wp_kses_split2

The timeline below displays how wordpress function wp_kses_split2 has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.4

/**
 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
 * @param string         $content           Content to filter.
 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
 *                                          for the list of accepted context names.
 * @param string[]       $allowed_protocols Array of allowed URL protocols.
 * @return string Fixed HTML element
 */
function wp_kses_split2($content, $allowed_html, $allowed_protocols)
{
    $content = wp_kses_stripslashes($content);
    // It matched a ">" character.
    if (!str_starts_with($content, '<')) {
        return '&gt;';
    }
    // Allow HTML comments.
    if (str_starts_with($content, '<!--')) {
        $content = str_replace(array('<!--', '-->'), '', $content);
        while (($newstring = wp_kses($content, $allowed_html, $allowed_protocols)) !== $content) {
            $content = $newstring;
        }
        if ('' === $content) {
            return '';
        }
        // Prevent multiple dashes in comments.
        $content = preg_replace('/--+/', '-', $content);
        // Prevent three dashes closing a comment.
        $content = preg_replace('/-$/', '', $content);
        return "<!--{$content}-->";
    }
    // It's seriously malformed.
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $content, $matches)) {
        return '';
    }
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    // They are using a not allowed HTML element.
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // No attributes are allowed for closing elements.
    if ('' !== $slash) {
        return "</{$elem}>";
    }
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 6.3

/**
 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
 * @param string         $content           Content to filter.
 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
 *                                          for the list of accepted context names.
 * @param string[]       $allowed_protocols Array of allowed URL protocols.
 * @return string Fixed HTML element
 */
function wp_kses_split2($content, $allowed_html, $allowed_protocols)
{
    $content = wp_kses_stripslashes($content);
    // It matched a ">" character.
    if (!str_starts_with($content, '<')) {
        return '&gt;';
    }
    // Allow HTML comments.
    if (str_starts_with($content, '<!--')) {
        $content = str_replace(array('<!--', '-->'), '', $content);
        while (($newstring = wp_kses($content, $allowed_html, $allowed_protocols)) != $content) {
            $content = $newstring;
        }
        if ('' === $content) {
            return '';
        }
        // Prevent multiple dashes in comments.
        $content = preg_replace('/--+/', '-', $content);
        // Prevent three dashes closing a comment.
        $content = preg_replace('/-$/', '', $content);
        return "<!--{$content}-->";
    }
    // It's seriously malformed.
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $content, $matches)) {
        return '';
    }
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    // They are using a not allowed HTML element.
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // No attributes are allowed for closing elements.
    if ('' !== $slash) {
        return "</{$elem}>";
    }
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 6.2

/**
 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
 * @param string         $content           Content to filter.
 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
 *                                          for the list of accepted context names.
 * @param string[]       $allowed_protocols Array of allowed URL protocols.
 * @return string Fixed HTML element
 */
function wp_kses_split2($content, $allowed_html, $allowed_protocols)
{
    $content = wp_kses_stripslashes($content);
    // It matched a ">" character.
    if ('<' !== substr($content, 0, 1)) {
        return '&gt;';
    }
    // Allow HTML comments.
    if ('<!--' === substr($content, 0, 4)) {
        $content = str_replace(array('<!--', '-->'), '', $content);
        while (($newstring = wp_kses($content, $allowed_html, $allowed_protocols)) != $content) {
            $content = $newstring;
        }
        if ('' === $content) {
            return '';
        }
        // Prevent multiple dashes in comments.
        $content = preg_replace('/--+/', '-', $content);
        // Prevent three dashes closing a comment.
        $content = preg_replace('/-$/', '', $content);
        return "<!--{$content}-->";
    }
    // It's seriously malformed.
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $content, $matches)) {
        return '';
    }
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    // They are using a not allowed HTML element.
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // No attributes are allowed for closing elements.
    if ('' !== $slash) {
        return "</{$elem}>";
    }
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 5.5

/**
 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
 * @param string         $string            Content to filter.
 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
 *                                          for the list of accepted context names.
 * @param string[]       $allowed_protocols Array of allowed URL protocols.
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    // It matched a ">" character.
    if ('<' !== substr($string, 0, 1)) {
        return '&gt;';
    }
    // Allow HTML comments.
    if ('<!--' === substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while (($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) != $string) {
            $string = $newstring;
        }
        if ('' === $string) {
            return '';
        }
        // Prevent multiple dashes in comments.
        $string = preg_replace('/--+/', '-', $string);
        // Prevent three dashes closing a comment.
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    // It's seriously malformed.
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    // They are using a not allowed HTML element.
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // No attributes are allowed for closing elements.
    if ('' !== $slash) {
        return "</{$elem}>";
    }
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 5.4

/**
 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
 * @param string   $string            Content to filter.
 * @param array    $allowed_html      Allowed HTML elements.
 * @param string[] $allowed_protocols Array of allowed URL protocols.
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    // It matched a ">" character.
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    // Allow HTML comments.
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while (($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) != $string) {
            $string = $newstring;
        }
        if ('' == $string) {
            return '';
        }
        // Prevent multiple dashes in comments.
        $string = preg_replace('/--+/', '-', $string);
        // Prevent three dashes closing a comment.
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    // It's seriously malformed.
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    // They are using a not allowed HTML element.
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // No attributes are allowed for closing elements.
    if ('' != $slash) {
        return "</{$elem}>";
    }
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 5.1

/**
 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @ignore
 * @since 1.0.0
 *
 * @param string   $string            Content to filter.
 * @param array    $allowed_html      Allowed HTML elements.
 * @param string[] $allowed_protocols Array of allowed URL protocols.
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    // It matched a ">" character.
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    // Allow HTML comments.
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while ($string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols)) {
            $string = $newstring;
        }
        if ($string == '') {
            return '';
        }
        // prevent multiple dashes in comments
        $string = preg_replace('/--+/', '-', $string);
        // prevent three dashes closing a comment
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    // It's seriously malformed.
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    // They are using a not allowed HTML element.
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // No attributes are allowed for closing elements.
    if ($slash != '') {
        return "</{$elem}>";
    }
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 4.7

/**
 * Callback for wp_kses_split for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no
 * strip_tags()!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @since 1.0.0
 *
 * @param string $string            Content to filter
 * @param array  $allowed_html      Allowed HTML elements
 * @param array  $allowed_protocols Allowed protocols to keep
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    // It matched a ">" character
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while ($string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols)) {
            $string = $newstring;
        }
        if ($string == '') {
            return '';
        }
        // prevent multiple dashes in comments
        $string = preg_replace('/--+/', '-', $string);
        // prevent three dashes closing a comment
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    // Allow HTML comments
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    // It's seriously malformed
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // They are using a not allowed HTML element
    if ($slash != '') {
        return "</{$elem}>";
    }
    // No attributes are allowed for closing elements
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 4.3

/**
 * Callback for wp_kses_split for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no
 * strip_tags()!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @since 1.0.0
 *
 * @param string $string            Content to filter
 * @param array  $allowed_html      Allowed HTML elements
 * @param array  $allowed_protocols Allowed protocols to keep
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    // It matched a ">" character
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while ($string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols)) {
            $string = $newstring;
        }
        if ($string == '') {
            return '';
        }
        // prevent multiple dashes in comments
        $string = preg_replace('/--+/', '-', $string);
        // prevent three dashes closing a comment
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    // Allow HTML comments
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    // It's seriously malformed
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // They are using a not allowed HTML element
    if ($slash != '') {
        return "</{$elem}>";
    }
    // No attributes are allowed for closing elements
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 4.2

/**
 * Callback for wp_kses_split for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no
 * strip_tags()!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @since 1.0.0
 *
 * @param string $string Content to filter
 * @param array $allowed_html Allowed HTML elements
 * @param array $allowed_protocols Allowed protocols to keep
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    // It matched a ">" character
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while ($string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols)) {
            $string = $newstring;
        }
        if ($string == '') {
            return '';
        }
        // prevent multiple dashes in comments
        $string = preg_replace('/--+/', '-', $string);
        // prevent three dashes closing a comment
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    // Allow HTML comments
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    // It's seriously malformed
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    // They are using a not allowed HTML element
    if ($slash != '') {
        return "</{$elem}>";
    }
    // No attributes are allowed for closing elements
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 4.1

/**
 * Callback for wp_kses_split for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no
 * strip_tags()!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @since 1.0.0
 *
 * @param string $string Content to filter
 * @param array $allowed_html Allowed HTML elements
 * @param array $allowed_protocols Allowed protocols to keep
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    # It matched a ">" character
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while ($string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols)) {
            $string = $newstring;
        }
        if ($string == '') {
            return '';
        }
        // prevent multiple dashes in comments
        $string = preg_replace('/--+/', '-', $string);
        // prevent three dashes closing a comment
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    # Allow HTML comments
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    # It's seriously malformed
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    # They are using a not allowed HTML element
    if ($slash != '') {
        return "</{$elem}>";
    }
    # No attributes are allowed for closing elements
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}

WordPress Version: 3.7

/**
 * Callback for wp_kses_split for fixing malformed HTML tags.
 *
 * This function does a lot of work. It rejects some very malformed things like
 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no
 * strip_tags()!). Otherwise it splits the tag into an element and an attribute
 * list.
 *
 * After the tag is split into an element and an attribute list, it is run
 * through another filter which will remove illegal attributes and once that is
 * completed, will be returned.
 *
 * @access private
 * @since 1.0.0
 * @uses wp_kses_attr()
 *
 * @param string $string Content to filter
 * @param array $allowed_html Allowed HTML elements
 * @param array $allowed_protocols Allowed protocols to keep
 * @return string Fixed HTML element
 */
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
    $string = wp_kses_stripslashes($string);
    if (substr($string, 0, 1) != '<') {
        return '&gt;';
    }
    # It matched a ">" character
    if ('<!--' == substr($string, 0, 4)) {
        $string = str_replace(array('<!--', '-->'), '', $string);
        while ($string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols)) {
            $string = $newstring;
        }
        if ($string == '') {
            return '';
        }
        // prevent multiple dashes in comments
        $string = preg_replace('/--+/', '-', $string);
        // prevent three dashes closing a comment
        $string = preg_replace('/-$/', '', $string);
        return "<!--{$string}-->";
    }
    # Allow HTML comments
    if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
        return '';
    }
    # It's seriously malformed
    $slash = trim($matches[1]);
    $elem = $matches[2];
    $attrlist = $matches[3];
    if (!is_array($allowed_html)) {
        $allowed_html = wp_kses_allowed_html($allowed_html);
    }
    if (!isset($allowed_html[strtolower($elem)])) {
        return '';
    }
    # They are using a not allowed HTML element
    if ($slash != '') {
        return "</{$elem}>";
    }
    # No attributes are allowed for closing elements
    return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}