-// Some default filters
-add_filter('bloginfo','wp_specialchars');
-add_filter('category_description', 'wptexturize');
-add_filter('list_cats', 'wptexturize');
-add_filter('comment_author', 'wptexturize');
-add_filter('comment_text', 'wptexturize');
-add_filter('single_post_title', 'wptexturize');
-add_filter('the_title', 'wptexturize');
-add_filter('the_content', 'wptexturize');
-add_filter('the_excerpt', 'wptexturize');
-add_filter('bloginfo', 'wptexturize');
-
-// Comments, trackbacks, pingbacks
-add_filter('pre_comment_author_name', 'strip_tags');
-add_filter('pre_comment_author_name', 'trim');
-add_filter('pre_comment_author_name', 'wp_specialchars', 30);
-
-add_filter('pre_comment_author_email', 'trim');
-add_filter('pre_comment_author_email', 'sanitize_email');
-
-add_filter('pre_comment_author_url', 'strip_tags');
-add_filter('pre_comment_author_url', 'trim');
-add_filter('pre_comment_author_url', 'clean_url');
-
-add_filter('pre_comment_content', 'stripslashes', 1);
-add_filter('pre_comment_content', 'wp_rel_nofollow', 15);
-add_filter('pre_comment_content', 'balanceTags', 30);
-add_filter('pre_comment_content', 'addslashes', 50);
-
-add_filter('pre_comment_author_name', 'wp_filter_kses');
-add_filter('pre_comment_author_email', 'wp_filter_kses');
-add_filter('pre_comment_author_url', 'wp_filter_kses');
-
-add_action('comment_form', 'wp_comment_form_unfiltered_html_nonce');
-
-// Default filters for these functions
-add_filter('comment_author', 'wptexturize');
-add_filter('comment_author', 'convert_chars');
-add_filter('comment_author', 'wp_specialchars');
-
-add_filter('comment_email', 'antispambot');
-
-add_filter('comment_url', 'clean_url');
-
-add_filter('comment_text', 'convert_chars');
-add_filter('comment_text', 'make_clickable');
-add_filter('comment_text', 'force_balance_tags', 25);
-add_filter('comment_text', 'wpautop', 30);
-add_filter('comment_text', 'convert_smilies', 20);
-
-add_filter('comment_excerpt', 'convert_chars');
-
-// Categories
-add_filter('pre_category_name', 'strip_tags');
-add_filter('pre_category_name', 'trim');
-add_filter('pre_category_name', 'wp_filter_kses');
-add_filter('pre_category_name', 'wp_specialchars', 30);
-add_filter('pre_category_description', 'wp_filter_kses');
-
-//Links
-add_filter('pre_link_name', 'strip_tags');
-add_filter('pre_link_name', 'trim');
-add_filter('pre_link_name', 'wp_filter_kses');
-add_filter('pre_link_name', 'wp_specialchars', 30);
-add_filter('pre_link_description', 'wp_filter_kses');
-add_filter('pre_link_notes', 'wp_filter_kses');
-add_filter('pre_link_url', 'strip_tags');
-add_filter('pre_link_url', 'trim');
-add_filter('pre_link_url', 'clean_url');
-add_filter('pre_link_image', 'strip_tags');
-add_filter('pre_link_image', 'trim');
-add_filter('pre_link_image', 'clean_url');
-add_filter('pre_link_rss', 'strip_tags');
-add_filter('pre_link_rss', 'trim');
-add_filter('pre_link_rss', 'clean_url');
-add_filter('pre_link_target', 'strip_tags');
-add_filter('pre_link_target', 'trim');
-add_filter('pre_link_target', 'wp_filter_kses');
-add_filter('pre_link_target', 'wp_specialchars', 30);
-add_filter('pre_link_rel', 'strip_tags');
-add_filter('pre_link_rel', 'trim');
-add_filter('pre_link_rel', 'wp_filter_kses');
-add_filter('pre_link_rel', 'wp_specialchars', 30);
-
-// Users
-add_filter('pre_user_display_name', 'strip_tags');
-add_filter('pre_user_display_name', 'trim');
-add_filter('pre_user_display_name', 'wp_filter_kses');
-add_filter('pre_user_display_name', 'wp_specialchars', 30);
-add_filter('pre_user_first_name', 'strip_tags');
-add_filter('pre_user_first_name', 'trim');
-add_filter('pre_user_first_name', 'wp_filter_kses');
-add_filter('pre_user_first_name', 'wp_specialchars', 30);
-add_filter('pre_user_last_name', 'strip_tags');
-add_filter('pre_user_last_name', 'trim');
-add_filter('pre_user_last_name', 'wp_filter_kses');
-add_filter('pre_user_last_name', 'wp_specialchars', 30);
-add_filter('pre_user_nickname', 'strip_tags');
-add_filter('pre_user_nickname', 'trim');
-add_filter('pre_user_nickname', 'wp_filter_kses');
-add_filter('pre_user_nickname', 'wp_specialchars', 30);
-add_filter('pre_user_description', 'trim');
-add_filter('pre_user_description', 'wp_filter_kses');
-add_filter('pre_user_url', 'strip_tags');
-add_filter('pre_user_url', 'trim');
-add_filter('pre_user_url', 'clean_url');
-add_filter('pre_user_email', 'trim');
-add_filter('pre_user_email', 'sanitize_email');
+// Strip, trim, kses, special chars for string saves
+foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
+ add_filter( $filter, 'sanitize_text_field' );
+ add_filter( $filter, 'wp_filter_kses' );
+ add_filter( $filter, '_wp_specialchars', 30 );
+}
+
+// Strip, kses, special chars for string display
+foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', 'link_rel', 'user_display_name', 'user_first_name', 'user_last_name', 'user_nickname' ) as $filter ) {
+ if ( is_admin() ) {
+ // These are expensive. Run only on admin pages for defense in depth.
+ add_filter( $filter, 'sanitize_text_field' );
+ add_filter( $filter, 'wp_kses_data' );
+ }
+ add_filter( $filter, '_wp_specialchars', 30 );
+}
+
+// Kses only for textarea saves
+foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
+ add_filter( $filter, 'wp_filter_kses' );
+}
+
+// Kses only for textarea admin displays
+if ( is_admin() ) {
+ foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
+ add_filter( $filter, 'wp_kses_data' );
+ }
+ add_filter( 'comment_text', 'wp_kses_post' );
+}
+
+// Email saves
+foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
+ add_filter( $filter, 'trim' );
+ add_filter( $filter, 'sanitize_email' );
+ add_filter( $filter, 'wp_filter_kses' );
+}
+
+// Email admin display
+foreach ( array( 'comment_author_email', 'user_email' ) as $filter ) {
+ add_filter( $filter, 'sanitize_email' );
+ if ( is_admin() )
+ add_filter( $filter, 'wp_kses_data' );
+}
+
+// Save URL
+foreach ( array( 'pre_comment_author_url', 'pre_user_url', 'pre_link_url', 'pre_link_image',
+ 'pre_link_rss', 'pre_post_guid' ) as $filter ) {
+ add_filter( $filter, 'wp_strip_all_tags' );
+ add_filter( $filter, 'esc_url_raw' );
+ add_filter( $filter, 'wp_filter_kses' );
+}
+
+// Display URL
+foreach ( array( 'user_url', 'link_url', 'link_image', 'link_rss', 'comment_url', 'post_guid' ) as $filter ) {
+ if ( is_admin() )
+ add_filter( $filter, 'wp_strip_all_tags' );
+ add_filter( $filter, 'esc_url' );
+ if ( is_admin() )
+ add_filter( $filter, 'wp_kses_data' );
+}
+
+// Slugs
+foreach ( array( 'pre_term_slug' ) as $filter ) {
+ add_filter( $filter, 'sanitize_title' );
+}
+
+// Keys
+foreach ( array( 'pre_post_type' ) as $filter ) {
+ add_filter( $filter, 'sanitize_user' );
+}
+foreach ( array( 'pre_post_status', 'pre_post_comment_status', 'pre_post_ping_status' ) as $filter ) {
+ add_filter( $filter, 'sanitize_key' );
+}
+
+// Mime types
+add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
+add_filter( 'post_mime_type', 'sanitize_mime_type' );