云策 WordPress 开发者社区

函数文档

wp_kses_uri_attributes()

查看官方原文 ↗
💡 云策文档标注

概述

wp_kses_uri_attributes() 函数返回一个包含 URL 值的 HTML 属性名称数组,基于 HTML 规范定义。此列表包括 KSES 允许和禁止的 URI 属性,并可通过过滤器进行自定义。

关键要点

  • 函数返回一个字符串数组,表示必须包含 URL 的 HTML 属性名称。
  • 内置属性列表包括 action、href、src 等常见 URI 属性。
  • 支持通过 wp_kses_uri_attributes 过滤器添加或修改属性列表,例如用于自定义 data- 属性。
  • 函数在 WordPress 5.0.1 版本中引入,用于增强 HTML 安全验证。

代码示例

function wp_kses_uri_attributes() {
	$uri_attributes = array(
		'action',
		'archive',
		'background',
		'cite',
		'classid',
		'codebase',
		'data',
		'formaction',
		'href',
		'icon',
		'longdesc',
		'manifest',
		'poster',
		'profile',
		'src',
		'usemap',
		'xmlns',
	);

	/**
	 * Filters the list of attributes that are required to contain a URL.
	 *
	 * Use this filter to add any `data-` attributes that are required to be
	 * validated as a URL.
	 *
	 * @since 5.0.1
	 *
	 * @param string[] $uri_attributes HTML attribute names whose value contains a URL.
	 */
	$uri_attributes = apply_filters( 'wp_kses_uri_attributes', $uri_attributes );

	return $uri_attributes;
}

注意事项

  • 此函数主要用于 KSES 相关函数(如 wp_kses_one_attr())中验证 URL 属性,确保 HTML 安全性。
  • 开发者可以通过过滤器扩展属性列表,以适应自定义需求,但需谨慎处理以避免安全漏洞。
📄 原文内容

Returns an array of HTML attribute names whose value contains a URL.

Description

This function returns a list of all HTML attributes that must contain a URL according to the HTML specification.

This list includes URI attributes both allowed and disallowed by KSES.

Return

string[] HTML attribute names whose value contains a URL.

Source

function wp_kses_uri_attributes() {
	$uri_attributes = array(
		'action',
		'archive',
		'background',
		'cite',
		'classid',
		'codebase',
		'data',
		'formaction',
		'href',
		'icon',
		'longdesc',
		'manifest',
		'poster',
		'profile',
		'src',
		'usemap',
		'xmlns',
	);

	/**
	 * Filters the list of attributes that are required to contain a URL.
	 *
	 * Use this filter to add any `data-` attributes that are required to be
	 * validated as a URL.
	 *
	 * @since 5.0.1
	 *
	 * @param string[] $uri_attributes HTML attribute names whose value contains a URL.
	 */
	$uri_attributes = apply_filters( 'wp_kses_uri_attributes', $uri_attributes );

	return $uri_attributes;
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘wp_kses_uri_attributes’, string[] $uri_attributes )

Filters the list of attributes that are required to contain a URL.

Uses Description
apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.
Used by Description
WP_HTML_Tag_Processor::set_attribute()wp-includes/html-api/class-wp-html-tag-processor.php

Updates or creates a new attribute on the currently matched tag with the passed value.
wp_kses_one_attr()wp-includes/kses.php

Filters one HTML attribute and ensures its value is allowed.
wp_kses_hair()wp-includes/kses.php

Builds an attribute list from string containing attributes.

Changelog

Version Description
5.0.1 Introduced.