W3cubDocs

/WordPress

wp_kses( string $string, array[]|string $allowed_html, string[] $allowed_protocols = array() )

Filters text content and strips out disallowed HTML.

Description

This function makes sure that only the allowed HTML element names, attribute names, attribute values, and HTML entities will occur in the given text string.

This function expects unslashed data.

See also

Parameters

$string

(string) (Required) Text content to filter.

$allowed_html

(array[]|string) (Required) An array of allowed HTML elements and attributes, or a context name such as 'post'.

$allowed_protocols

(string[]) (Optional) Array of allowed URL protocols.

Default value: array()

Return

(string) Filtered content containing only the allowed HTML.

Source

File: wp-includes/kses.php

function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
	if ( empty( $allowed_protocols ) ) {
		$allowed_protocols = wp_allowed_protocols();
	}
	$string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
	$string = wp_kses_normalize_entities( $string );
	$string = wp_kses_hook( $string, $allowed_html, $allowed_protocols );
	return wp_kses_split( $string, $allowed_html, $allowed_protocols );
}

Changelog

Version Description
1.0.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_kses