function wp_kses($string, $allowed_html, $allowed_protocols = array () {}

Filters content and keeps only allowable HTML elements.
This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP’s magic quotes before you call this function.


  • string $string: Content to filter through kses
  • array $allowed_html: List of allowed HTML elements
  • array $allowed_protocols: Optional. Allowed protocol in links.

Return values

returns:Filtered content with only allowed HTML elements

Source code

function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {

	if ( empty( $allowed_protocols ) )

		$allowed_protocols = wp_allowed_protocols();

	$string = wp_kses_no_null($string);

	$string = wp_kses_js_entities($string);

	$string = wp_kses_normalize_entities($string);

	$allowed_html_fixed = wp_kses_array_lc($allowed_html);

	$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook

	return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);



No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: