WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/18/2014 07:48:46 PM (7 years ago)
Author:
wonderboymusic
Message:

In wptexturize() + tests:

  • Allow well-formed HTML inside of shortcode attributes
  • Restrict recursion. HTML is allowed but ignored.
  • Do not allow exotic HTML comments in shortcode attributes.
  • Continue to ignore the [ and ] chars if they appear in any HTML attribute.
  • Update related regex patterns.
  • Update unit tests.

Props miqrogroove.
Fixes #28564.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/formatting/WPTexturize.php

    r28765 r28773  
    11471147        return array(
    11481148            array(
     1149                '[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
     1150                '[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
     1151            ),
     1152            array(
    11491153                '[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a> ]',
    11501154                '[ photos by <a href="http://example.com/?a[]=1&#038;a[]=2"> this guy </a> ]',
     
    11951199            ),
    11961200            array(
     1201                '[gallery <br ... /> ...]', // This tag is still valid. Shortcode 'attributes' are not considered in the initial parsing of shortcodes, and HTML is allowed.
    11971202                '[gallery <br ... /> ...]',
    1198                 '[gallery <br ... /> &#8230;]',
    11991203            ),
    12001204            array(
     
    12351239            ),
    12361240            array(
     1241                '[[gallery <br ... /> ...]]', // This gets parsed as an escaped shortcode with embedded HTML.  Brains may explode.
    12371242                '[[gallery <br ... /> ...]]',
    1238                 '[[gallery <br ... /> &#8230;]]',
    12391243            ),
    12401244            array(
Note: See TracChangeset for help on using the changeset viewer.