| 1264 | |
| 1265 | /** |
| 1266 | * Filter for disallowed characters never matches thus allowing all characters. |
| 1267 | */ |
| 1268 | function _safe_style_disallowed_chars_filter( $regex ) { |
| 1269 | return '%a^%'; // Regex with no matches. |
| 1270 | |
| 1271 | } |
| 1272 | /** |
| 1273 | * Testing the safecss_filter_attr() function with the safe_style_disallowed_chars filter. |
| 1274 | * |
| 1275 | * @ticket 37134 |
| 1276 | * |
| 1277 | * @dataProvider data_test_safecss_filter_attr_filtered |
| 1278 | * |
| 1279 | * @param string $css A string of CSS rules. |
| 1280 | * @param string $expected Expected string of CSS rules. |
| 1281 | */ |
| 1282 | public function test_safecss_filter_attr_filtered( $css, $expected ) { |
| 1283 | add_filter( 'safe_style_disallowed_chars', array( $this, '_safe_style_disallowed_chars_filter' ) ); |
| 1284 | $this->assertSame( $expected, safecss_filter_attr( $css ) ); |
| 1285 | remove_filter( 'safe_style_disallowed_chars', array( $this, '_safe_style_disallowed_chars_filter' ) ); |
| 1286 | } |
| 1287 | |
| 1288 | /** |
| 1289 | * Data Provider for test_safecss_filter_attr_filtered(). |
| 1290 | * |
| 1291 | * @return array { |
| 1292 | * @type array { |
| 1293 | * @string string $css A string of CSS rules. |
| 1294 | * @string string $expected Expected string of CSS rules. |
| 1295 | * } |
| 1296 | * } |
| 1297 | */ |
| 1298 | public function data_test_safecss_filter_attr_filtered() { |
| 1299 | return array( |
| 1300 | |
| 1301 | // A single attribute name, with a single value. |
| 1302 | array( |
| 1303 | 'css' => 'margin-top: 2px', |
| 1304 | 'expected' => 'margin-top: 2px', |
| 1305 | ), |
| 1306 | // Backslash \ can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1307 | array( |
| 1308 | 'css' => 'margin-top: \2px', |
| 1309 | 'expected' => 'margin-top: \2px', |
| 1310 | ), |
| 1311 | // Curly bracket } can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1312 | array( |
| 1313 | 'css' => 'margin-bottom: 2px}', |
| 1314 | 'expected' => 'margin-bottom: 2px}', |
| 1315 | ), |
| 1316 | // Parenthesis ) can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1317 | array( |
| 1318 | 'css' => 'margin-bottom: 2px)', |
| 1319 | 'expected' => 'margin-bottom: 2px)', |
| 1320 | ), |
| 1321 | // Ampersand & can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1322 | array( |
| 1323 | 'css' => 'margin-bottom: 2px&', |
| 1324 | 'expected' => 'margin-bottom: 2px&', |
| 1325 | ), |
| 1326 | // Expressions can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1327 | array( |
| 1328 | 'css' => 'height: expression( body.scrollTop + 50 + "px" )', |
| 1329 | 'expected' => 'height: expression( body.scrollTop + 50 + "px" )', |
| 1330 | ), |
| 1331 | // RGB color values can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1332 | array( |
| 1333 | 'css' => 'color: rgb( 100, 100, 100 )', |
| 1334 | 'expected' => 'color: rgb( 100, 100, 100 )', |
| 1335 | ), |
| 1336 | // RGBA color values can be allowed with the 'safe_style_disallowed_chars' filter. |
| 1337 | array( |
| 1338 | 'css' => 'color: rgb( 100, 100, 100, .4 )', |
| 1339 | 'expected' => 'color: rgb( 100, 100, 100, .4 )', |
| 1340 | ), |
| 1341 | ); |
| 1342 | } |