wp_allowed_protocols(): string[]

Retrieves a list of protocols to allow in HTML attributes.

Description

Return

string[] Array of allowed protocols. Defaults to an array containing 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'.
This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Source

File: wp-includes/functions.php. View all references

function wp_allowed_protocols() {
	static $protocols = array();

	if ( empty( $protocols ) ) {
		$protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'irc6', 'ircs', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'sms', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' );
	}

	if ( ! did_action( 'wp_loaded' ) ) {
		/**
		 * Filters the list of protocols allowed in HTML attributes.
		 *
		 * @since 3.0.0
		 *
		 * @param string[] $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more.
		 */
		$protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) );
	}

	return $protocols;
}

Hooks

apply_filters( 'kses_allowed_protocols', string[] $protocols ): Filters the list of protocols allowed in HTML attributes.

Uses

Uses	Description
did_action() wp-includes/plugin.php	Retrieves the number of times an action has been fired during the current request.
apply_filters() wp-includes/plugin.php	Calls the callback functions that have been added to a filter hook.

Used By

Used By	Description
wp_rel_callback() wp-includes/formatting.php	Callback to add a rel attribute to HTML A element.
wp_filter_oembed_iframe_title_attribute() wp-includes/embed.php	Filters the given oEmbed HTML to make sure iframes have a title attribute.
wp_targeted_link_rel_callback() wp-includes/formatting.php	Callback to add `rel="noopener"` string to HTML A element.
wp_kses_one_attr() wp-includes/kses.php	Filters one HTML attribute and ensures its value is allowed.
edit_user() wp-admin/includes/user.php	Edit user settings based on contents of $_POST
_links_add_base() wp-includes/formatting.php	Callback to add a base URL to relative links in passed content.
esc_url() wp-includes/formatting.php	Checks and cleans a URL.
safecss_filter_attr() wp-includes/kses.php	Filters an inline style attribute and removes disallowed rules.
wp_kses() wp-includes/kses.php	Filters text content and strips out disallowed HTML.

Changelog

Version	Description
5.6.0	Added `'irc6'` and `'ircs'` to the protocols array.
5.3.0	Added `'sms'` to the protocols array.
4.7.0	Added `'urn'` to the protocols array.
4.3.0	Added `'webcal'` to the protocols array.
3.3.0	Introduced.

© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_allowed_protocols

Docs

Docs4dev

Title here