WordPress.org
Get WordPress

Make WordPress Core

Changeset 44207


Ignore:
Timestamp:
12/15/2018 01:07:06 AM (5 years ago)
Author:
iandunn
Message:

KSES: Make the URI attributes DRY.

This commit introduces the wp_kses_uri_attributes function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.

Merges [44014] and [44017] to trunk.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk

  • trunk/src/wp-includes/kses.php

    r44156 r44207  
    760760 */
    761761function wp_kses_one_attr( $string, $element ) {
    762     $uris              = array( 'xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action' );
     762    $uris              = wp_kses_uri_attributes();
    763763    $allowed_html      = wp_kses_allowed_html( 'post' );
    764764    $allowed_protocols = wp_allowed_protocols();
     
    934934    $pass_allowed_protocols = $allowed_protocols;
    935935    return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
     936}
     937
     938/**
     939 * Helper function listing HTML attributes containing a URL.
     940 *
     941 * This function returns a list of all HTML attributes that must contain
     942 * a URL according to the HTML specification.
     943 *
     944 * This list includes URI attributes both allowed and disallowed by KSES.
     945 *
     946 * @link https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
     947 *
     948 * @since 5.0.1
     949 *
     950 * @return array HTML attributes that must include a URL.
     951 */
     952function wp_kses_uri_attributes() {
     953    $uri_attributes = array(
     954        'action',
     955        'archive',
     956        'background',
     957        'cite',
     958        'classid',
     959        'codebase',
     960        'data',
     961        'formaction',
     962        'href',
     963        'icon',
     964        'longdesc',
     965        'manifest',
     966        'poster',
     967        'profile',
     968        'src',
     969        'usemap',
     970        'xmlns',
     971    );
     972
     973    /**
     974     * Filters the list of attributes that are required to contain a URL.
     975     *
     976     * Use this filter to add any `data-` attributes that are required to be
     977     * validated as a URL.
     978     *
     979     * @since 5.0.1
     980     *
     981     * @param array $uri_attributes HTML attributes requiring validation as a URL.
     982     */
     983    $uri_attributes = apply_filters( 'wp_kses_uri_attributes', $uri_attributes );
     984
     985    return $uri_attributes;
    936986}
    937987
     
    11631213    $mode     = 0;
    11641214    $attrname = '';
    1165     $uris     = array( 'xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action' );
     1215    $uris     = wp_kses_uri_attributes();
    11661216
    11671217    // Loop through the whole attribute list
Note: See TracChangeset for help on using the changeset viewer.