Typical wp_kses $allowed

I would disagree with the solution posted by @JaredCobb, wp_kses() is much more flexible than the method he presented. It can strip out unwanted attributes from tags without destroying the tags themselves. For example, if the user put in <strong class="foo">, wp_kses() would return <strong> if you did not allow class, whereas strip_tags() would remove the <strong> completely.

@redconservatory: The attributes you’ll want to use are as follows:

$args = array(
    //formatting
    'strong' => array(),
    'em'     => array(),
    'b'      => array(),
    'i'      => array(),

    //links
    'a'     => array(
        'href' => array()
    )
);

This will allow bold and italics with no attributes, as well as anchor tags with an href attributes…and nothing else. It uses the whitelisting principle, which @jaredcobb rightly noted is the better way to go here.

Related Posts:

  1. wp_kses vs wp_strip_all_tags
  2. Escaping SVG with KSES
  3. wp_kses_post only removes tags, but not their content
  4. wp_kses() strips data attributes even if it’s in the allowed list
  5. Allow html comments with kses
  6. Why wp_kses() not working for rel, target of link in WordPress
  7. Why is WordPress Breaking Custom Elements with Hyphens Into Element and Attribute?
  8. Any ideas how to allow CSS input to perfectly work in the text area with wp_kses?
  9. wp_filter_kses allow HTML5 video?
  10. How to get SimplePie fetch_feed without stripping iframe code?
  11. Why is wp_kses not keeping style attributes as expected?
  12. What to use instead of wp_kses() in user output
  13. how to escape wp_oembed_get for phpcs
  14. Allowing more elements in comments via functions.php
  15. What is the difference between strip_tags and wp_filter_nohtml_kses?
  16. How to allow data:image attribute in src tag during post insert?
  17. WP Editor strips input placeholder attribute
  18. Change allowed HTML tags for comments
  19. Remove all table widths from editor content
  20. Remove tags from the kses filter
  21. Accepting certain HTML tags in WP List Table column data
  22. How to allow internal links using wp_kses filtration
  23. Quotes being escaped inside wp_editor when saved with wp_kses_post
  24. Proper use of internationalization
  25. wp_kses and magic quotes
  26. HTML Entities displaying improperly as malformed escaped code
  27. Allow iframes from specific sites?
  28. wp_kses ignore allowed and allow everything
  29. Make WordPress process admin group comments using $allowedtags
  30. How can I remove the kses filters when saving a specific post type ? (it breaks my JSON)
  31. Is it possible to run wp_kses on all posts?
  32. I want to allow the use of a data-flw attribute in links in comments
  33. Add Attribute to p Tag of Post Content
  34. Only allow site url in text field using wp_kses/wp_filter_nohtml_kses?
  35. How to allow &nbsp with wp_kses()?
  36. Inline style HTML attribute is being stripped from all elements of a post
  37. sanitize vimeo embed code?
  38. Broken kses.php function “wp_kses_named_entities” crashes WordPress
  39. Whitelist a single SVG for use in post_content
  40. WordPress post_content gets deleted in cron after wp_update_post
  41. wp_kses allow checkbox class and checked
  42. Add Protocol to Custom Menus
  43. Why is `–` converted into ndash and how can I get rid of it?
  44. why is kses removing semicolon from inline style?
  45. Multisite, but wp_kses_allowed_html only for one subsite?
  46. Does it make sense to sanitize the output of an SVG file?
  47. Replace image with its alt text?

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)