wp_kses_bad_protocol

Sanitize string from bad protocols.

Description

(string) wp_kses_bad_protocol( (string) $string, (array) $allowed_protocols ); 

This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like javascript:javascript:alert(57)..

Returns (string)

Filtered content

Parameters (2)

0. $string (string)
Content to filter bad protocols from
1. $allowed_protocols (array)
Allowed protocols to keep

Usage

  1. if ( !function_exists( 'wp_kses_bad_protocol' ) ) { 
  2. require_once ABSPATH . WPINC . '/kses.php'; 
  3.  
  4. // Content to filter bad protocols from 
  5. $string = ''; 
  6.  
  7. // Allowed protocols to keep 
  8. $allowed_protocols = array(); 
  9.  
  10. // NOTICE! Understand what this does before running. 
  11. $result = wp_kses_bad_protocol($string, $allowed_protocols); 
  12.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/kses.php  
  1. function wp_kses_bad_protocol($string, $allowed_protocols) { 
  2. $string = wp_kses_no_null($string); 
  3. $iterations = 0; 
  4.  
  5. do { 
  6. $original_string = $string; 
  7. $string = wp_kses_bad_protocol_once($string, $allowed_protocols); 
  8. } while ( $original_string != $string && ++$iterations < 6 ); 
  9.  
  10. if ( $original_string != $string ) 
  11. return ''; 
  12.  
  13. return $string;