+function clean_url( $url, $protocols = null ) {
+ if ('' == $url) return $url;
+ $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
+ $strip = array('%0d', '%0a');
+ $url = str_replace($strip, '', $url);
+ $url = str_replace(';//', '://', $url);
+ // Append http unless a relative link starting with / or a php file.
+ if ( strpos($url, '://') === false &&
+ substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9]+?\.php/i', $url) )
+ $url = 'http://' . $url;
+
+ $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
+ if ( !is_array($protocols) )
+ $protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
+ if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+ return '';
+ return $url;
+}
+
+// Escape single quotes, specialchar double quotes, and fix line endings.
+function js_escape($text) {
+ $safe_text = wp_specialchars($text, 'double');
+ $safe_text = preg_replace('/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes($safe_text));
+ $safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
+ return apply_filters('js_escape', $safe_text, $text);
+}
+
+// Escaping for HTML attributes
+function attribute_escape($text) {
+ $safe_text = wp_specialchars($text, true);
+ return apply_filters('attribute_escape', $safe_text, $text);
+}
+