wpseek.com
WordPress开发者和主题制作者的搜索引擎

wp_kses_bad_protocol › WordPress Function

Since1.0.0

已弃用n/a

› wp_kses_bad_protocol ( $content, $allowed_protocols )

参数: (2)	(string) $content Content to filter bad protocols from. Required: Yes (string[]) $allowed_protocols Array of allowed URL protocols. Required: Yes
返回:	(string) Filtered content.
定义在:	wp-includes/kses.php , line 1704
文档:	developer.wordpress.org / wp_kses_bad_protocol

Sanitizes a string and removed disallowed URL protocols.

This function removes all non-allowed protocols from the beginning of the string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work recursively, so it won't be fooled by a string like javascript:javascript:alert(57).

源码

function wp_kses_bad_protocol( $content, $allowed_protocols ) {
	$content = wp_kses_no_null( $content );

	// Short-circuit if the string starts with `https://` or `http://`. Most common cases.
	if (
		( str_starts_with( $content, 'https://' ) && in_array( 'https', $allowed_protocols, true ) ) ||
		( str_starts_with( $content, 'http://' ) && in_array( 'http', $allowed_protocols, true ) )
	) {
		return $content;
	}

	$iterations = 0;

	do {
		$original_content = $content;
		$content          = wp_kses_bad_protocol_once( $content, $allowed_protocols );
	} while ( $original_content !== $content && ++$iterations < 6 );

	if ( $original_content !== $content ) {
		return '';
	}

	return $content;
}