wp_kses_attr ( $element, $attr, $allowed_html, $allowed_protocols )
- (string) element HTML element/tag.
- (string) attr HTML attributes from HTML element to closing HTML element tag.
- (array|string) allowed_html An array of allowed HTML elements and attributes, or a context name such as 'post'. See wp_kses_allowed_html() for the list of accepted context names.
- (string) allowed_protocols Array of allowed URL protocols.
Defined at:Change Log:
- (string) Sanitized HTML element.
- Introduced in WordPress: 1.0.0
- Deprecated in WordPress: —
Removes all attributes, if none are allowed for this element.If some are allowed it calls `wp_kses_hair()` to split them further, and then
it builds up new HTML code from the data that `wp_kses_hair()` returns. It also
removes `<` and `>` characters, if there are any left. One more thing it does
is to check if the tag has a closing XHTML slash, and if it does, it puts one
in the returned code as well.
An array of allowed values can be defined for attributes. If the attribute value
doesn't fall into the list, the attribute will be removed from the tag.
Attributes can be marked as required. If a required attribute is not present,
KSES will remove all attributes from the tag. As KSES doesn't match opening and
closing tags, it's not possible to safely remove the tag itself, the safest
fallback is to strip all attributes from the tag, instead.