wp_kses

Filters content and keeps only allowable HTML elements.

Description

(string) wp_kses( (string) $string, (array) $allowed_html, (array) $allowed_protocols = array() ); 

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function.

The default allowed protocols are http,, https, ftp , mailto., news, 'irc', gopher, nntp, feed, telnet, mms', rtsp and svn. This covers all common link protocols, except for javascript which should not be allowed for untrusted users.

Returns (string)

Filtered content with only allowed HTML elements

Parameters (3)

0. $string (string)
Content to filter through kses
1. $allowed_html (array)
List of allowed HTML elements
2. $allowed_protocols — Optional. (array) => array()
Allowed protocol in links.

Usage

  1. if ( !function_exists( 'wp_kses' ) ) { 
  2. require_once ABSPATH . WPINC . '/kses.php'; 
  3.  
  4. // Content to filter through kses 
  5. $string = ''; 
  6.  
  7. // List of allowed HTML elements 
  8. $allowed_html = array(); 
  9.  
  10. // Optional. Allowed protocol in links. 
  11. $allowed_protocols = array(); 
  12.  
  13. // NOTICE! Understand what this does before running. 
  14. $result = wp_kses($string, $allowed_html, $allowed_protocols); 
  15.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/kses.php  
  1. function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) { 
  2. if ( empty( $allowed_protocols ) ) 
  3. $allowed_protocols = wp_allowed_protocols(); 
  4. $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) ); 
  5. $string = wp_kses_normalize_entities($string); 
  6. $string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook 
  7. return wp_kses_split($string, $allowed_html, $allowed_protocols);