Outil de recherche WordPress pour les développeurs et auteurs de thèmes



wp_kses_bad_protocol ›

Depuis1.0.0
Dépréciéen/a
wp_kses_bad_protocol ( $string, $allowed_protocols )
Paramètres: (2)
  • (string) $string Content to filter bad protocols from.
    Requis: Oui
  • (string[]) $allowed_protocols Array of allowed URL protocols.
    Requis: Oui
Retourne:
  • (string) Filtered content.
Défini(e) dans:
Codex:

Sanitizes a string and removed disallowed URL protocols.

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won't be fooled by a string like javascript:javascript:alert(57).



Source

function wp_kses_bad_protocol( $string, $allowed_protocols ) {
	$string     = wp_kses_no_null( $string );
	$iterations = 0;

	do {
		$original_string = $string;
		$string          = wp_kses_bad_protocol_once( $string, $allowed_protocols );
	} while ( $original_string != $string && ++$iterations < 6 );

	if ( $original_string != $string ) {
		return '';
	}

	return $string;
}