wpseek.com
Eine auf WordPress spezialiserte Suchmaschine für Entwickler und Theme-Autoren



wp_kses_bad_protocol › WordPress Function

Seit1.0.0
Veraltetn/v
wp_kses_bad_protocol ( $content, $allowed_protocols )
Parameter: (2)
  • (string) $content Content to filter bad protocols from.
    Erforderlich: Ja
  • (string[]) $allowed_protocols Array of allowed URL protocols.
    Erforderlich: Ja
Gibt zurück:
  • (string) Filtered content.
Definiert in:
Codex:

Sanitizes a string and removed disallowed URL protocols.

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won't be fooled by a string like javascript:javascript:alert(57).


Ähnliche Funktionen: wp_kses_bad_protocol_once, wp_allowed_protocols, wp_kses_post, wp_get_server_protocol, wp_kses_allowed_html

Quellcode 

function wp_kses_bad_protocol( $content, $allowed_protocols ) {
	$content = wp_kses_no_null( $content );

	// Short-circuit if the string starts with `https://` or `http://`. Most common cases.
	if (
		( str_starts_with( $content, 'https://' ) && in_array( 'https', $allowed_protocols, true ) ) ||
		( str_starts_with( $content, 'http://' ) && in_array( 'http', $allowed_protocols, true ) )
	) {
		return $content;
	}

	$iterations = 0;

	do {
		$original_content = $content;
		$content          = wp_kses_bad_protocol_once( $content, $allowed_protocols );
	} while ( $original_content !== $content && ++$iterations < 6 );

	if ( $original_content !== $content ) {
		return '';
	}

	return $content;
}