wp_kses_bad_protocol( string $string, string[] $allowed_protocols ): string

Sanitizes a string and removed disallowed URL protocols.

Description

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won’t be fooled by a string like javascript:javascript:alert(57).

Parameters

$string string Required: Content to filter bad protocols from.
$allowed_protocols string[] Required: Array of allowed URL protocols.

Return

string Filtered content.

Source

File: wp-includes/kses.php. View all references

function wp_kses_bad_protocol( $string, $allowed_protocols ) {
	$string     = wp_kses_no_null( $string );
	$iterations = 0;

	do {
		$original_string = $string;
		$string          = wp_kses_bad_protocol_once( $string, $allowed_protocols );
	} while ( $original_string != $string && ++$iterations < 6 );

	if ( $original_string != $string ) {
		return '';
	}

	return $string;
}

Uses

Uses	Description
wp_kses_no_null() wp-includes/kses.php	Removes any invalid control characters in a text string.
wp_kses_bad_protocol_once() wp-includes/kses.php	Sanitizes content from bad protocols and other characters.

Used By

Used By	Description
wp_kses_one_attr() wp-includes/kses.php	Filters one HTML attribute and ensures its value is allowed.
esc_url() wp-includes/formatting.php	Checks and cleans a URL.
safecss_filter_attr() wp-includes/kses.php	Filters an inline style attribute and removes disallowed rules.
wp_kses_hair() wp-includes/kses.php	Builds an attribute list from string containing attributes.
WP_Http::request() wp-includes/class-wp-http.php	Send an HTTP request to a URI.
wp_http_validate_url() wp-includes/http.php	Validate a URL for safe use in the HTTP API.

Changelog

Version	Description
1.0.0	Introduced.

© 2003–2022 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_kses_bad_protocol

Docs

Docs4dev

Title here