Filtering HTML to exclude all but a small number of HTML elements and attributes

How much do we trust user input? Not. At. All. That’s how much we trust user input. You just don’t know where they’ve been!

WordPress has such a plethora of functions for escaping and filtering input and output, that I’m always discovering new possibilities. One I found recently is wp_kses, which allows you to strip out all HTML leaving only a limited set of allowed elements and attributes.

Continue reading Filtering HTML to exclude all but a small number of HTML elements and attributes