Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#55177 closed defect (bug) (fixed)

Normalizing relative CSS links should skip data URIs

Reported by: staatic's profile staatic Owned by: hellofromtonya's profile hellofromTonya
Milestone: 5.9.1 Priority: normal
Severity: normal Version: 5.9
Component: Script Loader Keywords: has-patch has-unit-tests fixed-major commit dev-reviewed
Focuses: Cc:

Description

The _wp_normalize_relative_css_links function introduced in WordPress 5.9 should skip data URIs.

Currently the following snippet:

mask-image:url('data:image/svg+xml;utf8,<svg...

is replaced with:

mask-image:url('/wp-includes/blocks/image/data:image/svg+xml;utf8,<svg...

breaking the data URI.

This happened on a clean installation of WordPress 5.9 using the default theme (Twenty Twenty-Two). The data URI that got malformed on the homepage can be found in wp-includes/blocks/image/style.css.

Adding the following check to wp-includes/script-loader.php after line 2776 fixes the issue:

<?php
                        // Skip if the URL is a data URI.
                        if ( str_starts_with( $src_result, 'data:' ) ) {
                                continue;
                        }

Change History (9)

This ticket was mentioned in PR #2321 on WordPress/wordpress-develop by bobab12.


2 years ago
#1

  • Keywords has-patch has-unit-tests added

This fixes the incorrect normalization of data URIs in _wp_normalize_relative_css_links by skipping data URIs altogether.

Trac ticket: 55177

#2 @ocean90
2 years ago

  • Milestone changed from Awaiting Review to 5.9.1

#3 @ocean90
2 years ago

  • Owner set to ocean90
  • Resolution set to fixed
  • Status changed from new to closed

In 52754:

Script Loader: Prevent normalizing data URIs in _wp_normalize_relative_css_links().

This prevents making data URIs as in mask-image:url('data:image/svg+xml;utf8,<svg... relative to the WordPress installation.

Props staatic.
See #54243.
Fixes #55177.

#4 @ocean90
2 years ago

  • Keywords fixed-major commit dev-feedback added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Hi @staatic, welcome to WordPress Trac and thanks for your first code contribution!

Reopening for 5.9 backport. @audrasjb This is similar to [52695].

#5 @hellofromTonya
2 years ago

  • Keywords dev-reviewed added; dev-feedback removed

LGTM! Ready for backport to 5.9 branch ✅

Hey @staatic, thanks for the patch and your first code contribution🌟

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.


2 years ago

#8 @hellofromTonya
2 years ago

  • Owner changed from ocean90 to hellofromTonya
  • Status changed from reopened to reviewing

Reassigning to me for the backport commit.

#9 @hellofromTonya
2 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 52762:

Script Loader: Prevent normalizing data URIs in _wp_normalize_relative_css_links().

This prevents making data URIs as in mask-image:url('data:image/svg+xml;utf8,<svg... relative to the WordPress installation.

Props staatic.
Merges [52754] to the 5.9 branch.
See #54243.
Fixes #55177.

Note: See TracTickets for help on using tickets.