wp_kses_bad_protocol

函数


      wp_kses_bad_protocol ( $string, $allowed_protocols )

参数

(string) $string Content to filter bad protocols from.

Required: 是
(string[]) $allowed_protocols Array of allowed URL protocols.

Required: 是

返回值

(string) Filtered content.

定义位置

wp-includes/kses.php , line 1688

相关方法: wp_kses_bad_protocol_once wp_allowed_protocols wp_kses_post wp_get_server_protocol wp_kses_allowed_html

引入: 1.0.0

弃用: -

Sanitizes a string and removed disallowed URL protocols.

This function removes all non-allowed protocols from the beginning of the
string. It ignores whitespace and the case of the letters, and it does
understand HTML entities. It does its work recursively, so it won’t be
fooled by a string like `javascript:javascript:alert(57)`.

function wp_kses_bad_protocol( $string, $allowed_protocols ) {
	$string     = wp_kses_no_null( $string );
	$iterations = 0;

	do {
		$original_string = $string;
		$string          = wp_kses_bad_protocol_once( $string, $allowed_protocols );
	} while ( $original_string != $string && ++$iterations < 6 );

	if ( $original_string != $string ) {
		return '';
	}

	return $string;
}

wp_kses_bad_protocol

WP开发教程