KSES: Add support for modern layout techniques in `style` attribute.

Adds support for `flex`, `grid` and `column` layout techniques to the list of CSS attributes considered safe for inline CSS. The `\` character and CSS functions, eg `minmax()` are not yet supported. Extends support of `border` properties to include `border-radius` and individual `background` properties to include all those implicitly supported by the shorthand attribute. Props mrahmadawais, marybaum, birgire, peterwilsoncc, azaozz. Fixes #37248. See #47367. Built from https://develop.svn.wordpress.org/trunk@46235 git-svn-id: http://core.svn.wordpress.org/trunk@46047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-22 22:17:57 +00:00 · 2019-09-22 22:17:57 +00:00 · 428600fb93
parent fa5fb55e1d
commit 428600fb93
2 changed files with 37 additions and 4 deletions
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@ -2071,7 +2071,8 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 	 * @since 5.0.0 Added support for `background-image`.
 	 * @since 5.1.0 Added support for `text-transform`.
 	 * @since 5.2.0 Added support for `background-position` and `grid-template-columns`
-	 * @since 5.3.0 Added support for `flex`, `flex-grow`, `flex-shrink`, and `flex-basis`.
+	 * @since 5.3.0 Added support for `grid`, `flex` and `column` layout properties.
 	 *              Extend `background-*` support of individual properties.
 	 *
 	 * @param string[] $attr Array of allowed CSS attributes.
 	 */
@ -2082,8 +2083,12 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'background-color',
 			'background-image',
 			'background-position',
 			'background-size',
 			'background-attachment',
 			'background-blend-mode',
 			'border',
 			'border-radius',
 			'border-width',
 			'border-color',
 			'border-style',
@ -2108,6 +2113,14 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'border-collapse',
 			'caption-side',
 			'columns',
 			'column-count',
 			'column-fill',
 			'column-gap',
 			'column-rule',
 			'column-span',
 			'column-width',
 			'color',
 			'font',
 			'font-family',
@ -2143,9 +2156,30 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'padding-top',
 			'flex',
 			'flex-basis',
 			'flex-direction',
 			'flex-flow',
 			'flex-grow',
 			'flex-shrink',
-			'flex-basis',
+
 			'grid-template-columns',
 			'grid-auto-columns',
 			'grid-column-start',
 			'grid-column-end',
 			'grid-column-gap',
 			'grid-template-rows',
 			'grid-auto-rows',
 			'grid-row-start',
 			'grid-row-end',
 			'grid-row-gap',
 			'grid-gap',
 			'justify-content',
 			'justify-items',
 			'justify-self',
 			'align-content',
 			'align-items',
 			'align-self',
 			'clear',
 			'cursor',
@ -2154,7 +2188,6 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'overflow',
 			'vertical-align',
 			'list-style-type',
 			'grid-template-columns',
 		)
 	);
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.3-alpha-46234';
+$wp_version = '5.3-alpha-46235';
 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.