wp_kses_attr

Removes all attributes, if none are allowed for this element.

Description

(string) wp_kses_attr( (string) $element, (string) $attr, (array) $allowed_html, (array) $allowed_protocols ); 

If some are allowed it calls wp_kses_hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes < and > characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.

Returns (string)

Sanitized HTML element

Parameters (4)

0. $element (string)
HTML element/tag
1. $attr (string)
HTML attributes from HTML element to closing HTML element tag
2. $allowed_html (array)
Allowed HTML elements
3. $allowed_protocols (array)
Allowed protocols to keep

Usage

  1. if ( !function_exists( 'wp_kses_attr' ) ) { 
  2. require_once ABSPATH . WPINC . '/kses.php'; 
  3.  
  4. // HTML element/tag 
  5. $element = ''; 
  6.  
  7. // HTML attributes from HTML element to closing HTML element tag 
  8. $attr = ''; 
  9.  
  10. // Allowed HTML elements 
  11. $allowed_html = array(); 
  12.  
  13. // Allowed protocols to keep 
  14. $allowed_protocols = array(); 
  15.  
  16. // NOTICE! Understand what this does before running. 
  17. $result = wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols); 
  18.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/kses.php  
  1. function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) { 
  2. if ( ! is_array( $allowed_html ) ) 
  3. $allowed_html = wp_kses_allowed_html( $allowed_html ); 
  4.  
  5. // Is there a closing XHTML slash at the end of the attributes? 
  6. $xhtml_slash = ''; 
  7. if (preg_match('%\s*/\s*$%', $attr)) 
  8. $xhtml_slash = ' /'; 
  9.  
  10. // Are any attributes allowed at all for this element? 
  11. if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 ) 
  12. return "<$element$xhtml_slash>"; 
  13.  
  14. // Split it 
  15. $attrarr = wp_kses_hair($attr, $allowed_protocols); 
  16.  
  17. // Go through $attrarr, and save the allowed attributes for this element 
  18. // in $attr2 
  19. $attr2 = ''; 
  20. foreach ( $attrarr as $arreach ) { 
  21. if ( wp_kses_attr_check( $arreach['name'], $arreach['value'], $arreach['whole'], $arreach['vless'], $element, $allowed_html ) ) { 
  22. $attr2 .= ' '.$arreach['whole']; 
  23.  
  24. // Remove any "<" or ">" characters 
  25. $attr2 = preg_replace('/[<>]/', '', $attr2); 
  26.  
  27. return "<$element$attr2$xhtml_slash>";