wp_kses() strips data attributes even if it’s in the allowed list

I hope that you don’t have to modify the allowed array with the full data name (data-term) for this to work…

It appears to be that way. data-term and data aren’t the same attribute after all, and poking around in core I don’t think any sort of regular expressions can be used as supported attributes.

You shouldn’t need to run wp_kses() on your own markup though, you should know it’s safe. wp_kses() is generally just for handling untrusted input from users. Are users going to be submitting data- attributes, and you need to support them all?

You could do something like this instead:

$my_var="<div class="my-class" data-term="" . esc_attr( $term_id ) . '">' . wp_kses_post( $content ) . '</div>';

That uses wp_kses_post() which will use the default allowed html for posts, but it’s only going to apply to whatever $content is.

Related Posts:

  1. Typical wp_kses $allowed
  2. wp_kses vs wp_strip_all_tags
  3. Escaping SVG with KSES
  4. wp_kses_post only removes tags, but not their content
  5. Allow html comments with kses
  6. Why wp_kses() not working for rel, target of link in WordPress
  7. Why is WordPress Breaking Custom Elements with Hyphens Into Element and Attribute?
  8. Any ideas how to allow CSS input to perfectly work in the text area with wp_kses?
  9. wp_filter_kses allow HTML5 video?
  10. How to get SimplePie fetch_feed without stripping iframe code?
  11. Why is wp_kses not keeping style attributes as expected?
  12. What to use instead of wp_kses() in user output
  13. how to escape wp_oembed_get for phpcs
  14. Allowing more elements in comments via functions.php
  15. What is the difference between strip_tags and wp_filter_nohtml_kses?
  16. How to allow data:image attribute in src tag during post insert?
  17. WP Editor strips input placeholder attribute
  18. Change allowed HTML tags for comments
  19. Remove all table widths from editor content
  20. Remove tags from the kses filter
  21. Accepting certain HTML tags in WP List Table column data
  22. How to allow internal links using wp_kses filtration
  23. Quotes being escaped inside wp_editor when saved with wp_kses_post
  24. Proper use of internationalization
  25. wp_kses and magic quotes
  26. HTML Entities displaying improperly as malformed escaped code
  27. Allow iframes from specific sites?
  28. wp_kses ignore allowed and allow everything
  29. Make WordPress process admin group comments using $allowedtags
  30. How can I remove the kses filters when saving a specific post type ? (it breaks my JSON)
  31. Is it possible to run wp_kses on all posts?
  32. I want to allow the use of a data-flw attribute in links in comments
  33. Add Attribute to p Tag of Post Content
  34. Only allow site url in text field using wp_kses/wp_filter_nohtml_kses?
  35. How to allow &nbsp with wp_kses()?
  36. Inline style HTML attribute is being stripped from all elements of a post
  37. sanitize vimeo embed code?
  38. Broken kses.php function “wp_kses_named_entities” crashes WordPress
  39. Whitelist a single SVG for use in post_content
  40. WordPress post_content gets deleted in cron after wp_update_post
  41. wp_kses allow checkbox class and checked
  42. Add Protocol to Custom Menus
  43. Why is `–` converted into ndash and how can I get rid of it?
  44. why is kses removing semicolon from inline style?
  45. Multisite, but wp_kses_allowed_html only for one subsite?
techhipbettruvabetnorabahisbahis forumutaraftarium24eduedusedueduseduedueduedueduedus