Changeset 45979
- Timestamp:
- 09/04/2019 05:11:22 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/js/_enqueues/admin/post.js
r44896 r45979 796 796 797 797 // Update "Status:" to currently selected status. 798 $('#post-status-display').html($('option:selected', postStatus).text()); 798 $('#post-status-display').text( 799 wp.sanitize.stripTagsAndEncodeText( $('option:selected', postStatus).text() ) // Remove any potential tags from post status text. 800 ); 799 801 800 802 // Show or hide the "Save Draft" button. -
trunk/src/js/_enqueues/wp/a11y.js
r43347 r45979 28 28 clear(); 29 29 30 // Ensureonly text is sent to screen readers.31 message = $( '<p>' ).html( message ).text();30 // Remove HTML tags, ensuring only text is sent to screen readers. 31 message = wp.sanitize.stripTagsAndEncodeText( message ); 32 32 33 33 /* -
trunk/src/js/_enqueues/wp/customize/nav-menus.js
r45869 r45979 3457 3457 function displayNavMenuName( name ) { 3458 3458 name = name || ''; 3459 name = $( '<div>' ).text( name ).html(); // Emulate esc_html() which is used in wp-admin/nav-menus.php.3459 name = wp.sanitize.stripTagsAndEncodeText( name ); // Remove any potential tags from name. 3460 3460 name = $.trim( name ); 3461 3461 return name || api.Menus.data.l10n.unnamed; -
trunk/src/js/_enqueues/wp/sanitize.js
r43347 r45979 24 24 text = text || ''; 25 25 26 return text 27 .replace( /<!--[\s\S]*?(-->|$)/g, '' ) 28 .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) 29 .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); 26 // Do the replacement. 27 var _text = text 28 .replace( /<!--[\s\S]*?(-->|$)/g, '' ) 29 .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) 30 .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); 31 32 // If the initial text is not equal to the modified text, 33 // do the search-replace again, until there is nothing to be replaced. 34 if ( _text !== text ) { 35 return wp.sanitize.stripTags( _text ); 36 } 37 38 // Return the text with stripped tags. 39 return _text; 30 40 }, 31 41 … … 42 52 43 53 try { 44 textarea. innerHTML= _text;54 textarea.textContent = _text; 45 55 _text = wp.sanitize.stripTags( textarea.value ); 46 56 } catch ( er ) {} -
trunk/src/js/_enqueues/wp/updates.js
r45793 r45979 263 263 if ( 'undefined' !== typeof response.debug && window.console && window.console.log ) { 264 264 _.map( response.debug, function( message ) { 265 window.console.log( $( '<p />' ).html( message ).text() ); 265 // Remove all HTML tags and write a message to the console. 266 window.console.log( wp.sanitize.stripTagsAndEncodeText( message ) ); 266 267 } ); 267 268 } -
trunk/src/wp-includes/script-loader.php
r45934 r45979 881 881 ); 882 882 883 $scripts->add( 'wp-a11y', "/wp-includes/js/wp-a11y$suffix.js", array( 'jquery' ), false, 1 ); 883 $scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array(), false, 1 ); 884 885 $scripts->add( 'wp-a11y', "/wp-includes/js/wp-a11y$suffix.js", array( 'jquery', 'wp-sanitize' ), false, 1 ); 884 886 885 887 $scripts->add( 'sack', "/wp-includes/js/tw-sack$suffix.js", array(), '1.6.1', 1 ); … … 1488 1490 $scripts->add( 'customize-preview-widgets', "/wp-includes/js/customize-preview-widgets$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); 1489 1491 1490 $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu' ), false, 1 );1492 $scripts->add( 'customize-nav-menus', "/wp-admin/js/customize-nav-menus$suffix.js", array( 'jquery', 'wp-backbone', 'customize-controls', 'accordion', 'nav-menu', 'wp-sanitize' ), false, 1 ); 1491 1493 $scripts->add( 'customize-preview-nav-menus', "/wp-includes/js/customize-preview-nav-menus$suffix.js", array( 'jquery', 'wp-util', 'customize-preview', 'customize-selective-refresh' ), false, 1 ); 1492 1494 … … 1573 1575 ); 1574 1576 1575 $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y' ), false, 1 );1577 $scripts->add( 'post', "/wp-admin/js/post$suffix.js", array( 'suggest', 'wp-lists', 'postbox', 'tags-box', 'underscore', 'word-count', 'wp-a11y', 'wp-sanitize' ), false, 1 ); 1576 1578 did_action( 'init' ) && $scripts->localize( 1577 1579 'post', … … 1701 1703 ); 1702 1704 1703 $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'jquery', 'wp-util', 'wp-a11y' ), false, 1 );1705 $scripts->add( 'updates', "/wp-admin/js/updates$suffix.js", array( 'jquery', 'wp-util', 'wp-a11y', 'wp-sanitize' ), false, 1 ); 1704 1706 did_action( 'init' ) && $scripts->localize( 1705 1707 'updates', -
trunk/tests/phpunit/tests/dependencies/scripts.php
r45458 r45979 693 693 694 694 $ver = get_bloginfo( 'version' ); 695 $expected = "<script type='text/javascript' src='/wp-admin/load-scripts.php?c=0&load%5Bchunk_0%5D=jquery-core,jquery-migrate,wp- a11y&ver={$ver}'></script>\n";695 $expected = "<script type='text/javascript' src='/wp-admin/load-scripts.php?c=0&load%5Bchunk_0%5D=jquery-core,jquery-migrate,wp-sanitize,wp-a11y&ver={$ver}'></script>\n"; 696 696 $expected .= "<script type='text/javascript'>\nconsole.log(\"before\");\n</script>\n"; 697 697 $expected .= "<script type='text/javascript' src='http://example.com'></script>\n"; -
trunk/tests/qunit/index.html
r45930 r45979 77 77 <script src="../../build/wp-includes/js/customize-models.js"></script> 78 78 <script src="../../build/wp-includes/js/shortcode.js"></script> 79 + <script src="../../build/wp-includes/js/wp-sanitize.js"></script> 79 80 <script src="../../build/wp-admin/js/customize-controls.js"></script> 80 81 <script src="../../build/wp-includes/js/api-request.js"></script>
Note: See TracChangeset
for help on using the changeset viewer.