[ Index ] |
PHP Cross Reference of BackPress |
[Source view] [Print] [Project Stats]
kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes Copyright (C) 2002, 2003, 2005 Ulf Harnhammar This program is free software and open source software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Author: | Ulf Harnhammar <http://advogato.org/person/metaur/> |
Copyright: | (C) 2002, 2003, 2005 |
Version: | 0.2.2 |
File Size: | 1354 lines (39 kb) |
Included or required: | 0 times |
Referenced: | 0 times |
Includes or requires: | 0 files |
wp_kses($string, $allowed_html, $allowed_protocols = array () X-Ref |
Filters content and keeps only allowable HTML elements. This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function. The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users. return: string Filtered content with only allowed HTML elements param: string $string Content to filter through kses param: array $allowed_html List of allowed HTML elements param: array $allowed_protocols Optional. Allowed protocol in links. since: 1.0.0 |
wp_kses_hook($string, $allowed_html, $allowed_protocols) X-Ref |
You add any kses hooks here. There is currently only one kses WordPress hook and it is called here. All parameters are passed to the hooks and expected to recieve a string. return: string Filtered content through 'pre_kses' hook param: string $string Content to filter through kses param: array $allowed_html List of allowed HTML elements param: array $allowed_protocols Allowed protocol in links since: 1.0.0 |
wp_kses_version() X-Ref |
This function returns kses' version number. return: string KSES Version Number since: 1.0.0 |
wp_kses_split($string, $allowed_html, $allowed_protocols) X-Ref |
Searches for HTML tags, no matter how malformed. It also matches stray ">" characters. return: string Content with fixed HTML tags param: string $string Content to filter param: array $allowed_html Allowed HTML elements param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 |
_wp_kses_split_callback( $match ) X-Ref |
Callback for wp_kses_split. since: 3.1.0 |
wp_kses_split2($string, $allowed_html, $allowed_protocols) X-Ref |
Callback for wp_kses_split for fixing malformed HTML tags. This function does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string, if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an attribute list. After the tag is split into an element and an attribute list, it is run through another filter which will remove illegal attributes and once that is completed, will be returned. return: string Fixed HTML element param: string $string Content to filter param: array $allowed_html Allowed HTML elements param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 |
wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) X-Ref |
Removes all attributes, if none are allowed for this element. If some are allowed it calls wp_kses_hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well. return: string Sanitized HTML element param: string $element HTML element/tag param: string $attr HTML attributes from HTML element to closing HTML element tag param: array $allowed_html Allowed HTML elements param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 |
wp_kses_hair($attr, $allowed_protocols) X-Ref |
Builds an attribute list from string containing attributes. This function does a lot of work. It parses an attribute list into an array with attribute data, and tries to do the right thing even if it gets weird input. It will add quotes around attribute values that don't have any quotes or apostrophes around them, to make it easier to produce HTML code that will conform to W3C's HTML specification. It will also remove bad URL protocols from attribute values. It also reduces duplicate attributes by using the attribute defined first (foo='bar' foo='baz' will result in foo='bar'). return: array List of attributes after parsing param: string $attr Attribute list from HTML element to closing HTML element tag param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 |
wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue) X-Ref |
Performs different checks for attribute values. The currently implemented checks are "maxlen", "minlen", "maxval", "minval" and "valueless" with even more checks to come soon. return: bool Whether check passes param: string $value Attribute value param: string $vless Whether the value is valueless. Use 'y' or 'n' param: string $checkname What $checkvalue is checking for. param: mixed $checkvalue What constraint the value should pass since: 1.0.0 |
wp_kses_bad_protocol($string, $allowed_protocols) X-Ref |
Sanitize string from bad protocols. This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)". return: string Filtered content param: string $string Content to filter bad protocols from param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 |
wp_kses_no_null($string) X-Ref |
Removes any NULL characters in $string. return: string param: string $string since: 1.0.0 |
wp_kses_stripslashes($string) X-Ref |
Strips slashes from in front of quotes. This function changes the character sequence \" to just ". It leaves all other slashes alone. It's really weird, but the quoting from preg_replace(//e) seems to require this. return: string Fixed strings with quoted slashes param: string $string String to strip slashes since: 1.0.0 |
wp_kses_array_lc($inarray) X-Ref |
Goes through an array and changes the keys to all lower case. return: array Fixed array with all lowercase keys param: array $inarray Unfiltered array since: 1.0.0 |
wp_kses_js_entities($string) X-Ref |
Removes the HTML JavaScript entities found in early versions of Netscape 4. return: string param: string $string since: 1.0.0 |
wp_kses_html_error($string) X-Ref |
Handles parsing errors in wp_kses_hair(). The general plan is to remove everything to and including some whitespace, but it deals with quotes and apostrophes as well. return: string param: string $string since: 1.0.0 |
wp_kses_bad_protocol_once($string, $allowed_protocols) X-Ref |
Sanitizes content from bad protocols and other characters. This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities. return: string Sanitized content param: string $string Content to check for bad protocols param: string $allowed_protocols Allowed protocols since: 1.0.0 |
wp_kses_bad_protocol_once2( $string, $allowed_protocols ) X-Ref |
Callback for wp_kses_bad_protocol_once() regular expression. This function processes URL protocols, checks to see if they're in the white-list or not, and returns different data depending on the answer. return: string Sanitized content param: string $string URI scheme to check against the whitelist param: string $allowed_protocols Allowed protocols since: 1.0.0 |
wp_kses_normalize_entities($string) X-Ref |
Converts and fixes HTML entities. This function normalizes HTML entities. It will convert "AT&T" to the correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. return: string Content with normalized entities param: string $string Content to normalize entities since: 1.0.0 |
wp_kses_named_entities($matches) X-Ref |
Callback for wp_kses_normalize_entities() regular expression. This function only accepts valid named entity references, which are finite, case-sensitive, and highly scrutinized by HTML and XML validators. return: string Correctly encoded entity param: array $matches preg_replace_callback() matches array since: 3.0.0 |
wp_kses_normalize_entities2($matches) X-Ref |
Callback for wp_kses_normalize_entities() regular expression. This function helps wp_kses_normalize_entities() to only accept 16 bit values and nothing more for &#number; entities. return: string Correctly encoded entity param: array $matches preg_replace_callback() matches array since: 1.0.0 |
wp_kses_normalize_entities3($matches) X-Ref |
Callback for wp_kses_normalize_entities() for regular expression. This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities in hex form. return: string Correctly encoded entity param: array $matches preg_replace_callback() matches array |
valid_unicode($i) X-Ref |
Helper function to determine if a Unicode value is valid. return: bool true if the value was a valid Unicode number param: int $i Unicode value |
wp_kses_decode_entities($string) X-Ref |
Convert all entities to their character counterparts. This function decodes numeric HTML entities (A and A). It doesn't do anything with other entities like ä, but we don't need them in the URL protocol whitelisting system anyway. return: string Content after decoded entities param: string $string Content to change entities since: 1.0.0 |
_wp_kses_decode_entities_chr( $match ) X-Ref |
Regex callback for wp_kses_decode_entities() return: string param: array $match preg match |
_wp_kses_decode_entities_chr_hexdec( $match ) X-Ref |
Regex callback for wp_kses_decode_entities() return: string param: array $match preg match |
wp_filter_kses($data) X-Ref |
Sanitize content with allowed HTML Kses rules. return: string Filtered content param: string $data Content to filter, expected to be escaped with slashes since: 1.0.0 |
wp_kses_data($data) X-Ref |
Sanitize content with allowed HTML Kses rules. return: string Filtered content param: string $data Content to filter, expected to not be escaped since: 2.9.0 |
wp_filter_post_kses($data) X-Ref |
Sanitize content for allowed HTML tags for post content. Post content refers to the page contents of the 'post' type and not $_POST data from forms. return: string Filtered post content with allowed HTML tags and attributes intact. param: string $data Post content to filter, expected to be escaped with slashes since: 2.0.0 |
wp_kses_post($data) X-Ref |
Sanitize content for allowed HTML tags for post content. Post content refers to the page contents of the 'post' type and not $_POST data from forms. return: string Filtered post content with allowed HTML tags and attributes intact. param: string $data Post content to filter since: 2.9.0 |
wp_filter_nohtml_kses($data) X-Ref |
Strips all of the HTML in the content. return: string Filtered content without any HTML param: string $data Content to strip all HTML from since: 2.1.0 |
safecss_filter_attr( $css, $deprecated = '' ) X-Ref |
Inline CSS filter since: 2.8.1 |
Generated: Sat Nov 23 01:00:54 2024 | Cross-referenced by PHPXref 0.7.1 |