云策 WordPress 开发者社区

函数文档

wp_kses_post()

查看官方原文 ↗
💡 云策文档标注

概述

wp_kses_post() 函数用于对文章内容进行 HTML 标签过滤,确保只保留允许的标签和属性,常用于安全地输出用户生成的内容。

关键要点

  • 函数基于 wp_kses() 实现,使用 'post' 上下文来定义允许的 HTML 标签和属性。
  • 参数 $data 为必需,接受未转义的数据字符串,返回过滤后的安全内容。
  • 主要用于文章类型的内容,而非表单 $_POST 数据,确保输出安全。

代码示例

if ( ! version_compare( PHP_VERSION, '5.6', '>=' ) ) {
    add_action( 'admin_notices', 'wpdocs_fail_php_version' );
}

function wpdocs_fail_php_version() {
    if ( isset( $_GET['activate'] ) ) {
        unset( $_GET['activate'] );
    }
    $message = sprintf( __( 'My Custom Plugin requires PHP version %s+, plugin is currently NOT RUNNING.', 'wpdocs-text-domain' ), '5.6' );
    $html_message = sprintf( '%s', wpautop( $message ) );
    echo wp_kses_post( $html_message );
}
📄 原文内容

Sanitizes content for allowed HTML tags for post content.

Description

Post content refers to the page contents of the ‘post’ type and not $_POST data from forms.

This function expects unslashed data.

Parameters

$datastringrequired
Post content to filter.

Return

string Filtered post content with allowed HTML tags and attributes intact.

Source

function wp_kses_post( $data ) {
	return wp_kses( $data, 'post' );
}

View all references View on Trac View on GitHub

Uses Description
wp_kses()wp-includes/kses.php

Filters text content and strips out disallowed HTML.
Used by Description
_block_bindings_term_data_get_value()wp-includes/block-bindings/term-data.php

Gets value for Term Data source.
wp_admin_notice()wp-includes/functions.php

Outputs an admin notice.
WP_Site_Health::get_test_page_cache()wp-admin/includes/class-wp-site-health.php

Tests if a full page cache is available.
WP_Widget_Block::update()wp-includes/widgets/class-wp-widget-block.php

Handles updating settings for the current Block widget instance.
WP_REST_Pattern_Directory_Controller::prepare_item_for_response()wp-includes/rest-api/endpoints/class-wp-rest-pattern-directory-controller.php

Prepare a raw block pattern before it gets output in a REST API response.
WP_Widget_Custom_HTML::update()wp-includes/widgets/class-wp-widget-custom-html.php

Handles updating settings for the current Custom HTML widget instance.
install_plugin_information()wp-admin/includes/plugin-install.php

Displays plugin information in dialog box form.
do_settings_sections()wp-admin/includes/template.php

Prints out all settings sections added to a particular settings page.
wp_add_id3_tag_data()wp-admin/includes/media.php

Parses ID3v2, ID3v1, and getID3 comments to extract usable data.
WP_Widget_Text::update()wp-includes/widgets/class-wp-widget-text.php

Handles updating settings for the current Text widget instance.
WP_SimplePie_Sanitize_KSES::sanitize()wp-includes/class-wp-simplepie-sanitize-kses.php

WordPress SimplePie sanitization using KSES.
WP_Customize_Widgets::sanitize_widget_instance()wp-includes/class-wp-customize-widgets.php

Sanitizes a widget instance.

Show 7 moreShow less

Changelog

Version Description
2.9.0 Introduced.

User Contributed Notes

  1. Skip to note 2 content


    Pitabas


    You must log in to vote on the helpfulness of this noteVote results for this note: -5You must log in to vote on the helpfulness of this note

    Display Admin notice

    The following example of basic usage of the wp_kses_post() function. We can use it to print the message in the admin screen. 

    if ( ! version_compare( PHP_VERSION, '5.6', '>=' ) ) {
	add_action( 'admin_notices', 'wpdocs_fail_php_version' );
} 

/**
 * Admin notice for minimum PHP version.
 *
 * Warning when the site doesn't have the minimum required PHP version.
 *
 * @since 1.0.0
 *
 * @return void
 */
function wpdocs_fail_php_version() {

	if ( isset( $_GET['activate'] ) ) {
		unset( $_GET['activate'] );
	}

	/* translators: %s: PHP version */
	$message      = sprintf( __( '<strong>My Custom Plugin</strong> requires PHP version %s+, plugin is currently NOT RUNNING.', 'wpdocs-text-domain' ), '5.6' );
	$html_message = sprintf( '<div class="error">%s</div>', wpautop( $message ) );
	echo wp_kses_post( $html_message );
}