Make WordPress Core


Ignore:
Timestamp:
05/17/2021 09:03:56 PM (3 years ago)
Author:
SergeyBiryukov
Message:

KSES: Allow calc() and var() values to be used in inline CSS.

Props aristath, displaynone, joyously, olafklejnstrupjensen, sabernhardt, jamesbonham, poena.
Fixes #46197, #46498.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r50922 r50923  
    21732173     * @since 5.3.1 Added support for gradient backgrounds.
    21742174     * @since 5.7.1 Added support for `object-position`.
     2175     * @since 5.8.0 Added support for `calc()` and `var()` values.
    21752176     *
    21762177     * @param string[] $attr Array of allowed CSS attributes.
     
    23822383
    23832384        if ( $found ) {
    2384             // Check for any CSS containing \ ( & } = or comments, except for url() usage checked above.
     2385            // Allow CSS calc().
     2386            $css_test_string = preg_replace( '/calc\(((?:\([^()]*\)?|[^()])*)\)/', '', $css_test_string );
     2387            // Allow CSS var().
     2388            $css_test_string = preg_replace( '/\(?var\(--[a-zA-Z0-9_-]*\)/', '', $css_test_string );
     2389
     2390            // Check for any CSS containing \ ( & } = or comments,
     2391            // except for url(), calc(), or var() usage checked above.
    23852392            $allow_css = ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string );
    23862393
Note: See TracChangeset for help on using the changeset viewer.