What is the difference between strip_tags and wp_filter_nohtml_kses. I tried to figure wp_filter_nohtml_kses from the source but it looks like it does something a bit more complex than strip all html even though thats what the codex says. I think the kses functions are expensive so I wonder why not use strip_tags if all it does is strip the html.
1 Answer
Technical difference is kinda obvious. PHP one is single function, using logic in PHP code. WP one is one of family of functions, based on third party KSES library.
Is there practical difference between these two specific functions? I think the important point is that strip_tags() was made for utility, while KSES was made for security.
So, while results would likely be close in most cases, I would expect KSES implementation be slower and more thorough.
I have encountered comparison of HTML filters at HTML Purifier site, following is excerpt of strip_tags() and kses (original, non-WP version) summary (there is more there on both):
+------------+------------+---------+-------------+---------+------------+--------------------------+
| Library | Whitelist | Removal | Well-formed | Nesting | Attributes | XSS safe | Standards safe |
+------------+------------+---------+-------------+---------+------------+----------+----------------+
| strip_tags | Yes (user) | Buggy | No | No | No | No | No |
| kses | Yes (user) | Yes | No | No | Partial | Probably | No |
+------------+------------+---------+-------------+---------+------------+----------+----------------+
