Formatting: add a new 'safe_style_disallowed_chars' filter.

Enable developers to change the regex used in `safecss_filter_attr` to limit characters in the parsed CSS.

Props paulschreiber, swissspidy, rmccue, bartekcholewa, miinasikk.
Fixes #37134.


Built from https://develop.svn.wordpress.org/trunk@47891


git-svn-id: http://core.svn.wordpress.org/trunk@47665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Adam Silverstein 2020-06-02 23:46:11 +00:00
parent 569c006248
commit 86b50870ec
2 changed files with 18 additions and 7 deletions

View File

@ -2301,13 +2301,24 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
}
}
// Remove any CSS containing containing \ ( & } = or comments, except for url() useage checked above.
if ( $found && ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ) ) {
if ( '' !== $css ) {
$css .= ';';
if ( $found ) {
/**
* Filters the regex limiting the list of characters not allowed in CSS rules.
*
* Default behaviour is to remove any css containing \ ( & } = or comments, except for url() usage.
*
* @since 5.5.0
*
* @param string $regex Regex pattern of disallowed characters in CSS rules. Default is '%[\\\(&=}]|/\*%'.
* @param string $css_test_string CSS value to test.
*/
$disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string );
if ( ! preg_match( $disallowed_chars, $css_test_string ) ) {
if ( '' !== $css ) {
$css .= ';';
}
$css .= $css_item;
}
$css .= $css_item;
}
}

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.5-alpha-47889';
$wp_version = '5.5-alpha-47891';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.