Apart from providing a granular control for allowed HTML tags does wp_kses
provide any additional benefits over wp_strip_all_tags
? Essentially, if I were to use wp_kses
and set it to not
allow any HTML or protocols, would it carry any benefit over just using wp_strip_all_tags
?
1
I wouldn’t call it a benefit or disadvantage, but more of a difference: wp_strip_all_tags
simply strips all tags (except for the allowed tags) but does not delete their content by calling the PHP function strip_tags
, after removing script
and style
tags in full, including their contents. wp_kses
does no such thing:
// Returns 'alert( "test" )' (content of script tag)
wp_kses( '<script>alert( "test" );</script>', array() );
// Returns '' (empty string)
wp_strip_all_tags( '<script>alert( "test" );</script>' );
So, if you were to use wp_kses
and set it to not allow any HTML, it would differ from wp_strip_all_tags
in that it would not remove the content of script
and style
tags.