wp_kses_bad_protocol() │ WP 1.0.0

Sanitizes a string and removed disallowed URL protocols.

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won't be fooled by a string like javascript:javascript:alert(57).

Хуков нет.

Возвращает

Строку. Filtered content.

Использование

wp_kses_bad_protocol( $content, $allowed_protocols );

$content(строка) (обязательный): Content to filter bad protocols from.
$allowed_protocols(string[]) (обязательный): Array of allowed URL protocols.

Список изменений

С версии 1.0.0

Введена.

Код `wp_kses_bad_protocol() wp kses bad protocol` ^{WP 6.5.2}

wp-includes/kses.php

function wp_kses_bad_protocol( $content, $allowed_protocols ) {
	$content = wp_kses_no_null( $content );

	// Short-circuit if the string starts with `https://` or `http://`. Most common cases.
	if (
		( str_starts_with( $content, 'https://' ) && in_array( 'https', $allowed_protocols, true ) ) ||
		( str_starts_with( $content, 'http://' ) && in_array( 'http', $allowed_protocols, true ) )
	) {
		return $content;
	}

	$iterations = 0;

	do {
		$original_content = $content;
		$content          = wp_kses_bad_protocol_once( $content, $allowed_protocols );
	} while ( $original_content !== $content && ++$iterations < 6 );

	if ( $original_content !== $content ) {
		return '';
	}

	return $content;
}

wp_kses_bad_protocol() │ WP 1.0.0

Возвращает

Использование

Список изменений

Код wp_kses_bad_protocol() wp kses bad protocol WP 6.5.2

Код `wp_kses_bad_protocol() wp kses bad protocol` ^{WP 6.5.2}