wp_kses_attr

Advertisement

Summery Summery

Removes all attributes, if none are allowed for this element.

Syntax Syntax

wp_kses_attr( string $element, string $attr, array $allowed_html, string[] $allowed_protocols )

Description Description

If some are allowed it calls wp_kses_hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes < and > characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.

Parameters Parameters

$element

(string) (Required) HTML element/tag.

$attr

(string) (Required) HTML attributes from HTML element to closing HTML element tag.

$allowed_html

(array) (Required) Allowed HTML elements.

$allowed_protocols

(string[]) (Required) Array of allowed URL protocols.

Return Return

(string) Sanitized HTML element.

Source Source

File: wp-includes/kses.php

	// They are using a not allowed HTML element.
	if ( ! isset( $allowed_html[ strtolower( $elem ) ] ) ) {
		return '';
	}

	// No attributes are allowed for closing elements.
	if ( '' !== $slash ) {
		return "</$elem>";
	}

	return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
}

/**
 * Removes all attributes, if none are allowed for this element.
 *
 * If some are allowed it calls `wp_kses_hair()` to split them further, and then
 * it builds up new HTML code from the data that `kses_hair()` returns. It also
 * removes `<` and `>` characters, if there are any left. One more thing it does
 * is to check if the tag has a closing XHTML slash, and if it does, it puts one
 * in the returned code as well.
 *
 * @since 1.0.0
 *
 * @param string         $element           HTML element/tag.
 * @param string         $attr              HTML attributes from HTML element to closing HTML element tag.
 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
 *                                          for the list of accepted context names.
 * @param string[]       $allowed_protocols Array of allowed URL protocols.
 * @return string Sanitized HTML element.
 */
function wp_kses_attr( $element, $attr, $allowed_html, $allowed_protocols ) {

Advertisement

Changelog Changelog

Changelog
Version Description
1.0.0 Introduced.

Advertisement

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.