mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-22 09:07:59 +01:00
Formatting: add a new 'safe_style_disallowed_chars' filter.
Enable developers to change the regex used in `safecss_filter_attr` to limit characters in the parsed CSS. Props paulschreiber, swissspidy, rmccue, bartekcholewa, miinasikk. Fixes #37134. Built from https://develop.svn.wordpress.org/trunk@47891 git-svn-id: http://core.svn.wordpress.org/trunk@47665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
569c006248
commit
86b50870ec
@ -2301,13 +2301,24 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
|
||||
}
|
||||
}
|
||||
|
||||
// Remove any CSS containing containing \ ( & } = or comments, except for url() useage checked above.
|
||||
if ( $found && ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ) ) {
|
||||
if ( '' !== $css ) {
|
||||
$css .= ';';
|
||||
if ( $found ) {
|
||||
/**
|
||||
* Filters the regex limiting the list of characters not allowed in CSS rules.
|
||||
*
|
||||
* Default behaviour is to remove any css containing \ ( & } = or comments, except for url() usage.
|
||||
*
|
||||
* @since 5.5.0
|
||||
*
|
||||
* @param string $regex Regex pattern of disallowed characters in CSS rules. Default is '%[\\\(&=}]|/\*%'.
|
||||
* @param string $css_test_string CSS value to test.
|
||||
*/
|
||||
$disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string );
|
||||
if ( ! preg_match( $disallowed_chars, $css_test_string ) ) {
|
||||
if ( '' !== $css ) {
|
||||
$css .= ';';
|
||||
}
|
||||
$css .= $css_item;
|
||||
}
|
||||
|
||||
$css .= $css_item;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -13,7 +13,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '5.5-alpha-47889';
|
||||
$wp_version = '5.5-alpha-47891';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user