Question

wp_kses_attr( string $element,  string $attr,  array $allowed_html,  array $allowed_protocols )

Removes all attributes, if none are allowed for this element.

---

description

If some are allowed it calls wp_kses_hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.

---

参数

$element

(string) (Required) HTML element/tag

$attr

(string) (Required) HTML attributes from HTML element to closing HTML element tag

$allowed_html

(array) (Required) Allowed HTML elements

$allowed_protocols

(array) (Required) Allowed protocols to keep

---

返回值

(string) Sanitized HTML element

---

源代码

File: wp-includes/kses.php

function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
	if ( ! is_array( $allowed_html ) )
		$allowed_html = wp_kses_allowed_html( $allowed_html );

	// Is there a closing XHTML slash at the end of the attributes?
	$xhtml_slash = '';
	if (preg_match('%\s*/\s*$%', $attr))
		$xhtml_slash = ' /';

	// Are any attributes allowed at all for this element?
	if ( ! isset( $allowed_html[ strtolower( $element ) ] ) || true === $allowed_html[ strtolower( $element ) ] || count( $allowed_html[ strtolower( $element ) ] ) == 0 ) {
		return "<$element$xhtml_slash>";
	}

	// Split it
	$attrarr = wp_kses_hair($attr, $allowed_protocols);

	// Go through $attrarr, and save the allowed attributes for this element
	// in $attr2
	$attr2 = '';
	foreach ( $attrarr as $arreach ) {
		if ( wp_kses_attr_check( $arreach['name'], $arreach['value'], $arreach['whole'], $arreach['vless'], $element, $allowed_html ) ) {
			$attr2 .= ' '.$arreach['whole'];
		}
	}

	// Remove any "<" or ">" characters
	$attr2 = preg_replace('/[<>]/', '', $attr2);

	return "<$element$attr2$xhtml_slash>";
}

---

更新日志

Version	description
1.0.0	Introduced.

---

相关函数

Uses

• wp-includes/kses.php: wp_kses_attr_check()
• wp-includes/kses.php: wp_kses_hair()
• wp-includes/kses.php: wp_kses_allowed_html()

---

Used By

• wp-includes/kses.php: wp_kses_split2()

---

User Contributed Notes