WP-Mix

A fresh mix of code snippets and tutorials

WordPress Basic Allowed HTML for wp_kses

Here is a function that I use in my plugin, Dashboard Widgets Suite. It provides a sane, practical set of HTML tags and attributes for WP’s wp_kses family of functions.

About wp_kses()

In WordPress, the wp_kses() (and related kses functions) sanitizes markup using the following syntax:

<?php wp_kses($string, $allowed_html, $allowed_protocols); ?>

For the second parameter, $allowed_html, you pass an array of allowed HTML elements.

Safe set of allowed HTML tags & attributes

There are various approaches to providing a suitable $allowed_html parameter, but the method that I find to be the most sane and flexible is to pass my own custom-built array. To make things easier, I package my set of allowed HTML tags and attributes in the following convenient function:

function shapeSpace_allowed_html() {

	$allowed_tags = array(
		'a' => array(
			'class' => array(),
			'href'  => array(),
			'rel'   => array(),
			'title' => array(),
		),
		'abbr' => array(
			'title' => array(),
		),
		'b' => array(),
		'blockquote' => array(
			'cite'  => array(),
		),
		'cite' => array(
			'title' => array(),
		),
		'code' => array(),
		'del' => array(
			'datetime' => array(),
			'title' => array(),
		),
		'dd' => array(),
		'div' => array(
			'class' => array(),
			'title' => array(),
			'style' => array(),
		),
		'dl' => array(),
		'dt' => array(),
		'em' => array(),
		'h1' => array(),
		'h2' => array(),
		'h3' => array(),
		'h4' => array(),
		'h5' => array(),
		'h6' => array(),
		'i' => array(),
		'img' => array(
			'alt'    => array(),
			'class'  => array(),
			'height' => array(),
			'src'    => array(),
			'width'  => array(),
		),
		'li' => array(
			'class' => array(),
		),
		'ol' => array(
			'class' => array(),
		),
		'p' => array(
			'class' => array(),
		),
		'q' => array(
			'cite' => array(),
			'title' => array(),
		),
		'span' => array(
			'class' => array(),
			'title' => array(),
			'style' => array(),
		),
		'strike' => array(),
		'strong' => array(),
		'ul' => array(
			'class' => array(),
		),
	);
	
	return $allowed_tags;
}

The tags and attributes provided by this function may be customized as desired. Here is an example of usage:

$allowed_html = shapeSpace_allowed_html();
$sanitized_string = wp_kses($raw_string, $allowed_html);

For more information, check out the wp_kses() reference link below.

Reference

Learn more

Digging Into WordPressWordPress Themes In DepthWizard’s SQL Recipes for WordPress

WordPress Resources

[ .htaccess made easy ] [ GA Pro: WordPress + Google Analytics ] [ USP Pro - User Submitted Posts ] [ Wizard’s Collection: SQL Recipes for WordPress ] [ WordPress Themes In Depth ] [ Digging Into WordPress ]

Subscribe to WP-Mix

Project Demos

Popular Posts

Recent Posts

Random Posts

RSS Feed

Grab the RSS Feed ›

1390 readers
Feed Statistics
About the Author

Jeff Starr is a professional developer, designer, author, and publisher with over 15 years of experience. He writes books and tutorials, develops plugins, and runs his own business.

About the Site

WP-Mix is where I share code snippets, tricks, and tips. WP-Mix was launched in October 2012, and now features 409 posts. You can check out the latest post published on May 2, 2023. Learn more ›

Contact

A few ways to connect:

© 2012–2024 Monzilla Media shapeSpace Sitemap Feed Privacy Made in the USA