Make WordPress Core

Changeset 41061


Ignore:
Timestamp:
07/15/2017 03:47:16 PM (7 years ago)
Author:
adamsilverstein
Message:

Move sanitizeText and stripTags from press this to wp.sanitize.

Introduce the wp.sanitize namespace and add two helpers for text sanitization. stripTags strips HTML tags from a string using regex.

Fixes #40635.

Location:
trunk/src
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/js/press-this.js

    r35567 r41061  
    99            $document             = $( document ),
    1010            saveAlert             = false,
    11             textarea              = document.createElement( 'textarea' ),
    1211            sidebarIsOpen         = false,
    1312            settings              = window.wpPressThisConfig || {},
     
    5756
    5857        /**
    59          * Strips HTML tags
    60          *
    61          * @param string string Text to have the HTML tags striped out of.
    62          * @returns string Stripped text.
    63          */
    64         function stripTags( string ) {
    65             string = string || '';
    66 
    67             return string
    68                 .replace( /<!--[\s\S]*?(-->|$)/g, '' )
    69                 .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' )
    70                 .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' );
    71         }
    72 
    73         /**
    74          * Strip HTML tags and convert HTML entities.
    75          *
    76          * @param text string Text.
    77          * @returns string Sanitized text.
    78          */
    79         function sanitizeText( text ) {
    80             var _text = stripTags( text );
    81 
    82             try {
    83                 textarea.innerHTML = _text;
    84                 _text = stripTags( textarea.value );
    85             } catch ( er ) {}
    86 
    87             return _text;
    88         }
    89 
    90         /**
    9158         * Allow only HTTP or protocol relative URLs.
    9259         *
     
    9865
    9966            if ( /^(?:https?:)?\/\//.test( url ) ) {
    100                 url = stripTags( url );
     67                url = wp.sanitize.stripTags( url );
    10168                return url.replace( /["\\]+/g, '' );
    10269            }
     
    225192            });
    226193
    227             return sanitizeText( $element.text() );
     194            return wp.sanitize.sanitizeText( $element.text() );
    228195        }
    229196
  • trunk/src/wp-includes/js/utils.js

    r39051 r41061  
    196196    return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {};
    197197}
     198
  • trunk/src/wp-includes/script-loader.php

    r41050 r41061  
    339339    ) );
    340340
     341    $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array('jquery'), false, 1 );
     342
    341343    $scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array('backbone', 'wp-util'), false, 1 );
    342344
     
    577579        ) );
    578580
    579         $scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box' ), false, 1 );
     581        $scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box', 'wp-sanitize' ), false, 1 );
    580582        did_action( 'init' ) && $scripts->localize( 'press-this', 'pressThisL10n', array(
    581583            'newPost' => __( 'Title' ),
Note: See TracChangeset for help on using the changeset viewer.