Make WordPress Core

Ticket #37134: 37134.3.diff

File 37134.3.diff, 779 bytes (added by bartekcholewa, 7 years ago)

safecss_filter_attr - filter to unallowed chars

  • wp-includes/kses.php

    function safecss_filter_attr( $css, $deprecated = '' ) { 
    19511951        $css = wp_kses_no_null( $css );
    19521952        $css = str_replace( array( "\n", "\r", "\t" ), '', $css );
    19531953
    1954         if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) { // remove any inline css containing \ ( & } = or comments
     1954        /**
     1955         * Filters list of allowed CSS attributes.
     1956         *
     1957         * @param string Pattern of unallowed characters in CSS rules.
     1958         */
     1959        $unallowed_chars = apply_filters('safe_style_unallowed_chars', '%[\\\\(&=}]|/\*%' ); // remove any inline css containing \ ( & } = or comments
     1960        if ( preg_match( $unallowed_chars, $css ) ) {
    19551961                return '';
    19561962        }
    19571963