diff --git src/wp-admin/js/press-this.js src/wp-admin/js/press-this.js
index bf2e8300df..5d4d16546d 100644
|
|
|
8 | 8 | $window = $( window ), |
9 | 9 | $document = $( document ), |
10 | 10 | saveAlert = false, |
11 | | textarea = document.createElement( 'textarea' ), |
12 | 11 | sidebarIsOpen = false, |
13 | 12 | settings = window.wpPressThisConfig || {}, |
14 | 13 | data = window.wpPressThisData || {}, |
… |
… |
|
56 | 55 | } |
57 | 56 | |
58 | 57 | /** |
59 | | * Strips HTML tags |
60 | | * |
61 | | * @param string string Text to have the HTML tags striped out of. |
62 | | * @returns string Stripped text. |
63 | | */ |
64 | | function stripTags( string ) { |
65 | | string = string || ''; |
66 | | |
67 | | return string |
68 | | .replace( /<!--[\s\S]*?(-->|$)/g, '' ) |
69 | | .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) |
70 | | .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); |
71 | | } |
72 | | |
73 | | /** |
74 | | * Strip HTML tags and convert HTML entities. |
75 | | * |
76 | | * @param text string Text. |
77 | | * @returns string Sanitized text. |
78 | | */ |
79 | | function sanitizeText( text ) { |
80 | | var _text = stripTags( text ); |
81 | | |
82 | | try { |
83 | | textarea.innerHTML = _text; |
84 | | _text = stripTags( textarea.value ); |
85 | | } catch ( er ) {} |
86 | | |
87 | | return _text; |
88 | | } |
89 | | |
90 | | /** |
91 | 58 | * Allow only HTTP or protocol relative URLs. |
92 | 59 | * |
93 | 60 | * @param url string The URL. |
… |
… |
|
97 | 64 | url = $.trim( url || '' ); |
98 | 65 | |
99 | 66 | if ( /^(?:https?:)?\/\//.test( url ) ) { |
100 | | url = stripTags( url ); |
| 67 | url = wp.sanitize.stripTags( url ); |
101 | 68 | return url.replace( /["\\]+/g, '' ); |
102 | 69 | } |
103 | 70 | |
… |
… |
|
224 | 191 | $image.replaceWith( $( '<span>' ).text( $image.attr( 'alt' ) ) ); |
225 | 192 | }); |
226 | 193 | |
227 | | return sanitizeText( $element.text() ); |
| 194 | return wp.sanitize.sanitizeText( $element.text() ); |
228 | 195 | } |
229 | 196 | |
230 | 197 | /** |
diff --git src/wp-includes/js/utils.js src/wp-includes/js/utils.js
index d8fa7d8d22..48e078ed24 100644
|
|
function getAllUserSettings() { |
195 | 195 | |
196 | 196 | return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {}; |
197 | 197 | } |
| 198 | |
diff --git src/wp-includes/js/wp-sanitize.js src/wp-includes/js/wp-sanitize.js
new file mode 100644
index 0000000000..48933f1026
-
|
+
|
|
| 1 | window.wp = window.wp || {}; |
| 2 | |
| 3 | ( function ( $ ) { |
| 4 | |
| 5 | wp.sanitize = { |
| 6 | |
| 7 | /** |
| 8 | * Strip HTML tags. |
| 9 | * |
| 10 | * @param string string Text to have the HTML tags striped out of. |
| 11 | * @return Stripped text. |
| 12 | */ |
| 13 | stripTags: function( string ) { |
| 14 | string = string || ''; |
| 15 | |
| 16 | return string |
| 17 | .replace( /<!--[\s\S]*?(-->|$)/g, '' ) |
| 18 | .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) |
| 19 | .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); |
| 20 | }, |
| 21 | |
| 22 | /** |
| 23 | * Strip HTML tags and convert HTML entities. |
| 24 | * |
| 25 | * @param text string Text. |
| 26 | * @return Sanitized text. |
| 27 | */ |
| 28 | sanitizeText: function( text ) { |
| 29 | var _text = wp.utils.stripTags( text ), |
| 30 | textarea = document.createElement( 'textarea' ); |
| 31 | |
| 32 | try { |
| 33 | textarea.innerHTML = _text; |
| 34 | _text = wp.utils.stripTags( textarea.value ); |
| 35 | } catch ( er ) {} |
| 36 | |
| 37 | return _text; |
| 38 | } |
| 39 | }; |
| 40 | |
| 41 | }( jQuery ) ); |
diff --git src/wp-includes/script-loader.php src/wp-includes/script-loader.php
index 7562e2839b..d39d28cdbc 100644
|
|
function wp_default_scripts( &$scripts ) { |
338 | 338 | ), |
339 | 339 | ) ); |
340 | 340 | |
| 341 | $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array('jquery'), false, 1 ); |
| 342 | |
341 | 343 | $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array('backbone', 'wp-util'), false, 1 ); |
342 | 344 | |
343 | 345 | $scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 ); |
… |
… |
function wp_default_scripts( &$scripts ) { |
576 | 578 | 'permalinkSaved' => __( 'Permalink saved' ), |
577 | 579 | ) ); |
578 | 580 | |
579 | | $scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box' ), false, 1 ); |
| 581 | $scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box', 'wp-sanitize' ), false, 1 ); |
580 | 582 | did_action( 'init' ) && $scripts->localize( 'press-this', 'pressThisL10n', array( |
581 | 583 | 'newPost' => __( 'Title' ), |
582 | 584 | 'serverError' => __( 'Connection lost or the server is busy. Please try again later.' ), |