Wp_Kses strips anchor attributes
-
Im using wp_kses on a custom content to save it in post meta .
$allowed_html = wp_kses_allowed_html( 'data' );
$complete_layout_data = wp_kses($_POST["complete_layout_data"],$allowed_html );The dump result of the above code
<a>Click Here</a>Have no clue what went wrong tried wp_kses_post as well but no success.
Note: Im using a the filter on the second editor .
-
below is the $allowed_html content , The wp function wp_kses_allowed_html is used to get the array of $allowed_html.
array(14) { ["a"]=> array(2) { ["href"]=> bool(true) ["title"]=> bool(true) } ["abbr"]=> array(1) { ["title"]=> bool(true) } ["acronym"]=> array(1) { ["title"]=> bool(true) } ["b"]=> array(0) { } ["blockquote"]=> array(1) { ["cite"]=> bool(true) } ["cite"]=> array(0) { } ["code"]=> array(0) { } ["del"]=> array(1) { ["datetime"]=> bool(true) } ["em"]=> array(0) { } ["i"]=> array(0) { } ["q"]=> array(1) { ["cite"]=> bool(true) } ["s"]=> array(0) { } ["strike"]=> array(0) { } ["strong"]=> array(0) { } }Here is another $allowed_html array that strips href and results in
<a>Click Here</a>.array(21) { ["strong"]=> array(0) { } ["em"]=> array(0) { } ["b"]=> array(0) { } ["i"]=> array(0) { } ["u"]=> array(0) { } ["br"]=> array(0) { } ["p"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["h1"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["h2"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["h3"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["h4"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["h5"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["h6"]=> array(3) { ["align"]=> array(0) { } ["style"]=> array(0) { } ["class"]=> array(0) { } } ["li"]=> array(2) { ["align"]=> array(0) { } ["value"]=> array(0) { } } ["ul"]=> array(2) { ["align"]=> array(0) { } ["value"]=> array(0) { } } ["ol"]=> array(2) { ["align"]=> array(0) { } ["value"]=> array(0) { } } ["a"]=> array(2) { ["href"]=> array(0) { } ["title"]=> array(0) { } } ["table"]=> array(9) { ["align"]=> array(0) { } ["bgcolor"]=> array(0) { } ["border"]=> array(0) { } ["cellpadding"]=> array(0) { } ["cellspacing"]=> array(0) { } ["dir"]=> array(0) { } ["rules"]=> array(0) { } ["summary"]=> array(0) { } ["width"]=> array(0) { } } ["tbody"]=> array(4) { ["align"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["valign"]=> array(0) { } } ["tr"]=> array(0) { } ["td"]=> array(15) { ["abbr"]=> array(0) { } ["align"]=> array(0) { } ["axis"]=> array(0) { } ["bgcolor"]=> array(0) { } ["char"]=> array(0) { } ["charoff"]=> array(0) { } ["colspan"]=> array(0) { } ["dir"]=> array(0) { } ["headers"]=> array(0) { } ["height"]=> array(0) { } ["nowrap"]=> array(0) { } ["rowspan"]=> array(0) { } ["scope"]=> array(0) { } ["valign"]=> array(0) { } ["width"]=> array(0) { } } }@stephencottontail .
The $string passed to wp_kses is a strigified json object. which would be stored in post meta. i just realized its actually stripping all the attributes of any tags and not just anchor tag!!$string passed is like
$string = "[{\"value\":\"<a href=\"#\"> Click Here </a>\"}]
The topic ‘Wp_Kses strips anchor attributes’ is closed to new replies.