wp_nav_menu_item_taxonomy_meta_box()

Displays a meta box for a taxonomy menu item.
wp-admin/includes/file.php: request_filesystem_credentials()

Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem.
wp-admin/includes/widgets.php: wp_widget_control()

Meta widget used to display the control form for a widget.
wp-admin/includes/comment.php: get_comment_to_edit()

Returns a WP_Comment object based on comment ID.
wp-admin/includes/credits.php: _wp_credits_add_profile_link()

Retrieve the link to a contributor’s WordPress.org profile page.
wp-admin/includes/credits.php: _wp_credits_build_object_link()

Retrieve the link to an external library used in WordPress.
wp-admin/custom-header.php: Custom_Image_Header::step_1()

Display first step of custom header image page.
wp-admin/custom-header.php: Custom_Image_Header::step_2()

Display second step of custom header image page.
wp-admin/includes/ms.php: confirm_delete_users()
wp-admin/update-core.php: list_core_update()
wp-admin/update-core.php: core_upgrade_preamble()

Display upgrade WordPress for downloading latest or upgrading automatically form.
wp-admin/update-core.php: list_plugin_updates()
wp-admin/update-core.php: list_theme_updates()
wp-admin/update-core.php: list_translation_updates()
wp-admin/update-core.php: do_core_upgrade()

Upgrade WordPress core display.
wp-admin/custom-background.php: Custom_Background::admin_page()

Display the custom background page.
wp-admin/menu-header.php: _wp_menu_output()

Display menu.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::register_controls()

Register some default controls.
wp-includes/class.wp-styles.php: WP_Styles::_css_href()

Generates an enqueued style’s fully-qualified URL.
wp-includes/class-walker-category.php: Walker_Category::start_el()

Starts the element output.
wp-includes/category-template.php: get_the_term_list()

Retrieve a post’s terms as a list with specified format.
wp-includes/category-template.php: wp_generate_tag_cloud()

Generates a tag cloud (heatmap) from provided data.
wp-includes/theme.php: wp_customize_url()

Returns a URL to load the Customizer.
wp-includes/category-template.php: get_the_category_list()

Retrieve category list for a post in either HTML list or custom format.
wp-includes/category-template.php: wp_list_categories()

Display or retrieve the HTML list of categories.
wp-includes/theme.php: _wp_customize_loader_settings()

Adds settings for the customize-loader script.
wp-includes/theme.php: header_image()

Display header image URL.
wp-includes/formatting.php: esc_url_raw()

Performs esc_url() for database usage.
wp-includes/formatting.php: _make_url_clickable_cb()

Callback to convert URI match to HTML A element.
wp-includes/formatting.php: _make_web_ftp_clickable_cb()

Callback to convert URL match to HTML A element.
wp-includes/formatting.php: translate_smiley()

Convert one smiley code to the icon graphic file equivalent.
wp-includes/pluggable.php: get_avatar()

Retrieve the avatar <img> tag for a user, email address, MD5 hash, comment, or post.
wp-includes/general-template.php: paginate_links()

Retrieve paginated link for archive post pages.
wp-includes/general-template.php: wp_admin_css()

Enqueues or directly prints a stylesheet link to the specified CSS file.
wp-includes/general-template.php: feed_links()

Display the links to the general feeds.
wp-includes/general-template.php: feed_links_extra()

Display the links to the extra feeds such as category feeds.
wp-includes/general-template.php: rsd_link()

Display the link to the Really Simple Discovery service endpoint.
wp-includes/general-template.php: get_archives_link()

Retrieve archive link content based on predefined or custom code.
wp-includes/general-template.php: wp_loginout()

Display the Log In/Out link.
wp-includes/general-template.php: wp_login_form()

Provides a simple login form for use anywhere within WordPress.
wp-includes/general-template.php: wp_register()

Display the Registration or Admin link.
wp-includes/general-template.php: get_search_form()

Display search form.
wp-includes/deprecated.php: get_index_rel_link()

Get site index relational link.
wp-includes/deprecated.php: clean_url()

Checks and cleans a URL.
wp-includes/deprecated.php: comments_rss()

Return link to the post RSS feed.
wp-includes/deprecated.php: get_links()

Gets the links associated with category by id.
wp-includes/class-wp-theme.php: WP_Theme::markup_header()

Mark up a theme header.
wp-includes/functions.php: wp_auth_check_html()

Output the HTML that shows the wp-login dialog when the user is no longer logged in.
wp-includes/functions.php: wp_nonce_ays()

Display “Are You Sure” message to confirm the action being taken.
wp-includes/functions.php: _default_wp_die_handler()

Kills WordPress execution and display HTML message with error message.
wp-includes/widgets/class-wp-widget-rss.php: WP_Widget_RSS::widget()

Outputs the content for the current RSS widget instance.
wp-includes/widgets/class-wp-widget-recent-comments.php: WP_Widget_Recent_Comments::widget()

Outputs the content for the current Recent Comments widget instance.
wp-includes/widgets/class-wp-widget-categories.php: WP_Widget_Categories::widget()

Outputs the content for the current Categories widget instance.
wp-includes/widgets/class-wp-widget-meta.php: WP_Widget_Meta::widget()

Outputs the content for the current Meta widget instance.
wp-includes/widgets.php: wp_widget_rss_output()

Display the RSS entries in a list.
wp-includes/widgets.php: wp_widget_rss_form()

Display RSS widget options form.
wp-includes/widgets.php: wp_widget_rss_process()

Process RSS feed widget data and optionally retrieve feed items.
wp-includes/class-wp-embed.php: WP_Embed::maybe_make_link()

Conditionally makes a hyperlink based on an internal class variable.
wp-includes/link-template.php: rel_canonical()

Outputs rel=canonical for singular queries.
wp-includes/link-template.php: wp_shortlink_wp_head()

Injects rel=shortlink into the head if a shortlink is defined for the current page.
wp-includes/link-template.php: the_shortlink()

Displays the shortlink for a post.
wp-includes/link-template.php: get_next_comments_link()

Retrieves the link to the next comments page.
wp-includes/link-template.php: get_previous_comments_link()

Retrieves the link to the previous comments page.
wp-includes/link-template.php: get_pagenum_link()

Retrieves the link for a page number.
wp-includes/link-template.php: next_posts()

Displays or retrieves the next posts page link.
wp-includes/link-template.php: previous_posts()

Displays or retrieves the previous posts page link.
wp-includes/link-template.php: edit_post_link()

Displays the edit post link for post.
wp-includes/link-template.php: edit_comment_link()

Displays the edit comment link with formatting.
wp-includes/link-template.php: edit_bookmark_link()

Displays the edit bookmark link anchor content.
wp-includes/link-template.php: the_feed_link()

Displays the permalink for the feed type.
wp-includes/link-template.php: post_comments_feed_link()

Displays the comment feed link for a post.
wp-includes/class-wp-admin-bar.php: WP_Admin_Bar::_render()
wp-includes/class-wp-admin-bar.php: WP_Admin_Bar::_render_item()
wp-includes/link-template.php: the_permalink()

Displays the permalink for the current post.
wp-includes/update.php: wp_version_check()

Check WordPress version against the newest version.
wp-includes/class-oembed.php: WP_oEmbed::data2html()

Converts a data object from WP_oEmbed::fetch() and returns the HTML.
wp-includes/admin-bar.php: wp_admin_bar_edit_menu()

Provide an edit link for posts and terms.
wp-includes/admin-bar.php: wp_admin_bar_search_menu()

Add search form.
wp-includes/feed.php: rss_enclosure()

Display the rss enclosure for the current post.
wp-includes/feed.php: atom_enclosure()

Display the atom enclosure for the current post.
wp-includes/feed.php: self_link()

Display the link for the currently displayed feed in a XSS safe way.
wp-includes/feed.php: the_permalink_rss()

Display the permalink to the post for use in feeds.
wp-includes/feed.php: comments_link_feed()

Outputs the link to the comments for the current post in an xml safe way
wp-includes/feed.php: comment_guid()

Display the feed GUID for the current comment.
wp-includes/feed.php: comment_link()

Display the link to the comments.
wp-includes/user.php: sanitize_user_field()

Sanitize user field based on context.
wp-includes/bookmark-template.php: _walk_bookmarks()

The formatted output of a list of bookmarks.
wp-includes/class-walker-nav-menu.php: Walker_Nav_Menu::start_el()

Starts the element output.
wp-includes/post-template.php: wp_get_attachment_link()

Retrieve an attachment page link using an image or icon, if possible.
wp-includes/post-template.php: get_the_password_form()

Retrieve protected post password form content.
wp-includes/post-template.php: _wp_link_page()

Helper function for wp_link_pages().
wp-includes/embed.php: wp_embed_handler_audio()

Audio embed handler callback.
wp-includes/embed.php: wp_embed_handler_video()

Video embed handler callback.
wp-includes/media.php: wp_video_shortcode()

Builds the Video shortcode output.
wp-includes/media.php: wp_mediaelement_fallback()

Provides a No-JS Flash fallback as a last resort for audio / video.
wp-includes/media.php: wp_audio_shortcode()

Builds the Audio shortcode output.
wp-includes/ms-functions.php: newblog_notify_siteadmin()

Notifies the network admin that a new site has been activated.
wp-includes/ms-functions.php: newuser_notify_siteadmin()

Notifies the network admin that a new user has been activated.
wp-includes/ms-functions.php: wpmu_signup_blog_notification()

Send a confirmation request email to a user when they sign up for a new site. The new site will not become active until the confirmation link is clicked.
wp-includes/ms-deprecated.php: get_most_active_blogs()

Deprecated functionality to retrieve a list of the most active sites.
wp-includes/class.wp-scripts.php: WP_Scripts::do_item()

Processes a script dependency.
wp-includes/author-template.php: get_the_author_link()

Retrieve either author’s link or author’s name.
wp-includes/author-template.php: wp_list_authors()

List all the authors of the site, with several options available.
wp-includes/ms-blogs.php: get_blogaddress_by_id()

Get a full blog URL, given a blog id.
wp-includes/ms-blogs.php: get_blogaddress_by_name()

Get a full blog URL, given a blog name.
wp-includes/rss.php: wp_rss()

Display all RSS items in a HTML ordered list.
wp-includes/class-walker-comment.php: Walker_Comment::comment()

Outputs a single comment.
wp-includes/class-walker-comment.php: Walker_Comment::html5_comment()

Outputs a comment in the HTML5 format.
wp-includes/comment-template.php: comment_form()

Outputs a complete commenting form for use within a template.
wp-includes/comment-template.php: get_comment_reply_link()

Retrieve HTML content for reply to comment link.
wp-includes/comment-template.php: comments_template()

Load the comment template specified in $file.
wp-includes/comment-template.php: comments_link()

Display the link to the current post comments.
wp-includes/comment-template.php: get_comment_author_email_link()

Return the html email link to the author of the current comment.
wp-includes/comment-template.php: get_comment_author_url()

Retrieve the url of the author of the current comment.
wp-includes/script-loader.php: wp_default_scripts()

Register all WordPress scripts.
wp-includes/comment.php: wp_set_comment_cookies()

Sets the cookies used to store an unauthenticated commentator’s identity. Typically used to recall previous comments by this commentator that are still held in moderation.
wp-includes/media-template.php: wp_print_media_templates()

Prints the templates used in the media manager.
Show 246 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Elio Rivero

    If the URI protocol is not one of the allowed protocols, the result of esc_url() is an empty string. The list of default protocols allowed by WordPress can be extended with the following code:

    <?php
/**
 * Extend list of allowed protocols.
 *
 * @param array $protocols List of default protocols allowed by WordPress.
 *
 * @return array $protocols Updated list including new protocols.
 */
function wporg_extend_allowed_protocols( $protocols ){
	$protocols[] = 'skype';
	$protocols[] = 'spotify';
	$protocols[] = 'macappstores';
	return $protocols;
}
add_filter( 'kses_allowed_protocols' , 'wporg_extend_allowed_protocols' );
?>

    Expand full source codeCollapse full source code

You must log in before being able to contribute a note or feedback.