Make WordPress Core


Ignore:
Timestamp:
06/03/2024 01:24:25 PM (8 months ago)
Author:
dmsnell
Message:

KSES: Allow leading trailing double hyphen in data attributes

Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double - characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through kses.

For example, the Interactivity API frequently relies on custom data attributes
such as data-wp-on--click="...". The change in [43981] would strip these out
of the processed HTML, however.

Developed in https://github.com/WordPress/wordpress-develop/pull/6598
Discussed in https://core.trac.wordpress.org/ticket/61052

Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r58196 r58294  
    12641264         * https://www.w3.org/TR/html40/struct/objects.html#adef-data).
    12651265         *
    1266          * Note: the attribute name should only contain `A-Za-z0-9_-` chars,
    1267          * double hyphens `--` are not accepted by WordPress.
     1266         * Note: the attribute name should only contain `A-Za-z0-9_-` chars.
    12681267         */
    12691268        if ( str_starts_with( $name_low, 'data-' ) && ! empty( $allowed_attr['data-*'] )
    1270             && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
     1269            && preg_match( '/^data-[a-z0-9_-]+$/', $name_low, $match )
    12711270        ) {
    12721271            /*
Note: See TracChangeset for help on using the changeset viewer.