2304 | | if ( $found ) { |
2305 | | /** |
2306 | | * Filters the regex limiting the list of characters not allowed in CSS rules. |
2307 | | * |
2308 | | * Default behaviour is to remove any CSS containing \ ( & } = or comments, |
2309 | | * except for url() usage. |
2310 | | * |
2311 | | * @since 5.5.0 |
2312 | | * |
2313 | | * @param string $regex Regex pattern of disallowed characters in CSS rules. |
2314 | | * Default is '%[\\\(&=}]|/\*%'. |
2315 | | * @param string $css_test_string CSS value to test. |
2316 | | */ |
2317 | | $disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string ); |
2318 | | if ( ! preg_match( $disallowed_chars, $css_test_string ) ) { |
2319 | | if ( '' !== $css ) { |
2320 | | $css .= ';'; |
2321 | | } |
2322 | | $css .= $css_item; |
| 2304 | // Check for any CSS containing \ ( & } = or comments, except for url() usage checked above. |
| 2305 | $unsafe_css_found = (bool) preg_match( '%[\\\(&=}]|/\*%', $css_test_string ); |
| 2306 | |
| 2307 | /** |
| 2308 | * Filters the check for unsafe CSS in `safecss_filter_attr`. |
| 2309 | * |
| 2310 | * Enables developers to filter the value that determines whether a section of CSS part disallowed characters. |
| 2311 | * |
| 2312 | * By default, the value will be true if the part contains \ ( & } = or comments. Return true to allow the part to |
| 2313 | * be included in the output. |
| 2314 | * |
| 2315 | * @param bool $unsafe_css_found Whether unsafe CSS is found in the test string. |
| 2316 | * @param string $css_test_string The css string to test. |
| 2317 | */ |
| 2318 | $unsafe_css_found = apply_filters( 'safe_style_css_has_unsafe_css', $unsafe_css_found, $css_test_string ); |
| 2319 | |
| 2320 | // Only add the css part if it passes the regex check. |
| 2321 | if ( $found && ! $unsafe_css_found ) { |
| 2322 | if ( '' !== $css ) { |
| 2323 | $css .= ';'; |