function wp_kses_bad_protocol_once($string, $allowed_protocols) {}

Sanitizes content from bad protocols and other characters.
This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities.


  • string $string: Content to check for bad protocols
  • string $allowed_protocols: Allowed protocols

Return values

returns:Sanitized content

Source code

function wp_kses_bad_protocol_once($string, $allowed_protocols) {

	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );

	if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) )

		$string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] );

	return $string;



No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: