Make WordPress Core

Changeset 59677


Ignore:
Timestamp:
01/21/2025 10:57:04 PM (3 weeks ago)
Author:
audrasjb
Message:

Formatting: Preserve target="_blank" in Biographical Info and Category Description.

This changeset ensures the target="_blank" attribute is preserved when adding links in the Biographical Info and Category Description fields. Previously, this attribute was being stripped by the KSES sanitization process.

Additionally, new unit tests have been added to verify the preservation of the target="_blank" attribute in these specific contexts.

Props lovewpmu, miqrogroove, bsutcliffe, sjefen6, nofearinc, nacin, harmr, blogitsolutions, stefahn, nirajgirixd, martinkrcho, spacedmonkey, sukhendu2002, audrasjb, gaellebesson, nuryko, guillaumeturpin, maximemeganck, ranafge, azaozz, joedolson, rinkalpagdar, mikinc860.
Fixes #12056.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r58709 r59677  
    896896
    897897        case 'user_description':
     898        case 'pre_term_description':
    898899        case 'pre_user_description':
    899             $tags             = $allowedtags;
    900             $tags['a']['rel'] = true;
     900            $tags                = $allowedtags;
     901            $tags['a']['rel']    = true;
     902            $tags['a']['target'] = true;
    901903            /** This filter is documented in wp-includes/kses.php */
    902904            return apply_filters( 'wp_kses_allowed_html', $tags, $context );
  • trunk/tests/phpunit/tests/kses.php

    r58709 r59677  
    22452245        return $this->text_array_to_dataprovider( $required_kses_globals );
    22462246    }
     2247
     2248    /**
     2249     * Tests that the target attribute is preserved in various contexts.
     2250     *
     2251     * @dataProvider data_target_attribute_preserved_in_descriptions
     2252     *
     2253     * @ticket 12056
     2254     *
     2255     * @param string $context  The context to test ('user_description' or 'pre_term_description').
     2256     * @param string $input    The input HTML string.
     2257     * @param string $expected The expected output HTML string.
     2258     */
     2259    public function test_target_attribute_preserved_in_context( $context, $input, $expected ) {
     2260        $allowed = wp_kses_allowed_html( $context );
     2261        $this->assertTrue( isset( $allowed['a']['target'] ), "Target attribute not allowed in {$context}" );
     2262        $this->assertEquals( $expected, wp_kses( $input, $context ) );
     2263    }
     2264
     2265    /**
     2266     * Data provider for test_target_attribute_preserved_in_context.
     2267     *
     2268     * @return array
     2269     */
     2270    public function data_target_attribute_preserved_in_descriptions() {
     2271        return array(
     2272            array(
     2273                'user_description',
     2274                '<a href="https://example.com" target="_blank">Example</a>',
     2275                '<a href="https://example.com" target="_blank">Example</a>',
     2276            ),
     2277            array(
     2278                'pre_term_description',
     2279                '<a href="https://example.com" target="_blank">Example</a>',
     2280                '<a href="https://example.com" target="_blank">Example</a>',
     2281            ),
     2282        );
     2283    }
     2284
     2285    /**
     2286     * Tests that specific attributes are preserved in various contexts.
     2287     *
     2288     * @dataProvider data_allowed_attributes_in_descriptions
     2289     *
     2290     * @ticket 12056
     2291     *
     2292     * @param string $context    The context to test ('user_description' or 'pre_term_description').
     2293     * @param array  $attributes List of attributes to check for.
     2294     */
     2295    public function test_specific_attributes_preserved_in_context( $context, $attributes ) {
     2296        $allowed = wp_kses_allowed_html( $context );
     2297        foreach ( $attributes as $attribute ) {
     2298            $this->assertTrue( isset( $allowed['a'][ $attribute ] ), "{$attribute} attribute not allowed in {$context}" );
     2299        }
     2300    }
     2301
     2302    /**
     2303     * Data provider for test_specific_attributes_preserved_in_context.
     2304     *
     2305     * @return array
     2306     */
     2307    public function data_allowed_attributes_in_descriptions() {
     2308        return array(
     2309            array(
     2310                'user_description',
     2311                array( 'target', 'href', 'rel' ),
     2312            ),
     2313            array(
     2314                'pre_term_description',
     2315                array( 'target', 'href', 'rel' ),
     2316            ),
     2317        );
     2318    }
    22472319}
Note: See TracChangeset for help on using the changeset viewer.