Typical wp_kses $allowed

I have a custom post textbox that I want to sanitize using wp_kses before I update my post meta.

I was looking for examples of common $allowed settings, but I have only seen this example:

$allowed = array(  
        'a' => array( // on allow a tags  
            'href' => array() // and those anchors can only have href attribute  

What is a typical wp_kses $allowed setting? Can someone provide an example of what they normally filter for?


I would disagree with the solution posted by @JaredCobb, wp_kses() is much more flexible than the method he presented. It can strip out unwanted attributes from tags without destroying the tags themselves. For example, if the user put in <strong class="foo">, wp_kses() would return <strong> if you did not allow class, whereas strip_tags() would remove the <strong> completely.

@redconservatory: The attributes you’ll want to use are as follows:

$args = array(
    'strong' => array(),
    'em'     => array(),
    'b'      => array(),
    'i'      => array(),

    'a'     => array(
        'href' => array()

This will allow bold and italics with no attributes, as well as anchor tags with an href attributes…and nothing else. It uses the whitelisting principle, which @jaredcobb rightly noted is the better way to go here.

Leave a Comment