wp_kses_attr_check

函数
wp_kses_attr_check ( $name, $value, $whole, $vless, $element, $allowed_html )
参数
  • (string) $name The attribute name. Passed by reference. Returns empty string when not allowed.
    Required:
  • (string) $value The attribute value. Passed by reference. Returns a filtered value.
    Required:
  • (string) $whole The `name=value` input. Passed by reference. Returns filtered input.
    Required:
  • (string) $vless Whether the attribute is valueless. Use 'y' or 'n'.
    Required:
  • (string) $element The name of the element to which this attribute belongs.
    Required:
  • (array) $allowed_html The full list of allowed elements and attributes.
    Required:
返回值
  • (bool) Whether or not the attribute is allowed.
定义位置
相关方法
wp_kses_attrwp_kses_attr_parsewp_kses_array_lcwp_kses_one_attrwp_auth_check
引入
4.2.3
弃用
-

wp_kses_attr_check: 这个函数用来检查一个HTML属性是否被允许。

决定是否允许属性。

function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
	$name_low    = strtolower( $name );
	$element_low = strtolower( $element );

	if ( ! isset( $allowed_html[ $element_low ] ) ) {
		$name  = '';
		$value = '';
		$whole = '';
		return false;
	}

	$allowed_attr = $allowed_html[ $element_low ];

	if ( ! isset( $allowed_attr[ $name_low ] ) || '' === $allowed_attr[ $name_low ] ) {
		/*
		 * Allow `data-*` attributes.
		 *
		 * When specifying `$allowed_html`, the attribute name should be set as
		 * `data-*` (not to be mixed with the HTML 4.0 `data` attribute, see
		 * https://www.w3.org/TR/html40/struct/objects.html#adef-data).
		 *
		 * Note: the attribute name should only contain `A-Za-z0-9_-` chars,
		 * double hyphens `--` are not accepted by WordPress.
		 */
		if ( strpos( $name_low, 'data-' ) === 0 && ! empty( $allowed_attr['data-*'] )
			&& preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
		) {
			/*
			 * Add the whole attribute name to the allowed attributes and set any restrictions
			 * for the `data-*` attribute values for the current element.
			 */
			$allowed_attr[ $match[0] ] = $allowed_attr['data-*'];
		} else {
			$name  = '';
			$value = '';
			$whole = '';
			return false;
		}
	}

	if ( 'style' === $name_low ) {
		$new_value = safecss_filter_attr( $value );

		if ( empty( $new_value ) ) {
			$name  = '';
			$value = '';
			$whole = '';
			return false;
		}

		$whole = str_replace( $value, $new_value, $whole );
		$value = $new_value;
	}

	if ( is_array( $allowed_attr[ $name_low ] ) ) {
		// There are some checks.
		foreach ( $allowed_attr[ $name_low ] as $currkey => $currval ) {
			if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) {
				$name  = '';
				$value = '';
				$whole = '';
				return false;
			}
		}
	}

	return true;
}

常见问题

FAQs
查看更多 >