Summery Summery

Sanitizes a string and removed disallowed URL protocols.

Syntax Syntax

wp_kses_bad_protocol( string $string, string[] $allowed_protocols )

Description Description

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won’t be fooled by a string like javascript:javascript:alert(57).

Parameters Parameters


(Required) Content to filter bad protocols from.


(Required) Array of allowed URL protocols.

Return Return

(string) Filtered content.

Source Source

File: wp-includes/kses.php


		case 'valueless':
			 * The valueless check makes sure if the attribute has a value
			 * (like `<a href="blah">`) or not (`<option selected>`). If the given value
			 * is a "y" or a "Y", the attribute must not have a value.
			 * If the given value is an "n" or an "N", the attribute must have a value.

			if ( strtolower( $checkvalue ) != $vless ) {
				$ok = false;
	} // End switch.


Changelog Changelog

Version Description
1.0.0 Introduced.


Leave a Reply