A WordPress-centric search engine for devs and theme authors



wp_kses_bad_protocol ›

Since1.0.0
Deprecatedn/a
wp_kses_bad_protocol ( $string, $allowed_protocols )
Parameters: (2)
  • (string) $string Content to filter bad protocols from
    Required: Yes
  • (array) $allowed_protocols Allowed protocols to keep
    Required: Yes
Returns:
  • (string) Filtered content
Defined at:
Codex:

Sanitize string from bad protocols.

This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)".



Source

function wp_kses_bad_protocol($string, $allowed_protocols) {
	$string = wp_kses_no_null($string);
	$iterations = 0;

	do {
		$original_string = $string;
		$string = wp_kses_bad_protocol_once($string, $allowed_protocols);
	} while ( $original_string != $string && ++$iterations < 6 );

	if ( $original_string != $string )
		return '';

	return $string;
}