49 jili app login.Claim Your Free 999 Pesos Bonus Today

Resolved Raja Mohammed
(@cthreelabs)

7 years, 3 months ago
Im using wp_kses on a custom content to save it in post meta .

$allowed_html = wp_kses_allowed_html( 'data' );
$complete_layout_data = wp_kses($_POST["complete_layout_data"],$allowed_html );

The dump result of the above code
<a>Click Here</a>

Have no clue what went wrong tried wp_kses_post as well but no success.

Note: Im using a the filter on the second editor .
- This topic was modified 7 years, 3 months ago by Raja Mohammed.
- This topic was modified 7 years, 3 months ago by Andrew Nevins.

Viewing 12 replies - 1 through 12 (of 12 total)

stephencottontail
(@stephencottontail)

7 years, 3 months ago
Can you post the contents of $allowed_html? The format for wp_kses can be a bit weird if you’re not used to it.

Also, because you have to specifically tell wp_kses everything you want to keep, it may not be the right tool for your particular use case. Consider this situation:
```
<?php
$text = '<a href="https://example.org/" class="test" aria-label="foo"></a>';

$new = wp_kses( $text, array( 'a' => array( 'aria-label' => array() ) ) );
?>
```
The contents of $new is '<a aria-label="foo"></a>'; I lost class and href because I didn’t explicitly tell wp_kses that they were allowed.
Thread Starter Raja Mohammed
(@cthreelabs)

7 years, 3 months ago
below is the $allowed_html content , The wp function wp_kses_allowed_html is used to get the array of $allowed_html.

array(14) { ["a"]=> array(2) { ["href"]=> bool(true) ["title"]=> bool(true) } ["abbr"]=> array(1) { ["title"]=> bool(true) } ["acronym"]=> array(1) { ["title"]=> bool(true) } ["b"]=> array(0) { } ["blockquote"]=> array(1) { ["cite"]=> bool(true) } ["cite"]=> array(0) { } ["code"]=> array(0) { } ["del"]=> array(1) { ["datetime"]=> bool(true) } ["em"]=> array(0) { } ["i"]=> array(0) { } ["q"]=> array(1) { ["cite"]=> bool(true) } ["s"]=> array(0) { } ["strike"]=> array(0) { } ["strong"]=> array(0) { } }
- This reply was modified 7 years, 3 months ago by Raja Mohammed.
Thread Starter Raja Mohammed
(@cthreelabs)

7 years, 3 months ago
Here is another $allowed_html array that strips href and results in <a>Click Here</a>.
```
array(21) {
  ["strong"]=>
  array(0) {
  }
  ["em"]=>
  array(0) {
  }
  ["b"]=>
  array(0) {
  }
  ["i"]=>
  array(0) {
  }
  ["u"]=>
  array(0) {
  }
  ["br"]=>
  array(0) {
  }
  ["p"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["h1"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["h2"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["h3"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["h4"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["h5"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["h6"]=>
  array(3) {
    ["align"]=>
    array(0) {
    }
    ["style"]=>
    array(0) {
    }
    ["class"]=>
    array(0) {
    }
  }
  ["li"]=>
  array(2) {
    ["align"]=>
    array(0) {
    }
    ["value"]=>
    array(0) {
    }
  }
  ["ul"]=>
  array(2) {
    ["align"]=>
    array(0) {
    }
    ["value"]=>
    array(0) {
    }
  }
  ["ol"]=>
  array(2) {
    ["align"]=>
    array(0) {
    }
    ["value"]=>
    array(0) {
    }
  }
  ["a"]=>
  array(2) {
    ["href"]=>
    array(0) {
    }
    ["title"]=>
    array(0) {
    }
  }
  ["table"]=>
  array(9) {
    ["align"]=>
    array(0) {
    }
    ["bgcolor"]=>
    array(0) {
    }
    ["border"]=>
    array(0) {
    }
    ["cellpadding"]=>
    array(0) {
    }
    ["cellspacing"]=>
    array(0) {
    }
    ["dir"]=>
    array(0) {
    }
    ["rules"]=>
    array(0) {
    }
    ["summary"]=>
    array(0) {
    }
    ["width"]=>
    array(0) {
    }
  }
  ["tbody"]=>
  array(4) {
    ["align"]=>
    array(0) {
    }
    ["char"]=>
    array(0) {
    }
    ["charoff"]=>
    array(0) {
    }
    ["valign"]=>
    array(0) {
    }
  }
  ["tr"]=>
  array(0) {
  }
  ["td"]=>
  array(15) {
    ["abbr"]=>
    array(0) {
    }
    ["align"]=>
    array(0) {
    }
    ["axis"]=>
    array(0) {
    }
    ["bgcolor"]=>
    array(0) {
    }
    ["char"]=>
    array(0) {
    }
    ["charoff"]=>
    array(0) {
    }
    ["colspan"]=>
    array(0) {
    }
    ["dir"]=>
    array(0) {
    }
    ["headers"]=>
    array(0) {
    }
    ["height"]=>
    array(0) {
    }
    ["nowrap"]=>
    array(0) {
    }
    ["rowspan"]=>
    array(0) {
    }
    ["scope"]=>
    array(0) {
    }
    ["valign"]=>
    array(0) {
    }
    ["width"]=>
    array(0) {
    }
  }
}
```
- This reply was modified 7 years, 3 months ago by Raja Mohammed.
- This reply was modified 7 years, 3 months ago by Raja Mohammed.
Thread Starter Raja Mohammed
(@cthreelabs)

7 years, 3 months ago

@stephencottontail any observations ?

stephencottontail
(@stephencottontail)

7 years, 3 months ago

I’m sorry, but I can’t seem to reproduce your issue, and I’m running out of ideas. Can you post what the <a> tag looks like before you pass it to wp_kses?
Thread Starter Raja Mohammed
(@cthreelabs)

7 years, 3 months ago
@stephencottontail .
The $string passed to wp_kses is a strigified json object. which would be stored in post meta. i just realized its actually stripping all the attributes of any tags and not just anchor tag!!

$string passed is like $string = "[{\"value\":\"<a href=\"#\"> Click Here </a>\"}]
- This reply was modified 7 years, 3 months ago by Raja Mohammed.
Moderator Samuel Wood (Otto)
(@otto42)

www.remarpro.com Admin

7 years, 3 months ago

Yeah, there’s your problem. You need to pass it the plain HTML string, not the json object string. Convert it back to a normal php array using json_decode first, then get the value from that. Pass that through the kses function for filtering.

motifsolution
(@motifsolution)

7 years, 3 months ago

Just pass it the plain html string not json object and then proceed

Thread Starter Raja Mohammed
(@cthreelabs)

7 years, 3 months ago

@otto42 and @motifsolution Yeah that’s true . But in my case I think wp_kses won’t help . Any suggestions to sanitize . I would like to keep the json string .

Moderator Samuel Wood (Otto)
(@otto42)

www.remarpro.com Admin

7 years, 3 months ago

You cannot sanitize it properly when it is in that encoded state. You have to decode it, sanitize it, and then re-encode it back to a json string if you want it in that form.

Thread Starter Raja Mohammed
(@cthreelabs)

7 years, 3 months ago

Okay great . Thanks for the help . @stephencottontail @otto42 @motifsolution ??

motifsolution
(@motifsolution)

7 years, 3 months ago

agreed with @samuel Wood

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Wp_Kses strips anchor attributes’ is closed to new replies.

Wp_Kses strips anchor attributes

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics