Make WordPress Core


Ignore:
Timestamp:
06/18/2020 08:59:43 PM (4 years ago)
Author:
adamsilverstein
Message:

Formatting: new filter safecss_filter_attr_allow_css on css parts.

Enables developers to determine whether a section of CSS should be allowed or discarded. By default, the value will be false if the part contains \ ( & } = or comments. Returning true allows the CSS part to be included in the output.

Replaces the safe_style_disallowed_chars filter introduced in r47891.

Props azaozz.
Fixes #37134.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/kses.php

    r47891 r48086  
    12641264
    12651265    /**
    1266      * Filter for disallowed characters never matches thus allowing all characters.
    1267      */
    1268     function _safe_style_disallowed_chars_filter( $regex ) {
    1269         return '%a^%'; // Regex with no matches.
    1270 
    1271     }
    1272     /**
    1273      * Testing the safecss_filter_attr() function with the safe_style_disallowed_chars filter.
     1266     * Testing the safecss_filter_attr() function with the safecss_filter_attr_allow_css filter.
    12741267     *
    12751268     * @ticket 37134
     
    12811274     */
    12821275    public function test_safecss_filter_attr_filtered( $css, $expected ) {
    1283         add_filter( 'safe_style_disallowed_chars', array( $this, '_safe_style_disallowed_chars_filter' ) );
     1276        add_filter( 'safecss_filter_attr_allow_css', '__return_true' );
    12841277        $this->assertSame( $expected, safecss_filter_attr( $css ) );
    1285         remove_filter( 'safe_style_disallowed_chars', array( $this, '_safe_style_disallowed_chars_filter' ) );
     1278        remove_filter( 'safecss_filter_attr_allow_css', '__return_true' );
    12861279    }
    12871280
     
    13041297                'expected' => 'margin-top: 2px',
    13051298            ),
    1306             // Backslash \ can be allowed with the 'safe_style_disallowed_chars' filter.
     1299            // Backslash \ can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13071300            array(
    13081301                'css'      => 'margin-top: \2px',
    13091302                'expected' => 'margin-top: \2px',
    13101303            ),
    1311             // Curly bracket } can be allowed with the 'safe_style_disallowed_chars' filter.
     1304            // Curly bracket } can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13121305            array(
    13131306                'css'      => 'margin-bottom: 2px}',
    13141307                'expected' => 'margin-bottom: 2px}',
    13151308            ),
    1316             // Parenthesis ) can be allowed with the 'safe_style_disallowed_chars' filter.
     1309            // Parenthesis ) can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13171310            array(
    13181311                'css'      => 'margin-bottom: 2px)',
    13191312                'expected' => 'margin-bottom: 2px)',
    13201313            ),
    1321             // Ampersand & can be allowed with the 'safe_style_disallowed_chars' filter.
     1314            // Ampersand & can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13221315            array(
    13231316                'css'      => 'margin-bottom: 2px&',
    13241317                'expected' => 'margin-bottom: 2px&',
    13251318            ),
    1326             // Expressions can be allowed with the 'safe_style_disallowed_chars' filter.
     1319            // Expressions can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13271320            array(
    13281321                'css'      => 'height: expression( body.scrollTop + 50 + "px" )',
    13291322                'expected' => 'height: expression( body.scrollTop + 50 + "px" )',
    13301323            ),
    1331             // RGB color values can be allowed with the 'safe_style_disallowed_chars' filter.
     1324            // RGB color values can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13321325            array(
    13331326                'css'      => 'color: rgb( 100, 100, 100 )',
    13341327                'expected' => 'color: rgb( 100, 100, 100 )',
    13351328            ),
    1336             // RGBA color values can be allowed with the 'safe_style_disallowed_chars' filter.
     1329            // RGBA color values can be allowed with the 'safecss_filter_attr_allow_css' filter.
    13371330            array(
    13381331                'css'      => 'color: rgb( 100, 100, 100, .4 )',
Note: See TracChangeset for help on using the changeset viewer.