WP-Mix

A fresh mix of code snippets and tutorials

Allowed HTML tags for wp_kses()

Developing WordPress plugins, I frequently need to specify an array of allowed HTML tags and attributes for wp_kses(). The collection of allowed tags has grown over time, and so I’m posting it here at WP-Mix for future reference. Just makes my life easier, hopefully it helps you too.

global $allowedposttags;
$allowed_atts = array(
	'align'      => array(),
	'class'      => array(),
	'type'       => array(),
	'id'         => array(),
	'dir'        => array(),
	'lang'       => array(),
	'style'      => array(),
	'xml:lang'   => array(),
	'src'        => array(),
	'alt'        => array(),
	'href'       => array(),
	'rel'        => array(),
	'rev'        => array(),
	'target'     => array(),
	'novalidate' => array(),
	'type'       => array(),
	'value'      => array(),
	'name'       => array(),
	'tabindex'   => array(),
	'action'     => array(),
	'method'     => array(),
	'for'        => array(),
	'width'      => array(),
	'height'     => array(),
	'data'       => array(),
	'title'      => array(),
);
$allowedposttags['form']     = $allowed_atts;
$allowedposttags['label']    = $allowed_atts;
$allowedposttags['input']    = $allowed_atts;
$allowedposttags['textarea'] = $allowed_atts;
$allowedposttags['iframe']   = $allowed_atts;
$allowedposttags['script']   = $allowed_atts;
$allowedposttags['style']    = $allowed_atts;
$allowedposttags['strong']   = $allowed_atts;
$allowedposttags['small']    = $allowed_atts;
$allowedposttags['table']    = $allowed_atts;
$allowedposttags['span']     = $allowed_atts;
$allowedposttags['abbr']     = $allowed_atts;
$allowedposttags['code']     = $allowed_atts;
$allowedposttags['pre']      = $allowed_atts;
$allowedposttags['div']      = $allowed_atts;
$allowedposttags['img']      = $allowed_atts;
$allowedposttags['h1']       = $allowed_atts;
$allowedposttags['h2']       = $allowed_atts;
$allowedposttags['h3']       = $allowed_atts;
$allowedposttags['h4']       = $allowed_atts;
$allowedposttags['h5']       = $allowed_atts;
$allowedposttags['h6']       = $allowed_atts;
$allowedposttags['ol']       = $allowed_atts;
$allowedposttags['ul']       = $allowed_atts;
$allowedposttags['li']       = $allowed_atts;
$allowedposttags['em']       = $allowed_atts;
$allowedposttags['hr']       = $allowed_atts;
$allowedposttags['br']       = $allowed_atts;
$allowedposttags['tr']       = $allowed_atts;
$allowedposttags['td']       = $allowed_atts;
$allowedposttags['p']        = $allowed_atts;
$allowedposttags['a']        = $allowed_atts;
$allowedposttags['b']        = $allowed_atts;
$allowedposttags['i']        = $allowed_atts;

Note that these HTML tags and attributes go beyond those provided by wp_kses_post(). So if you’re looking to allow only the same tags that are allowed in WP Posts, just use that instead of the custom array.

Bonus

For your contemplation:

$allowed_tags = wp_kses_allowed_html('post');
wp_kses(stripslashes_deep($input['custom_message']), $allowed_tags);

Just an another way of doing it :)

Related & References

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress

WordPress Resources

[ Banhammer Pro: Hammer the Enemy ] [ Wizard’s Collection: SQL Recipes for WordPress ] [ .htaccess made easy ] [ BBQ Pro: Advanced WordPress Firewall ] [ SAC Pro: WordPress Chat Plugin ] [ Digging Into WordPress ]

Subscribe to WP-Mix

Project Demos

Popular Posts

Recent Posts

Random Posts

RSS Feed

Grab the RSS Feed ›

1390 readers
Feed Statistics
About the Author

Jeff Starr is a professional developer, designer, author, and publisher with over 15 years of experience. He writes books and tutorials, develops plugins, and runs his own business.

About the Site

WP-Mix is where I share code snippets, tricks, and tips. WP-Mix was launched in October 2012, and now features 409 posts. You can check out the latest post published on May 2, 2023. Learn more ›

Contact

A few ways to connect:

© 2012–2024 Monzilla Media shapeSpace Sitemap Feed Privacy Made in the USA