wp_kses_bad_protocol_once( string $string, string[] $allowed_protocols, int $count = 1 )

Sanitizes content from bad protocols and other characters.

Description

This function searches for URL protocols at the beginning of the string, while handling whitespace and HTML entities.

Parameters

$string

(string) (Required) Content to check for bad protocols.

$allowed_protocols

(string[]) (Required) Array of allowed URL protocols.

$count

(int) (Optional) Depth of call recursion to this function.

Default value: 1

Return

(string) Sanitized content.

Source

File: wp-includes/kses.php

function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
	$string  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $string );
	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;|&colon;/i', $string, 2 );
	if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) {
		$string   = trim( $string2[1] );
		$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
		if ( 'feed:' === $protocol ) {
			if ( $count > 2 ) {
				return '';
			}
			$string = wp_kses_bad_protocol_once( $string, $allowed_protocols, ++$count );
			if ( empty( $string ) ) {
				return $string;
			}
		}
		$string = $protocol . $string;
	}

	return $string;
}

Uses

Uses	Description
wp-includes/kses.php: wp_kses_bad_protocol_once()	Sanitizes content from bad protocols and other characters.

Used By

Used By	Description
wp-includes/kses.php: wp_kses_bad_protocol()	Sanitizes a string and removed disallowed URL protocols.
wp-includes/kses.php: wp_kses_bad_protocol_once()	Sanitizes content from bad protocols and other characters.

Changelog

Version	Description
1.0.0	Introduced.

© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/wp_kses_bad_protocol_once