Changeset 48086 for trunk/src/wp-includes/kses.php
- Timestamp:
- 06/18/2020 08:59:43 PM (5 years ago)
- File:
-
- 1 edited
-
trunk/src/wp-includes/kses.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r48072 r48086 2358 2358 2359 2359 if ( $found ) { 2360 // Check for any CSS containing \ ( & } = or comments, except for url() usage checked above. 2361 $allow_css = ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ); 2362 2360 2363 /** 2361 * Filters the regex limiting the list of characters not allowed in CSS rules.2364 * Filters the check for unsafe CSS in `safecss_filter_attr`. 2362 2365 * 2363 * Default behaviour is to remove any CSS containing \ ( & } = or comments, 2364 * except for url() usage. 2366 * Enables developers to determine whether a section of CSS should be allowed or discarded. 2367 * By default, the value will be false if the part contains \ ( & } = or comments. 2368 * Return true to allow the CSS part to be included in the output. 2365 2369 * 2366 2370 * @since 5.5.0 2367 2371 * 2368 * @param string $regex Regex pattern of disallowed characters in CSS rules. 2369 * Default is '%[\\\(&=}]|/\*%'. 2370 * @param string $css_test_string CSS value to test. 2372 * @param bool $allow_css Whether the CSS in the test string is considered safe. 2373 * @param string $css_test_string The css string to test. 2371 2374 */ 2372 $disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string ); 2373 if ( ! preg_match( $disallowed_chars, $css_test_string ) ) { 2375 $allow_css = apply_filters( 'safecss_filter_attr_allow_css', $allow_css, $css_test_string ); 2376 2377 // Only add the css part if it passes the regex check. 2378 if ( $allow_css ) { 2374 2379 if ( '' !== $css ) { 2375 2380 $css .= ';'; 2376 2381 } 2382 2377 2383 $css .= $css_item; 2378 2384 }
Note: See TracChangeset
for help on using the changeset viewer.