I have a custom post textbox that I want to sanitize using wp_kses before I update my post meta.
I was looking for examples of common $allowed settings, but I have only seen this example:
$allowed = array(
'a' => array( // on allow a tags
'href' => array() // and those anchors can only have href attribute
)
);
What is a typical wp_kses $allowed setting? Can someone provide an example of what they normally filter for?
I would disagree with the solution posted by @JaredCobb, wp_kses() is much more flexible than the method he presented. It can strip out unwanted attributes from tags without destroying the tags themselves. For example, if the user put in <strong class="foo">, wp_kses() would return <strong> if you did not allow class, whereas strip_tags() would remove the <strong> completely.
@redconservatory: The attributes you’ll want to use are as follows:
$args = array(
//formatting
'strong' => array(),
'em' => array(),
'b' => array(),
'i' => array(),
//links
'a' => array(
'href' => array()
)
);
This will allow bold and italics with no attributes, as well as anchor tags with an href attributes…and nothing else. It uses the whitelisting principle, which @jaredcobb rightly noted is the better way to go here.