quotes, angle braces, and entities.
$value = esc_attr( $value );
// Sanitize URI values.
if ( in_array( strtolower( $name ), $uris, true ) ) {
$value = wp_kses_bad_protocol( $value, $allowed_protocols );
}
$attr = "$name=$quote$value$quote";
$vless = 'n';
} else {
$value = '';
$vless = 'y';
}
// Sanitize attribute by name.
wp_kses_attr_check( $name, $value, $attr, $vless, $element, $allowed_html );
// Restore whitespace.
return $lead . $attr . $trail;
}
/**
* Returns an array of allowed HTML tags and attributes for a given context.
*
* @since 3.5.0
* @since 5.0.1 `form` removed as allowable HTML tag.
*
* @global array $allowedposttags
* @global array $allowedtags
* @global array $allowedentitynames
*
* @param string|array $context The context for which to retrieve tags. Allowed values are 'post',
* 'strip', 'data', 'entities', or the name of a field filter such as
* 'pre_user_description', or an array of allowed HTML elements and attributes.
* @return array Array of allowed HTML tags and their allowed attributes.
*/
function wp_kses_allowed_html( $context = '' ) {
global $allowedposttags, $allowedtags, $allowedentitynames;
if ( is_array( $context ) ) {
// When `$context` is an array it's actually an array of allowed HTML elements and attributes.
$html = $context;
$context = 'explicit';
/**
* Filters the HTML tags that are allowed for a given context.
*
* HTML tags and attribute names are case-insensitive in HTML but must be
* added to the KSES allow list in lowercase. An item added to the allow list
* in upper or mixed case will not recognized as permitted by KSES.
*
* @since 3.5.0
*
* @param array[] $html Allowed HTML tags.
* @param string $context Context name.
*/
return apply_filters( 'wp_kses_allowed_html', $html, $context );
}
switch ( $context ) {
case 'post':
/** This filter is documented in wp-includes/kses.php */
$tags = apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
// 5.0.1 removed the `