| [ Index ] |
PHP Cross Reference of BuddyPress |
[Source view] [Print] [Project Stats]
kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes Copyright (C) 2002, 2003, 2005 Ulf Harnhammar This program is free software and open source software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
| Author: | Ulf Harnhammar <http://advogato.org/person/metaur/> |
| Copyright: | (C) 2002, 2003, 2005 |
| Version: | 0.2.2 |
| File Size: | 1353 lines (39 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
| wp_kses($string, $allowed_html, $allowed_protocols = array () X-Ref |
| Filters content and keeps only allowable HTML elements. This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function. The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users. param: string $string Content to filter through kses param: array $allowed_html List of allowed HTML elements param: array $allowed_protocols Optional. Allowed protocol in links. since: 1.0.0 return: string Filtered content with only allowed HTML elements |
| wp_kses_hook($string, $allowed_html, $allowed_protocols) X-Ref |
| You add any kses hooks here. There is currently only one kses WordPress hook and it is called here. All parameters are passed to the hooks and expected to recieve a string. param: string $string Content to filter through kses param: array $allowed_html List of allowed HTML elements param: array $allowed_protocols Allowed protocol in links since: 1.0.0 return: string Filtered content through 'pre_kses' hook |
| wp_kses_version() X-Ref |
| This function returns kses' version number. since: 1.0.0 return: string KSES Version Number |
| wp_kses_split($string, $allowed_html, $allowed_protocols) X-Ref |
| Searches for HTML tags, no matter how malformed. It also matches stray ">" characters. param: string $string Content to filter param: array $allowed_html Allowed HTML elements param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 return: string Content with fixed HTML tags |
| _wp_kses_split_callback( $match ) X-Ref |
| Callback for wp_kses_split. since: 3.1.0 |
| wp_kses_split2($string, $allowed_html, $allowed_protocols) X-Ref |
| Callback for wp_kses_split for fixing malformed HTML tags. This function does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string, if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an attribute list. After the tag is split into an element and an attribute list, it is run through another filter which will remove illegal attributes and once that is completed, will be returned. param: string $string Content to filter param: array $allowed_html Allowed HTML elements param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 return: string Fixed HTML element |
| wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) X-Ref |
| Removes all attributes, if none are allowed for this element. If some are allowed it calls wp_kses_hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well. param: string $element HTML element/tag param: string $attr HTML attributes from HTML element to closing HTML element tag param: array $allowed_html Allowed HTML elements param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 return: string Sanitized HTML element |
| wp_kses_hair($attr, $allowed_protocols) X-Ref |
| Builds an attribute list from string containing attributes. This function does a lot of work. It parses an attribute list into an array with attribute data, and tries to do the right thing even if it gets weird input. It will add quotes around attribute values that don't have any quotes or apostrophes around them, to make it easier to produce HTML code that will conform to W3C's HTML specification. It will also remove bad URL protocols from attribute values. It also reduces duplicate attributes by using the attribute defined first (foo='bar' foo='baz' will result in foo='bar'). param: string $attr Attribute list from HTML element to closing HTML element tag param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 return: array List of attributes after parsing |
| wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue) X-Ref |
| Performs different checks for attribute values. The currently implemented checks are "maxlen", "minlen", "maxval", "minval" and "valueless" with even more checks to come soon. param: string $value Attribute value param: string $vless Whether the value is valueless. Use 'y' or 'n' param: string $checkname What $checkvalue is checking for. param: mixed $checkvalue What constraint the value should pass since: 1.0.0 return: bool Whether check passes |
| wp_kses_bad_protocol($string, $allowed_protocols) X-Ref |
| Sanitize string from bad protocols. This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)". param: string $string Content to filter bad protocols from param: array $allowed_protocols Allowed protocols to keep since: 1.0.0 return: string Filtered content |
| wp_kses_no_null($string) X-Ref |
| Removes any NULL characters in $string. param: string $string since: 1.0.0 return: string |
| wp_kses_stripslashes($string) X-Ref |
| Strips slashes from in front of quotes. This function changes the character sequence \" to just ". It leaves all other slashes alone. It's really weird, but the quoting from preg_replace(//e) seems to require this. param: string $string String to strip slashes since: 1.0.0 return: string Fixed strings with quoted slashes |
| wp_kses_array_lc($inarray) X-Ref |
| Goes through an array and changes the keys to all lower case. param: array $inarray Unfiltered array since: 1.0.0 return: array Fixed array with all lowercase keys |
| wp_kses_js_entities($string) X-Ref |
| Removes the HTML JavaScript entities found in early versions of Netscape 4. param: string $string since: 1.0.0 return: string |
| wp_kses_html_error($string) X-Ref |
| Handles parsing errors in wp_kses_hair(). The general plan is to remove everything to and including some whitespace, but it deals with quotes and apostrophes as well. param: string $string since: 1.0.0 return: string |
| wp_kses_bad_protocol_once($string, $allowed_protocols) X-Ref |
| Sanitizes content from bad protocols and other characters. This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities. param: string $string Content to check for bad protocols param: string $allowed_protocols Allowed protocols since: 1.0.0 return: string Sanitized content |
| wp_kses_bad_protocol_once2( $string, $allowed_protocols ) X-Ref |
| Callback for wp_kses_bad_protocol_once() regular expression. This function processes URL protocols, checks to see if they're in the white-list or not, and returns different data depending on the answer. param: string $string URI scheme to check against the whitelist param: string $allowed_protocols Allowed protocols since: 1.0.0 return: string Sanitized content |
| wp_kses_normalize_entities($string) X-Ref |
| Converts and fixes HTML entities. This function normalizes HTML entities. It will convert "AT&T" to the correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. param: string $string Content to normalize entities since: 1.0.0 return: string Content with normalized entities |
| wp_kses_named_entities($matches) X-Ref |
| Callback for wp_kses_normalize_entities() regular expression. This function only accepts valid named entity references, which are finite, case-sensitive, and highly scrutinized by HTML and XML validators. param: array $matches preg_replace_callback() matches array since: 3.0.0 return: string Correctly encoded entity |
| wp_kses_normalize_entities2($matches) X-Ref |
| Callback for wp_kses_normalize_entities() regular expression. This function helps wp_kses_normalize_entities() to only accept 16 bit values and nothing more for &#number; entities. param: array $matches preg_replace_callback() matches array since: 1.0.0 return: string Correctly encoded entity |
| wp_kses_normalize_entities3($matches) X-Ref |
| Callback for wp_kses_normalize_entities() for regular expression. This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities in hex form. param: array $matches preg_replace_callback() matches array return: string Correctly encoded entity |
| valid_unicode($i) X-Ref |
| Helper function to determine if a Unicode value is valid. param: int $i Unicode value return: bool true if the value was a valid Unicode number |
| wp_kses_decode_entities($string) X-Ref |
| Convert all entities to their character counterparts. This function decodes numeric HTML entities (A and A). It doesn't do anything with other entities like ä, but we don't need them in the URL protocol whitelisting system anyway. param: string $string Content to change entities since: 1.0.0 return: string Content after decoded entities |
| _wp_kses_decode_entities_chr( $match ) X-Ref |
| Regex callback for wp_kses_decode_entities() param: array $match preg match return: string |
| _wp_kses_decode_entities_chr_hexdec( $match ) X-Ref |
| Regex callback for wp_kses_decode_entities() param: array $match preg match return: string |
| wp_filter_kses($data) X-Ref |
| Sanitize content with allowed HTML Kses rules. param: string $data Content to filter, expected to be escaped with slashes since: 1.0.0 return: string Filtered content |
| wp_kses_data($data) X-Ref |
| Sanitize content with allowed HTML Kses rules. param: string $data Content to filter, expected to not be escaped since: 2.9.0 return: string Filtered content |
| wp_filter_post_kses($data) X-Ref |
| Sanitize content for allowed HTML tags for post content. Post content refers to the page contents of the 'post' type and not $_POST data from forms. param: string $data Post content to filter, expected to be escaped with slashes since: 2.0.0 return: string Filtered post content with allowed HTML tags and attributes intact. |
| wp_kses_post($data) X-Ref |
| Sanitize content for allowed HTML tags for post content. Post content refers to the page contents of the 'post' type and not $_POST data from forms. param: string $data Post content to filter since: 2.9.0 return: string Filtered post content with allowed HTML tags and attributes intact. |
| wp_filter_nohtml_kses($data) X-Ref |
| Strips all of the HTML in the content. param: string $data Content to strip all HTML from since: 2.1.0 return: string Filtered content without any HTML |
| safecss_filter_attr( $css, $deprecated = '' ) X-Ref |
| Inline CSS filter since: 2.8.1 |
| Generated: Sun Dec 22 01:00:54 2024 | Cross-referenced by PHPXref 0.7.1 |