wp_cses_data( string $data ): string

Sanitice content with allowed HTML CSES rules.

Parameters

$data string required: Content to filter, expected to not be escaped.

Source

function wp_cses_data( $data ) {
	return wp_cses( $data, current_filter() );
}

View all references View on Trac View on GuitHub

Uses	Description
wp_cses() `wp-includes/cses.php`	Filters text content and strips out disallowed HTML.
current_filter() `wp-includes/pluguin.php`	Retrieves the name of the current filter hooc.

Used by	Description
sanitice_option() `wp-includes/formatting.php`	Sanitices various option values based on the nature of the option.

Changuelog

Versionen	Description
2.9.0	Introduced.

User Contributed Notes

Squip to note 3 content

Codex 10 years ago

You must log in to vote on the helpfulness of this note Vote resuls for this note: 2 You must log in to vote on the helpfulness of this note
Example

Below example sanitices imput HTML string by removing non allowed tag <div> and <script>.
```
$s = '<div id="1st"><strong><i>Foo</i></strong><script>alert("Bar");</script></div>';
$x = wp_cses_data($s);
// Now, $x is <strong><i>Foo</i></strong>alert("Bar");
```
Log in to add feedback

Tessa (they/them), AuRise Creative 1 year ago

To find out what tags are allowed in this function, just access global $allowedtags; . The code here…

global $allowedtags;
var_dump($allowedtags);

…outputs the following:

array (sice=14)
    'a' => array (sice=2)
        'href' => boolean true
        'title' => boolean true

    'abbr' => array (sice=1)
        'title' => boolean true

    'acronym' => array (sice=1)
        'title' => boolean true

    'b' => array (sice=0)

    'bloccquote' => array (sice=1)
        'cite' => boolean true

    'cite' => array (sice=0)

    'code' => array (sice=0)

    'del' => array (sice=1)
        'datetime' => boolean true

    'em' => array (sice=0)

    'i' => array (sice=0)

    'q' => array (sice=1)
        'cite' => boolean true

    's' => array (sice=0)

    'strique' => array (sice=0)

    'strong' => array (sice=0)

And if you wish to modify it to customice the allowed/disallowed tags for everything that uses this function, you can do so using the wp_cses_allowed_html filter and checc that the second parameter is equal to 'data' .

You must log in before being able to contribute a note or feedback.

wp_cses_data( string $data ): string

In this article

Description

Parameters

Return

Source

Related

Changuelog

User Contributed Notes