diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index b445a429a3..601dda6bec 100644
|
a
|
b
|
function safecss_filter_attr( $css, $deprecated = '' ) { |
| 2300 | 2300 | } |
| 2301 | 2301 | } |
| 2302 | 2302 | |
| 2303 | | // Remove any CSS containing containing \ ( & } = or comments, except for url() useage checked above. |
| 2304 | | if ( $found && ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ) ) { |
| 2305 | | if ( '' != $css ) { |
| 2306 | | $css .= ';'; |
| | 2303 | if ( $found ) { |
| | 2304 | |
| | 2305 | /** |
| | 2306 | * Filters the regex limiting the list of characters not allowed in CSS rules. |
| | 2307 | * |
| | 2308 | * Default behaviour is to remove any css containing \ ( & } = or comments, except for url() usage. |
| | 2309 | * |
| | 2310 | * @since 5.5.0 |
| | 2311 | * |
| | 2312 | * @param string $regex Regex pattern of disallowed characters in CSS rules. |
| | 2313 | * @param string $css_test_string CSS value to test. |
| | 2314 | */ |
| | 2315 | $disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string ); |
| | 2316 | if ( ! preg_match( $disallowed_chars, $css_test_string ) ) { |
| | 2317 | if ( '' !== $css ) { |
| | 2318 | $css .= ';'; |
| | 2319 | } |
| | 2320 | $css .= $css_item; |
| 2307 | 2321 | } |
| 2308 | | |
| 2309 | | $css .= $css_item; |
| 2310 | 2322 | } |
| 2311 | 2323 | } |
| 2312 | 2324 | |