From 499e2a0ff9beea3939350d84c9e6d8acb7adb791 Mon Sep 17 00:00:00 2001 From: Adam Silverstein Date: Sat, 15 Jul 2017 15:48:46 +0000 Subject: [PATCH] Move `sanitizeText` and `stripTags` from press this to `wp.sanitize`. Introduce the `wp.sanitize` namespace and add two helpers for text sanitization. `stripTags` strips HTML tags from a string using regex. Fixes #40635. Built from https://develop.svn.wordpress.org/trunk@41061 git-svn-id: http://core.svn.wordpress.org/trunk@40911 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/js/press-this.js | 37 ++---------------------- wp-admin/js/press-this.min.js | 2 +- wp-includes/js/utils.js | 1 + wp-includes/js/wp-sanitize.js | 47 +++++++++++++++++++++++++++++++ wp-includes/js/wp-sanitize.min.js | 1 + wp-includes/script-loader.php | 4 ++- wp-includes/version.php | 2 +- 7 files changed, 56 insertions(+), 38 deletions(-) create mode 100644 wp-includes/js/wp-sanitize.js create mode 100644 wp-includes/js/wp-sanitize.min.js diff --git a/wp-admin/js/press-this.js b/wp-admin/js/press-this.js index bf2e8300df..5d4d16546d 100644 --- a/wp-admin/js/press-this.js +++ b/wp-admin/js/press-this.js @@ -8,7 +8,6 @@ $window = $( window ), $document = $( document ), saveAlert = false, - textarea = document.createElement( 'textarea' ), sidebarIsOpen = false, settings = window.wpPressThisConfig || {}, data = window.wpPressThisData || {}, @@ -55,38 +54,6 @@ return key || ''; } - /** - * Strips HTML tags - * - * @param string string Text to have the HTML tags striped out of. - * @returns string Stripped text. - */ - function stripTags( string ) { - string = string || ''; - - return string - .replace( /|$)/g, '' ) - .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) - .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); - } - - /** - * Strip HTML tags and convert HTML entities. - * - * @param text string Text. - * @returns string Sanitized text. - */ - function sanitizeText( text ) { - var _text = stripTags( text ); - - try { - textarea.innerHTML = _text; - _text = stripTags( textarea.value ); - } catch ( er ) {} - - return _text; - } - /** * Allow only HTTP or protocol relative URLs. * @@ -97,7 +64,7 @@ url = $.trim( url || '' ); if ( /^(?:https?:)?\/\//.test( url ) ) { - url = stripTags( url ); + url = wp.sanitize.stripTags( url ); return url.replace( /["\\]+/g, '' ); } @@ -224,7 +191,7 @@ $image.replaceWith( $( '' ).text( $image.attr( 'alt' ) ) ); }); - return sanitizeText( $element.text() ); + return wp.sanitize.sanitizeText( $element.text() ); } /** diff --git a/wp-admin/js/press-this.min.js b/wp-admin/js/press-this.min.js index e6d614c89d..791dcb8705 100644 --- a/wp-admin/js/press-this.min.js +++ b/wp-admin/js/press-this.min.js @@ -1 +1 @@ -!function(a,b){var c=function(){function c(a){return a&&b.pressThisL10n?b.pressThisL10n[a]||a:a||""}function d(a){return a=a||"",a.replace(/|$)/g,"").replace(/<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/gi,"").replace(/<\/?[a-z][\s\S]*?(>|$)/gi,"")}function e(a){var b=d(a);try{O.innerHTML=b,b=d(O.value)}catch(c){}return b}function f(b){return b=a.trim(b||""),/^(?:https?:)?\/\//.test(b)?(b=d(b),b.replace(/["\\]+/g,"")):""}function g(){a(".spinner").addClass("is-active"),a(".post-actions button").attr("disabled","disabled")}function h(){a(".spinner").removeClass("is-active"),a(".post-actions button").removeAttr("disabled")}function i(a){var c,d;I&&!I.isHidden()||(a="reset"===a||aa&&aa>$.value.length,d=$.style.height,a?(c=b.pageYOffset,$.style.height="auto",$.style.height=Math.max($.scrollHeight,_)+"px",b.scrollTo(b.pageXOffset,c)):parseInt($.style.height,10)<$.scrollHeight&&($.style.height=$.scrollHeight+"px"),aa=$.value.length)}function j(){if(!I)return!1;var a,b,c,d=I.selection.getNode();if(I.wp&&I.wp.getView&&(b=I.wp.getView(d)))c=b.getBoundingClientRect();else{a=I.selection.getRng();try{c=a.getClientRects()[0]}catch(e){}c||(c=d.getBoundingClientRect())}return!!c.height&&c}function k(a){var c=b.tinymce.util.VK,d=a.keyCode;d<=47&&d!==c.SPACEBAR&&d!==c.ENTER&&d!==c.DELETE&&d!==c.BACKSPACE&&d!==c.UP&&d!==c.LEFT&&d!==c.DOWN&&d!==c.UP||d>=91&&d<=93||d>=112&&d<=123||144===d||145===d||l(d)}function l(a){var c,d,e,f=j(),g=50,h=65,i=b.tinymce.util.VK;f&&(c=f.top+I.iframeElement.getBoundingClientRect().top,d=c+f.height,c-=g,d+=h,e=L.height(),ee&&b.scrollTo(b.pageXOffset,d+b.pageYOffset-e)))}function m(){var b=a("#title-container");return b.find("img.emoji").each(function(){var b=a(this);b.replaceWith(a("").text(b.attr("alt")))}),e(b.text())}function n(){var c=a("#pressthis-form"),d=a('');I&&I.save(),a("#post_title").val(m()),b.tagBox&&a("div.tagsdiv").each(function(){b.tagBox.flushTags(this,!1,1)}),a(".categories-select .category").each(function(b,e){var f=a(e);f.hasClass("selected")&&c.append(d.clone().val(f.attr("data-term-id")||""))})}function o(d){var e;N=!1,g(),"publish"===d&&a("#post_status").val("publish"),n(),e=a("#pressthis-form").serialize(),a.ajax({type:"post",url:b.ajaxurl,data:e}).always(function(){h(),u(),a(".publish-button").removeClass("is-saving")}).done(function(a){if(a.success){if(a.data.redirect)if(b.opener&&(Q.redirInParent||a.data.force))try{b.opener.location.href=a.data.redirect,b.setTimeout(function(){b.self.close()},200)}catch(c){b.location.href=a.data.redirect}else b.location.href=a.data.redirect}else t(a.data.errorMessage)}).fail(function(){t(c("serverError"))})}function p(a){var c,d,e="";c=f(a.attr("data-wp-src")||""),d=f(R.u),a.hasClass("is-image")?(d||(d=c),e=''):e="[embed]"+c+"[/embed]",I&&!I.isHidden()?T?I.execCommand("mceInsertContent",!1,e):I.setContent("

"+e+"

"+I.getContent()):b.QTags&&b.QTags.insertContent(e)}function q(){var c,d=a("#new-category").val();d&&(c={action:"press-this-add-category",post_id:a("#post_ID").val()||0,name:d,new_cat_nonce:a("#_ajax_nonce-add-category").val()||"",parent:a("#new-category-parent").val()||0},a.post(b.ajaxurl,c,function(b){if(b.success){var c,d,e=a("ul.categories-select");a.each(b.data,function(b,f){var g=a("
  • ").append(a('