Make WordPress Core

Ticket #33121: 33121.diff

File 33121.diff, 1.2 KB (added by azaozz, 6 years ago)
  • src/wp-includes/kses.php

     
    867867        $allowed_attr = $allowed_html[strtolower( $element )];
    868868
    869869        $name_low = strtolower( $name );
     870
     871        // Allow `data-*` attributes.
     872        // When filtering or specifying `$allowed_html`, the attribute name should be set as `data-*`
     873        // (not to be mixed with the HTML 4.0 `data` attribute, see https://www.w3.org/TR/html40/struct/objects.html#adef-data).
     874        // Note: the attribute name should only contain `A-Za-z0-9_-` chars.
     875        if ( ! empty( $allowed_attr['data-*'] ) && preg_match( '/^data-[a-z0-9_-]+$/', $name_low, $match ) ) {
     876                // Add the whole attribute name to the allowed attributes and set any restrictions
     877                // for all `data-*` attribute values for this element.
     878                $allowed_attr[ $match[0] ] = $allowed_attr['data-*'];
     879        }
     880
    870881        if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) {
    871882                $name = $value = $whole = '';
    872883                return false;
     
    18201831                'style' => true,
    18211832                'title' => true,
    18221833                'role' => true,
     1834                'data-*' => true,
    18231835        );
    18241836
    18251837        if ( true === $value )