From b8487747b8eba2562ab05db3cff2440a22761e94 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Mon, 17 May 2021 21:04:59 +0000
Subject: [PATCH] KSES: Allow `calc()` and `var()` values to be used in inline
 CSS.

Props aristath, displaynone, joyously, olafklejnstrupjensen, sabernhardt, jamesbonham, poena.
Fixes #46197, #46498.
Built from https://develop.svn.wordpress.org/trunk@50923


git-svn-id: http://core.svn.wordpress.org/trunk@50532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/kses.php    | 9 ++++++++-
 wp-includes/version.php | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index fa3b343cac..a996b86a91 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -2172,6 +2172,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 	 *              Extend `background-*` support of individual properties.
 	 * @since 5.3.1 Added support for gradient backgrounds.
 	 * @since 5.7.1 Added support for `object-position`.
+	 * @since 5.8.0 Added support for `calc()` and `var()` values.
 	 *
 	 * @param string[] $attr Array of allowed CSS attributes.
 	 */
@@ -2381,7 +2382,13 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 		}
 
 		if ( $found ) {
-			// Check for any CSS containing \ ( & } = or comments, except for url() usage checked above.
+			// Allow CSS calc().
+			$css_test_string = preg_replace( '/calc\(((?:\([^()]*\)?|[^()])*)\)/', '', $css_test_string );
+			// Allow CSS var().
+			$css_test_string = preg_replace( '/\(?var\(--[a-zA-Z0-9_-]*\)/', '', $css_test_string );
+
+			// Check for any CSS containing \ ( & } = or comments,
+			// except for url(), calc(), or var() usage checked above.
 			$allow_css = ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string );
 
 			/**
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 88ac0425cf..af12dea12e 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.8-alpha-50922';
+$wp_version = '5.8-alpha-50923';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.