Make WordPress Core

Opened 6 years ago

Closed 3 years ago

Last modified 3 years ago

#40606 closed defect (bug) (invalid)

wp_filter_nohtml_kses escaping single quotes even when no HTML tags are being used in the string

Reported by: samuelaguilera's profile samuelaguilera Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.4
Component: Formatting Keywords:
Focuses: docs Cc:


According to Codex wp_filter_nohtml_kses( $data ) should only strip all of the HTML in the content. But it also escapes single quotes in plain text.


        $filtered_string = wp_filter_nohtml_kses(  "You're not allowed to do this!" );
        echo $filtered_string;

The above will output:

You\'re not allowed to do this!

Change History (3)

This ticket was mentioned in Slack in #core by noisysocks. View the logs.

3 years ago

#2 @dd32
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hey @samuelaguilera, I apologise for this ticket not receiving any feedback in quite some time.

The wp_filter_nohtml_kses function is designed to act on a filter which accepts, and returns, slashed data.

The correct way to call the function in this case would therefor be wp_filter_nohtml_kses( "You\'re not allowed to do this!" ); and get the same result back.

For reference for others, the correct function to call in this case would be wp_kses( "You're not allowed to do this!", "strip" );.

I'm marking this as invalid based on the above, if anyone wants to suggest some documentation changes for this, upload a patch and re-open the ticket please :)

#3 @SergeyBiryukov
3 years ago

  • Component changed from General to Formatting
  • Focuses docs added
Note: See TracTickets for help on using tickets.