/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function nxt_kses($string, $allowed_html, $allowed_protocols = array())
{
    $allowed_protocols = nxt_parse_args($allowed_protocols, apply_filters('kses_allowed_protocols', array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn')));
    $string = nxt_kses_no_null($string);
    $string = nxt_kses_js_entities($string);
    $string = nxt_kses_normalize_entities($string);
    $allowed_html_fixed = nxt_kses_array_lc($allowed_html);
    $string = nxt_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
    // nxt changed the order of these funcs and added args to nxt_kses_hook
    return nxt_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}
Exemple #2
0
/**
 * Filters content and keeps only allowable HTML elements.
 *
 * This function makes sure that only the allowed HTML element names, attribute
 * names and attribute values plus only sane HTML entities will occur in
 * $string. You have to remove any slashes from PHP's magic quotes before you
 * call this function.
 *
 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
 * covers all common link protocols, except for 'javascript' which should not
 * be allowed for untrusted users.
 *
 * @since 1.0.0
 *
 * @param string $string Content to filter through kses
 * @param array $allowed_html List of allowed HTML elements
 * @param array $allowed_protocols Optional. Allowed protocol in links.
 * @return string Filtered content with only allowed HTML elements
 */
function nxt_kses($string, $allowed_html, $allowed_protocols = array())
{
    if (empty($allowed_protocols)) {
        $allowed_protocols = nxt_allowed_protocols();
    }
    $string = nxt_kses_no_null($string);
    $string = nxt_kses_js_entities($string);
    $string = nxt_kses_normalize_entities($string);
    $allowed_html_fixed = nxt_kses_array_lc($allowed_html);
    $string = nxt_kses_hook($string, $allowed_html_fixed, $allowed_protocols);
    // nxt changed the order of these funcs and added args to nxt_kses_hook
    return nxt_kses_split($string, $allowed_html_fixed, $allowed_protocols);
}