KSES: Allow `lang`, `xml:lang`, `dir` attributes globally.

Globally permit the `lang`, `xml:lang`, and `dir` attributes on all elements rather than a subset in accordance with the HTML specification.

Props upsuper, SergeyBiryukov, mukesh27, audrasjb.
Fixes #54699.

Built from https://develop.svn.wordpress.org/trunk@52968


git-svn-id: http://core.svn.wordpress.org/trunk@52557 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Peter Wilson 2022-03-21 00:13:05 +00:00
parent 799d6d616c
commit d89f6097c4
2 changed files with 31 additions and 79 deletions

View File

@ -81,16 +81,10 @@ if ( ! CUSTOM_TAGS ) {
'target' => true,
),
'article' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'aside' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'audio' => array(
'autoplay' => true,
@ -101,14 +95,10 @@ if ( ! CUSTOM_TAGS ) {
'src' => true,
),
'b' => array(),
'bdo' => array(
'dir' => true,
),
'bdo' => array(),
'big' => array(),
'blockquote' => array(
'cite' => true,
'lang' => true,
'xml:lang' => true,
'cite' => true,
),
'br' => array(),
'button' => array(
@ -120,17 +110,13 @@ if ( ! CUSTOM_TAGS ) {
'caption' => array(
'align' => true,
),
'cite' => array(
'dir' => true,
'lang' => true,
),
'cite' => array(),
'code' => array(),
'col' => array(
'align' => true,
'char' => true,
'charoff' => true,
'span' => true,
'dir' => true,
'valign' => true,
'width' => true,
),
@ -148,33 +134,21 @@ if ( ! CUSTOM_TAGS ) {
'dd' => array(),
'dfn' => array(),
'details' => array(
'align' => true,
'dir' => true,
'lang' => true,
'open' => true,
'xml:lang' => true,
'align' => true,
'open' => true,
),
'div' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'dl' => array(),
'dt' => array(),
'em' => array(),
'fieldset' => array(),
'figure' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'figcaption' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'font' => array(
'color' => true,
@ -182,10 +156,7 @@ if ( ! CUSTOM_TAGS ) {
'size' => true,
),
'footer' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'h1' => array(
'align' => true,
@ -206,16 +177,10 @@ if ( ! CUSTOM_TAGS ) {
'align' => true,
),
'header' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'hgroup' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'hr' => array(
'align' => true,
@ -253,10 +218,7 @@ if ( ! CUSTOM_TAGS ) {
'value' => true,
),
'main' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'map' => array(
'name' => true,
@ -266,10 +228,7 @@ if ( ! CUSTOM_TAGS ) {
'type' => true,
),
'nav' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'object' => array(
'data' => array(
@ -282,10 +241,7 @@ if ( ! CUSTOM_TAGS ) {
),
),
'p' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'pre' => array(
'width' => true,
@ -296,26 +252,17 @@ if ( ! CUSTOM_TAGS ) {
's' => array(),
'samp' => array(),
'span' => array(
'dir' => true,
'align' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'section' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'small' => array(),
'strike' => array(),
'strong' => array(),
'sub' => array(),
'summary' => array(
'align' => true,
'dir' => true,
'lang' => true,
'xml:lang' => true,
'align' => true,
),
'sup' => array(),
'table' => array(
@ -324,7 +271,6 @@ if ( ! CUSTOM_TAGS ) {
'border' => true,
'cellpadding' => true,
'cellspacing' => true,
'dir' => true,
'rules' => true,
'summary' => true,
'width' => true,
@ -343,7 +289,6 @@ if ( ! CUSTOM_TAGS ) {
'char' => true,
'charoff' => true,
'colspan' => true,
'dir' => true,
'headers' => true,
'height' => true,
'nowrap' => true,
@ -1237,7 +1182,7 @@ function wp_kses_attr( $element, $attr, $allowed_html, $allowed_protocols ) {
* Determines whether an attribute is allowed.
*
* @since 4.2.3
* @since 5.0.0 Add support for `data-*` wildcard attributes.
* @since 5.0.0 Added support for `data-*` wildcard attributes.
*
* @param string $name The attribute name. Passed by reference. Returns empty string when not allowed.
* @param string $value The attribute value. Passed by reference. Returns a filtered value.
@ -1271,7 +1216,9 @@ function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowe
* Note: the attribute name should only contain `A-Za-z0-9_-` chars,
* double hyphens `--` are not accepted by WordPress.
*/
if ( strpos( $name_low, 'data-' ) === 0 && ! empty( $allowed_attr['data-*'] ) && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match ) ) {
if ( strpos( $name_low, 'data-' ) === 0 && ! empty( $allowed_attr['data-*'] )
&& preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
) {
/*
* Add the whole attribute name to the allowed attributes and set any restrictions
* for the `data-*` attribute values for the current element.
@ -2552,7 +2499,9 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
* Helper function to add global attributes to a tag in the allowed HTML list.
*
* @since 3.5.0
* @since 5.0.0 Add support for `data-*` wildcard attributes.
* @since 5.0.0 Added support for `data-*` wildcard attributes.
* @since 6.0.0 Added `dir`, `lang`, and `xml:lang` to global attributes.
*
* @access private
* @ignore
*
@ -2567,11 +2516,14 @@ function _wp_add_global_attributes( $value ) {
'aria-labelledby' => true,
'aria-hidden' => true,
'class' => true,
'data-*' => true,
'dir' => true,
'id' => true,
'lang' => true,
'style' => true,
'title' => true,
'role' => true,
'data-*' => true,
'xml:lang' => true,
);
if ( true === $value ) {

View File

@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.0-alpha-52967';
$wp_version = '6.0-alpha-52968';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.