Question

wp_kses( string $string,  array $allowed_html,  array $allowed_protocols = array() )

Filters content and keeps only allowable HTML elements.

---

description

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP’s magic quotes before you call this function.

The default allowed protocols are ‘http’, ‘https’, ‘ftp’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet, ‘mms’, ‘rtsp’ and ‘svn’. This covers all common link protocols, except for ‘javascript’ which should not be allowed for untrusted users.

---

参数

$string

(string) (Required) Content to filter through kses

$allowed_html

(array) (Required) List of allowed HTML elements

$allowed_protocols

(array) (Optional) Allowed protocol in links.

Default value: array()

---

返回值

(string) Filtered content with only allowed HTML elements

---

源代码

File: wp-includes/kses.php

function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) )
		$allowed_protocols = wp_allowed_protocols();
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities($string);
	$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
	return wp_kses_split($string, $allowed_html, $allowed_protocols);
}

---

更新日志

Version	description
1.0.0	Introduced.

---

相关函数

Uses

• wp-includes/kses.php: wp_kses_no_null()
• wp-includes/kses.php: wp_kses_normalize_entities()
• wp-includes/kses.php: wp_kses_hook()
• wp-includes/kses.php: wp_kses_split()
• wp-includes/functions.php: wp_allowed_protocols()

---

Used By

• wp-includes/embed.php: wp_filter_oembed_result()
• wp-admin/includes/class-wp-press-this.php: WP_Press_This::fetch_源代码_html()
• wp-admin/includes/class-automatic-upgrader-skin.php: Automatic_Upgrader_Skin::feedback()
• wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::install_theme_info()
• wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::single_row()
• wp-admin/includes/update.php: wp_plugin_update_row()
• wp-admin/includes/plugin-install.php: install_plugin_information()
• wp-admin/includes/plugin.php: _get_plugin_data_markup_translate()
• wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows()
• wp-admin/includes/ajax-actions.php: wp_ajax_query_themes()
• wp-includes/kses.php: wp_kses_data()
• wp-includes/kses.php: wp_filter_post_kses()
• wp-includes/kses.php: wp_kses_post()
• wp-includes/kses.php: wp_filter_nohtml_kses()
• wp-includes/kses.php: wp_filter_kses()
• wp-includes/kses.php: wp_kses_split2()
• wp-includes/class-wp-theme.php: WP_Theme::sanitize_header()
• wp-includes/media.php: img_caption_shortcode()
Show 13 more used by Hide more used by

---

User Contributed Notes

1. Skip to note content You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note Contributed by J.D. Grimes

   See wp_kses_allowed_html() and /wp-includes/kses.php to get a list of the possible default values of the allowed HTML tags.

Allowed HTML tags array
This is an example of how to format an array of allowed HTML tags and attributes.

array(
    'a' => array(
        'href' => array(),
        'title' => array()
    ),
    'br' => array(),
    'em' => array(),
    'strong' => array(),
);