As of 2.8 and 2.7.4.3 we have to use esc_url
to sanitize links to stop your websites getting hacked.
This can cause issues when you add sample-page
as a link, or something like javascript:SomeFunction()
Tto get around this there are a couple of snippets you can use, please be aware though you are messing with core WP functions these snippets are an example and should be used with caution.
This first filter allows urls to start with a letter, like sample-page
relative link, WP allows
links to start with a forward slash like /sample-page
would be allowed anyway, no need
for the filter.
add_filter( 'clean_url', function( $good_protocol_url, $original_url, $_context ) {
if ( preg_match( '/^(?!http)[a-z0-9]/', $original_url ) ) {
$good_protocol_url = $original_url;
}
return $good_protocol_url;
}, 10, 3 );
This example allows you to add javascript as an allowed protocol and allow javascript:SomeFunction()
to work as a link.
We in no way endorse this, you should be adding JS to layout js or the node js settings.
add_filter( 'kses_allowed_protocols', function( $protocols ) {
$protocols[] = 'javascript';
return $protocols;
});