wp_kses_bad_protocol

函数
wp_kses_bad_protocol ( $string, $allowed_protocols )
参数
  • (string) $string Content to filter bad protocols from.
    Required:
  • (string[]) $allowed_protocols Array of allowed URL protocols.
    Required:
返回值
  • (string) Filtered content.
定义位置
相关方法
wp_kses_bad_protocol_oncewp_allowed_protocolswp_kses_postwp_get_server_protocolwp_kses_allowed_html
引入
1.0.0
弃用
-

Sanitizes a string and removed disallowed URL protocols.

This function removes all non-allowed protocols from the beginning of the
string. It ignores whitespace and the case of the letters, and it does
understand HTML entities. It does its work recursively, so it won’t be
fooled by a string like `javascript:javascript:alert(57)`.

function wp_kses_bad_protocol( $string, $allowed_protocols ) {
	$string     = wp_kses_no_null( $string );
	$iterations = 0;

	do {
		$original_string = $string;
		$string          = wp_kses_bad_protocol_once( $string, $allowed_protocols );
	} while ( $original_string != $string && ++$iterations < 6 );

	if ( $original_string != $string ) {
		return '';
	}

	return $string;
}