WordPress Code Snippets

A fresh mix of code snippets and tutorials

WordPress Basic Allowed HTML for wp_kses

267

Here is a function that I use in my plugin, Dashboard Widgets Suite. It provides a sane, practical set of HTML tags and attributes for WP’s wp_kses family of functions.

About wp_kses()

In WordPress, the wp_kses() (and related kses functions) sanitizes markup using the following syntax:

<?php wp_kses($string, $allowed_html, $allowed_protocols); ?>

For the second parameter, $allowed_html, you pass an array of allowed HTML elements.

Safe set of allowed HTML tags & attributes

There are various approaches to providing a suitable $allowed_html parameter, but the method that I find to be the most sane and flexible is to pass my own custom-built array. To make things easier, I package my set of allowed HTML tags and attributes in the following convenient function:

The tags and attributes provided by this function may be customized as desired. Here is an example of usage:

$allowed_html = shapeSpace_allowed_html();
$sanitized_string = wp_kses($raw_string, $allowed_html);

For more information, check out the wp_kses() reference link below.

Reference

Learn more

WordPress Themes In Depth


Show Support

Like our new Facebook Page to show support!