Editor: Ensure block comments are of a valid form.

Ensures that the block delimiter comments are of a valid form: opening with `<!--` and closing with `-->`.

Props xknown, isabel_brison, peterwilsoncc.


Built from https://develop.svn.wordpress.org/trunk@55762


git-svn-id: http://core.svn.wordpress.org/trunk@55274 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/blocks.php

@@ -800,6 +800,10 @@ function serialize_blocks( $blocks ) {
 function filter_block_content( $text, $allowed_html = 'post', $allowed_protocols = array() ) {
 	$result = '';
 
+	if ( false !== strpos( $text, '<!--' ) && false !== strpos( $text, '--->' ) ) {
+		$text = preg_replace_callback( '%<!--(.*?)--->%', '_filter_block_content_callback', $text );
+	}
+
 	$blocks = parse_blocks( $text );
 	foreach ( $blocks as $block ) {
 		$block   = filter_block_kses( $block, $allowed_html, $allowed_protocols );
@@ -809,6 +813,19 @@ function filter_block_content( $text, $allowed_html = 'post', $allowed_protocols
 	return $result;
 }
 
+/**
+ * Callback used for regular expression replacement in filter_block_content().
+ *
+ * @private
+ * @since 6.2.1
+ *
+ * @param array $matches Array of preg_replace_callback matches.
+ * @return string Replacement string.
+ */
+function _filter_block_content_callback( $matches ) {
+	return '<!--' . rtrim( $matches[1], '-' ) . '-->';
+}
+
 /**
  * Filters and sanitizes a parsed block to remove non-allowable HTML
  * from block attribute values.

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.3-alpha-55761';
+$wp_version = '6.3-alpha-55762';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.