WordPress.org

Make WordPress Core

Opened 5 months ago

Last modified 7 days ago

#40635 reopened enhancement

Move JavaScript `sanitizeText` and `stripTags` functions from press-this to core

Reported by: adamsilverstein Owned by: adamsilverstein
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch needs-unit-tests 2nd-opinion
Focuses: javascript Cc:

Description

The file press-this.js includes two generally useful helper functions:

  • stripTags strips HTML tags from a string using a series of regex replace calls.
  • sanitizeText strips HTML tags and converts HTML entities in a string. It leverages a textarea's content to encode HTML and returns a string that is safe to evaluate.

These functions would be generally useful in core and for plugin and theme developers and could be added to the wp namespace, eg wp.utils.stripTags and wp.utils.sanitizeText

Attachments (3)

40635.diff (3.6 KB) - added by adamsilverstein 5 months ago.
40635.2.diff (4.3 KB) - added by adamsilverstein 2 months ago.
40635.3.diff (4.4 KB) - added by adamsilverstein 2 months ago.

Download all attachments as: .zip

Change History (10)

#1 @adamsilverstein
5 months ago

  • Keywords has-patch needs-unit-tests added; needs-patch removed

40635.diff moves the sanitizeText and stripTags functions from wp-admin/js/press-this.js to wp-includes/js/utils.js and namespaces them as wp.utils.sanitizeText and wp.utils.stripTags.

Some unit tests for these helpers would be a great addition, if we have them I couldn't find them.

#2 @afercia
5 months ago

+1 for wp.utils.

This ticket was mentioned in Slack in #core by adamsilverstein. View the logs.


4 months ago

#4 @adamsilverstein
2 months ago

in 40635.2.diff

  • separate out functionality into its own file, wp-sanitize.js
  • use a separate namespace as suggested in chat - wp.sanitize

#5 @adamsilverstein
2 months ago

  • Owner set to adamsilverstein
  • Resolution set to fixed
  • Status changed from new to closed

In 41061:

Move sanitizeText and stripTags from press this to wp.sanitize.

Introduce the wp.sanitize namespace and add two helpers for text sanitization. stripTags strips HTML tags from a string using regex.

Fixes #40635.

#6 @adamsilverstein
2 months ago

  • Milestone changed from Awaiting Review to 4.9

#7 @ocean90
7 days ago

  • Component changed from General to Security
  • Keywords 2nd-opinion added
  • Resolution fixed deleted
  • Status changed from closed to reopened

wp.sanitize.sanitizeText() looks weird since it's repetitive. What about wp.sanitize.text()?

Note: See TracTickets for help on using tickets.