You can use pre_user_description
hook, which filters the user’s description prior to saving/updating the user, to remove any unwanted tags.
To do that, you can use the wp_kses
function, which strips out all but whitelisted tags.
The allowed tags should be given as an associative array, where the keys are the names of the tags, and the values are an array of allowed attributes for this tag.
For example to allow only <strong>
and <em>
tags (without any attributes) and the <h1>
tag (with possibly the class
attribute only):
add_filter('pre_user_description','wpse_whitelist_tags_in_bio');
function wpse_whitelist_tags_in_bio($description){
$bio_allowed_tags = array(
'strong'=>array(),
'em'=>array(),
'h1' => array(
'class' => array (),
)
$description = wp_kses($description,$bio_allowed_tags);
return $description;
}
wp_kses
is an expensive function, so it should only be run when data is saved, not displayed. To strip out all HTML tags, you can use wp_strip_all_tags()