Using WordPress kses for output

Posted By :Harsh Soni |29th May 2018

You may have heard about the wp_kses or encountered it in during writing a code or reading someone's code. Or maybe in reading the WP core.


As it has a weird name, the first question comes to our mind is what it does and where to use it. Let's discuss the use of this functions in briefly


What is "kses"?


Here “kses” stands for “KSES Strips Evil Scripts.” It is a function that is used to filter or only allow the HTML element, attribute names and values that are allowed by you. It is a way to sanitize a string, but not probably the most efficient way. WordPress has its own way to manage Input (Saving into DB) and output (Displaying to the user) of the data. Using this function makes your code more robust and secure. 


     wp_kses( $str, $allowed_html, $allowed_protocols = array() );


The above function accepts three arguments,


  1. $str is a required string field type in which the data need to be filtered or processed before input or output in WordPress
  2. $allowed_html is an array type and a required field in which we can define HTML elements and attributes that are allowed to pass.
  3. $allowed_protocol() is an array type which is optional field. In this, we can specify the allowed protocols. Defaults are 'http', 'https', 'ftp' etc.


Where to use this function ??


Before using this function you have to be clear about what you output or input is going to accept or reject. Once you are clear you can strip out the unnecessary things from your input or output. There are some other variations of this function such as





You can read more about the sanitization and other functions here.


In the end, it is a way to write a code robustly and increasing security in your code. Whenever we write or create a plugin we should make sure we sanitize the output/input. Here are some helper functions for sanitizing output or before the data is being echoed.


About Author

Harsh Soni

Harsh is an experienced software developer with a specialization in the MEAN stack. He is skilled in a wide range of web technologies, including Angular, Node.js, PHP, AWS, and Docker.Throughout his career, Harsh has demonstrated a strong commitment to delivering high-quality software solutions that meet the unique needs of his clients and organizations. His proficiency in Angular and Node.js has allowed him to build dynamic and interactive user interfaces, leveraging the power of modern front-end frameworks. Harsh's expertise also extends to cloud computing and infrastructure management using AWS, enabling him to design and deploy scalable applications with ease. Additionally, his knowledge of Docker has enabled him to streamline the development and deployment process, enhancing efficiency and reducing time-to-market. He excels at analyzing complex technical challenges and devising efficient strategies to overcome them, ensuring the successful completion of projects within deadlines.

Request For Proposal

[contact-form-7 404 "Not Found"]

Ready to innovate ? Let's get in touch

Chat With Us