WordPress.org

Make WordPress Core

Ticket #33948: wp-scripts-sri-patch.diff

File wp-scripts-sri-patch.diff, 13.0 KB (added by joe_bopper, 3 years ago)
  • wp-includes/class.wp-scripts.php

     
    341341
    342342                if ( ! $src )
    343343                        return true;
     344     
     345    $extra_attributes = isset( $obj->extra['attributes'] ) && is_array( $obj->extra['attributes'] ) ? $obj->extra['attributes'] : array();
     346   
     347    /**
     348                 * Filters the additional attribute names and values for the the script tag
     349                 *
     350                 * @since joe_bopper patch
     351                 *
     352                 * @param array $extra_attributes The current name-value pairs.
     353                 * @param string $handle          The script's registered handle.
     354                 */
     355    $extra_attributes = apply_filters( 'script_loader_extra_attributes', $extra_attributes, $handle );
     356   
     357    //prevent conflict of script attributes
     358    unset( $extra_attributes['type'], $extra_attributes['src'] );
     359   
     360    $attributes_str = "";
     361    $attributes_applied = array();
     362    foreach( $extra_attributes as $attr_name => $attr_value ){
     363      /**
     364       * Filters the value for a given attribute of the the script tag
     365       *
     366       * @since joe_bopper patch
     367       *
     368       * @param array $attr_value The current attribute value.
     369       * @param string $handle    The script's registered handle.
     370       */
     371      $attr_value = esc_attr( apply_filters( "script_loader_{$attr_name}_attribute", $attr_value, $handle ) );
     372      $attr_name = esc_attr_name( $attr_name );
     373     
     374      //prevent duplication conflict
     375      if( $attr_name && ! in_array( $attr_name, $attributes_applied ) ){
     376        $attributes_str .= " {$attr_name}='{$attr_value}'";
     377        $attributes_applied[] = $attr_name;
     378      }
     379    }
    344380
    345                 $tag = "{$cond_before}{$before_handle}<script type='text/javascript' src='$src'></script>\n{$after_handle}{$cond_after}";
     381                $tag = "{$cond_before}{$before_handle}<script type='text/javascript' src='$src'{$attributes_str}></script>\n{$after_handle}{$cond_after}";
    346382
    347383                /**
    348384                 * Filters the HTML script tag of an enqueued script.
  • wp-includes/class.wp-styles.php

     
    188188                $rel = isset($obj->extra['alt']) && $obj->extra['alt'] ? 'alternate stylesheet' : 'stylesheet';
    189189                $title = isset($obj->extra['title']) ? "title='" . esc_attr( $obj->extra['title'] ) . "'" : '';
    190190
     191    $extra_attributes = isset( $obj->extra['attributes'] ) && is_array( $obj->extra['attributes'] ) ? $obj->extra['attributes'] : array();
     192   
     193    /**
     194                 * Filters the additional attribute names and values for the the style tag
     195                 *
     196                 * @since joe_bopper patch
     197                 *
     198                 * @param array $extra_attributes The current name-value pairs.
     199                 * @param string $handle          The style's registered handle.
     200                 */
     201    $extra_attributes = apply_filters( 'style_loader_extra_attributes', $extra_attributes, $handle );
     202   
     203    //prevent conflict of style attributes
     204    unset( $extra_attributes['rel'], $extra_attributes['id'], $extra_attributes['title'], $extra_attributes['href'], $extra_attributes['type'], $extra_attributes['media'] );
     205   
     206    $attributes_str = "";
     207    $attributes_applied = array();
     208    foreach( $extra_attributes as $attr_name => $attr_value ){
     209      /**
     210       * Filters the value for a given attribute of the the style tag
     211       *
     212       * @since joe_bopper patch
     213       *
     214       * @param array $attr_value The current attribute value.
     215       * @param string $handle    The style's registered handle.
     216       */
     217      $attr_value = esc_attr( apply_filters( "style_loader_{$attr_name}_attribute", $attr_value, $handle ) );
     218      $attr_name = esc_attr_name( $attr_name );
     219     
     220      //prevent duplication conflict
     221      if( $attr_name && ! in_array( $attr_name, $attributes_applied ) ){
     222        $attributes_str .= " {$attr_name}='{$attr_value}'";
     223        $attributes_applied[] = $attr_name;
     224      }
     225    }
     226
    191227                /**
    192228                 * Filters the HTML link tag of an enqueued style.
    193229                 *
     
    200236                 * @param string $href   The stylesheet's source URL.
    201237                 * @param string $media  The stylesheet's media attribute.
    202238                 */
    203                 $tag = apply_filters( 'style_loader_tag', "<link rel='$rel' id='$handle-css' $title href='$href' type='text/css' media='$media' />\n", $handle, $href, $media);
     239                $tag = apply_filters( 'style_loader_tag', "<link rel='$rel' id='$handle-css' $title href='$href' type='text/css' media='$media'{$attributes_str} />\n", $handle, $href, $media);
    204240                if ( 'rtl' === $this->text_direction && isset($obj->extra['rtl']) && $obj->extra['rtl'] ) {
    205241                        if ( is_bool( $obj->extra['rtl'] ) || 'replace' === $obj->extra['rtl'] ) {
    206242                                $suffix = isset( $obj->extra['suffix'] ) ? $obj->extra['suffix'] : '';
     
    210246                        }
    211247
    212248                        /** This filter is documented in wp-includes/class.wp-styles.php */
    213                         $rtl_tag = apply_filters( 'style_loader_tag', "<link rel='$rel' id='$handle-rtl-css' $title href='$rtl_href' type='text/css' media='$media' />\n", $handle, $rtl_href, $media );
     249                        $rtl_tag = apply_filters( 'style_loader_tag', "<link rel='$rel' id='$handle-rtl-css' $title href='$rtl_href' type='text/css' media='$media'{$attributes_str} />\n", $handle, $rtl_href, $media );
    214250
    215251                        if ( $obj->extra['rtl'] === 'replace' ) {
    216252                                $tag = $rtl_tag;
  • wp-includes/formatting.php

     
    39473947}
    39483948
    39493949/**
     3950 * Escaping for HTML attributes.
     3951 *
     3952 * @since 2.8.0
     3953 *
     3954 * @param string $text
     3955 * @return string
     3956 */
     3957function esc_attr_name( $text ) {
     3958        $safe_text = wp_check_invalid_utf8( $text );
     3959        $safe_text = preg_replace( '/[\t\n\f \/>"\'=]+/', '_', $safe_text );
     3960        /**
     3961         * Filters a string cleaned and escaped for output as an HTML attribute name.
     3962         *
     3963         * Text passed to esc_attr_name() is stripped of invalid or special characters
     3964         * before output.
     3965         *
     3966         * @since joe_bopper patch
     3967         *
     3968         * @param string $safe_text The text after it has been escaped.
     3969         * @param string $text      The text prior to being escaped.
     3970         */
     3971        $safe_text = apply_filters( 'attribute_name_escape', $safe_text, $text );
     3972 
     3973  //Notably, an attribute name cannot be an empty string.
     3974  return $safe_text ? $safe_text : 'empty_string_supplied_as_attribute_name';
     3975}
     3976
     3977/**
    39503978 * Escaping for textarea values.
    39513979 *
    39523980 * @since 3.1.0
  • wp-includes/functions.wp-scripts.php

     
    323323 *
    324324 * @since 4.2.0
    325325 *
    326  * @see WP_Dependency::add_data()
     326 * @see WP_Dependencies::add_data()
    327327 *
    328328 * @param string $handle Name of the script.
    329329 * @param string $key    Name of data point for which we're storing a value.
     
    333333function wp_script_add_data( $handle, $key, $value ){
    334334        return wp_scripts()->add_data( $handle, $key, $value );
    335335}
     336
     337/**
     338 * Get the additional attributes metadata of a script.
     339 *
     340 * Works only if the script has already been registered.
     341 *
     342 * @since joe_bopper patch
     343 *
     344 * @param string $handle Name of the script.
     345 * @return array Name-value attribute pairs.
     346 */
     347function wp_script_get_extra_attributes( $handle ) {
     348  $wp_scripts = wp_scripts();
     349  $attrs = isset( $wp_scripts->registered[$handle]->extra['attributes'] ) ? (array)$wp_scripts->registered[$handle]->extra['attributes'] : array();
     350  return $attrs;
     351}
     352
     353/**
     354 * Add additional attributes as metadata of a script.
     355 *
     356 * Works only if the script has already been registered.
     357 *
     358 * Possible values include: 'integrity', 'crossorigin', 'hreflang', 'data-*',...
     359 * Does not add 'type' or 'src' attributes due to potential conflicts.
     360 *
     361 * @since joe_bopper patch
     362 *
     363 * @param string $handle           Name of the script.
     364 * @param array  $additional_attrs Name-value attribute pairs to add
     365 * @return bool True on success, false on failure.
     366 */
     367function wp_script_add_extra_attributes( $handle, $additional_attrs ) {
     368  //remove conflicting attributes
     369  unset( $additional_attrs['type'], $additional_attrs['src'] );
     370 
     371  $curr_attrs = wp_script_get_extra_attributes( $handle );
     372  $new_attrs = array_merge( $curr_attrs, $additional_attrs );
     373 
     374  return wp_script_add_data( $handle, 'attributes', $new_attrs );
     375}
     376
     377/**
     378 * Add additional attributes as metadata of a script.
     379 *
     380 * Works only if the script has already been registered.
     381 * Does not add 'type' or 'src' attributes.
     382 *
     383 * @since joe_bopper patch
     384 *
     385 * @param string $handle         Name of the script.
     386 * @param array  $unwanted_attrs Names of the attributes to delete
     387 * @return bool True on success, false on failure.
     388 */
     389function wp_script_delete_extra_attributes( $handle, $unwanted_attrs ) {
     390 
     391  $curr_attrs = wp_script_get_extra_attributes( $handle );
     392  $attrs = array_diff_key( $curr_attrs, array_flip( $unwanted_attrs ) );
     393 
     394  return wp_script_add_data( $handle, 'attributes', $attrs );
     395}
     396
     397/**
     398 * Add subresource integrity (SRI) attributes to a script
     399 *
     400 * Works only if the script has already been registered.
     401 * Does not add 'type' or 'src' attributes.
     402 *
     403 * @since joe_bopper patch
     404 *
     405 * @param string $handle         Name of the script.
     406 * @param array  $unwanted_attrs Names of the attributes to delete
     407 * @return bool True on success, false on failure.
     408 */
     409function wp_script_integrity( $handle, $hash, $crossorigin = 'anonymous' ) {
     410  wp_script_add_extra_attributes( $handle, array( 'integrity' => $hash, 'crossorigin' => $crossorigin ) );
     411}
  • wp-includes/functions.wp-styles.php

     
    214214 * 'suffix'      string      Optional suffix, used in combination with RTL.
    215215 * 'alt'         bool        For rel="alternate stylesheet".
    216216 * 'title'       string      For preferred/alternate stylesheets.
     217 * 'attributes'  array       Additional attributes (e.g. integrity, data-*) and their values
    217218 *
    218219 * @see WP_Dependency::add_data()
    219220 *
     
    228229function wp_style_add_data( $handle, $key, $value ) {
    229230        return wp_styles()->add_data( $handle, $key, $value );
    230231}
     232
     233/**
     234 * Get the additional attributes metadata of a style.
     235 *
     236 * Works only if the style has already been registered.
     237 *
     238 * @since joe_bopper patch
     239 *
     240 * @param string $handle Name of the style.
     241 * @return array Name-value attribute pairs.
     242 */
     243function wp_style_get_extra_attributes( $handle ) {
     244  $wp_styles = wp_styles();
     245  $attrs = isset( $wp_styles->registered[$handle]->extra['attributes'] ) ? (array)$wp_styles->registered[$handle]->extra['attributes'] : array();
     246  return $attrs;
     247}
     248
     249/**
     250 * Add additional attributes as metadata of a style.
     251 *
     252 * Works only if the style has already been registered.
     253 *
     254 * Possible values include: 'integrity', 'crossorigin', 'hreflang', 'data-*',...
     255 * Does not add 'rel', 'id', 'title', 'href', 'type', or 'media' attributes due to potential conflicts.
     256 *
     257 * @since joe_bopper patch
     258 *
     259 * @param string $handle           Name of the style.
     260 * @param array  $additional_attrs Name-value attribute pairs to add
     261 * @return bool True on success, false on failure.
     262 */
     263function wp_style_add_extra_attributes( $handle, $additional_attrs ) {
     264  //remove conflicting attributes
     265  unset( $additional_attrs['rel'], $additional_attrs['id'], $additional_attrs['title'], $additional_attrs['href'], $additional_attrs['type'], $additional_attrs['media'] );
     266 
     267  $curr_attrs = wp_style_get_extra_attributes( $handle );
     268  $new_attrs = array_merge( $curr_attrs, $additional_attrs );
     269 
     270  return wp_style_add_data( $handle, 'attributes', $new_attrs );
     271}
     272
     273/**
     274 * Add additional attributes as metadata of a style.
     275 *
     276 * Works only if the style has already been registered.
     277 * Does not add 'type' or 'src' attributes.
     278 *
     279 * @since joe_bopper patch
     280 *
     281 * @param string $handle         Name of the style.
     282 * @param array  $unwanted_attrs Names of the attributes to delete
     283 * @return bool True on success, false on failure.
     284 */
     285function wp_style_delete_extra_attributes( $handle, $unwanted_attrs ) {
     286 
     287  $curr_attrs = wp_style_get_extra_attributes( $handle );
     288  $attrs = array_diff_key( $curr_attrs, array_flip( $unwanted_attrs ) );
     289 
     290  return wp_style_add_data( $handle, 'attributes', $attrs );
     291}
     292
     293/**
     294 * Add subresource integrity (SRI) attributes to a style
     295 *
     296 * Works only if the style has already been registered.
     297 * Does not add 'type' or 'src' attributes.
     298 *
     299 * @since joe_bopper patch
     300 *
     301 * @param string $handle         Name of the style.
     302 * @param array  $unwanted_attrs Names of the attributes to delete
     303 * @return bool True on success, false on failure.
     304 */
     305function wp_style_integrity( $handle, $hash, $crossorigin = 'anonymous' ) {
     306  wp_style_add_extra_attributes( $handle, array( 'integrity' => $hash, 'crossorigin' => $crossorigin ) );
     307}