| 870 | |
| 871 | // Allow `data-*` attributes. |
| 872 | // When filtering or specifying `$allowed_html`, the attribute name should be set as `data-*` |
| 873 | // (not to be mixed with the HTML 4.0 `data` attribute, see https://www.w3.org/TR/html40/struct/objects.html#adef-data). |
| 874 | // Note: the attribute name should only contain `A-Za-z0-9_-` chars. |
| 875 | if ( ! empty( $allowed_attr['data-*'] ) && preg_match( '/^data-[a-z0-9_-]+$/', $name_low, $match ) ) { |
| 876 | // Add the whole attribute name to the allowed attributes and set any restrictions |
| 877 | // for all `data-*` attribute values for this element. |
| 878 | $allowed_attr[ $match[0] ] = $allowed_attr['data-*']; |
| 879 | } |
| 880 | |