Apart from providing a granular control for allowed HTML tags does wp_kses provide any additional benefits over wp_strip_all_tags? Essentially, if I were to use wp_kses and set it to not allow any HTML or protocols, would it carry any benefit over just using wp_strip_all_tags?

1
1

I wouldn’t call it a benefit or disadvantage, but more of a difference: wp_strip_all_tags simply strips all tags (except for the allowed tags) but does not delete their content by calling the PHP function strip_tags, after removing script and style tags in full, including their contents. wp_kses does no such thing:

// Returns 'alert( "test" )' (content of script tag)
wp_kses( '<script>alert( "test" );</script>', array() );

// Returns '' (empty string)
wp_strip_all_tags( '<script>alert( "test" );</script>' );

So, if you were to use wp_kses and set it to not allow any HTML, it would differ from wp_strip_all_tags in that it would not remove the content of script and style tags.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *