Make WordPress Core

Changeset 58294


Ignore:
Timestamp:
06/03/2024 01:24:25 PM (4 months ago)
Author:
dmsnell
Message:

KSES: Allow leading trailing double hyphen in data attributes

Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double - characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through kses.

For example, the Interactivity API frequently relies on custom data attributes
such as data-wp-on--click="...". The change in [43981] would strip these out
of the processed HTML, however.

Developed in https://github.com/WordPress/wordpress-develop/pull/6598
Discussed in https://core.trac.wordpress.org/ticket/61052

Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r58196 r58294  
    12641264         * https://www.w3.org/TR/html40/struct/objects.html#adef-data).
    12651265         *
    1266          * Note: the attribute name should only contain `A-Za-z0-9_-` chars,
    1267          * double hyphens `--` are not accepted by WordPress.
     1266         * Note: the attribute name should only contain `A-Za-z0-9_-` chars.
    12681267         */
    12691268        if ( str_starts_with( $name_low, 'data-' ) && ! empty( $allowed_attr['data-*'] )
    1270             && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
     1269            && preg_match( '/^data-[a-z0-9_-]+$/', $name_low, $match )
    12711270        ) {
    12721271            /*
  • trunk/tests/phpunit/tests/kses.php

    r58097 r58294  
    13631363     */
    13641364    public function test_wp_kses_attr_data_attribute_is_allowed() {
    1365         $test     = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data--invalid="gone"  data-also-invalid-="gone" data-two-hyphens="remains">Pens and pencils</div>';
     1365        $test     = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data-two-hyphens="remains">Pens and pencils</div>';
    13661366        $expected = '<div data-foo="foo" data-bar="bar" data-two-hyphens="remains">Pens and pencils</div>';
     1367
     1368        $this->assertSame( $expected, wp_kses_post( $test ) );
     1369    }
     1370
     1371    /**
     1372     * Data attributes with leading, trailing, and double "-" are globally accepted.
     1373     *
     1374     * @ticket 61052
     1375     */
     1376    public function test_wp_kses_attr_data_attribute_hypens_allowed() {
     1377        $test     = '<div data--leading="remains" data-trailing-="remains" data-middle--double="remains">Pens and pencils</div>';
     1378        $expected = '<div data--leading="remains" data-trailing-="remains" data-middle--double="remains">Pens and pencils</div>';
    13671379
    13681380        $this->assertSame( $expected, wp_kses_post( $test ) );
Note: See TracChangeset for help on using the changeset viewer.