In wptexturize() + tests:

* Allow well-formed HTML inside of shortcode attributes
* Restrict recursion. HTML is allowed but ignored.
* Do not allow exotic HTML comments in shortcode attributes.
* Continue to ignore the [ and ] chars if they appear in any HTML attribute.
* Update related regex patterns.
* Update unit tests.

Props miqrogroove.
Fixes #28564.


git-svn-id: https://develop.svn.wordpress.org/trunk@28773 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor
2014-06-18 19:48:46 +00:00
parent 6719d08d2d
commit 0688f9eb49
2 changed files with 13 additions and 5 deletions

View File

@@ -1145,6 +1145,10 @@ class Tests_Formatting_WPTexturize extends WP_UnitTestCase {
function data_tag_avoidance() {
return array(
array(
'[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
'[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]',
),
array(
'[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a> ]',
'[ photos by <a href="http://example.com/?a[]=1&#038;a[]=2"> this guy </a> ]',
@@ -1194,8 +1198,8 @@ class Tests_Formatting_WPTexturize extends WP_UnitTestCase {
'[gallery &#8230;',
),
array(
'[gallery <br ... /> ...]', // This tag is still valid. Shortcode 'attributes' are not considered in the initial parsing of shortcodes, and HTML is allowed.
'[gallery <br ... /> ...]',
'[gallery <br ... /> &#8230;]',
),
array(
'<br [gallery ...] ... />',
@@ -1234,8 +1238,8 @@ class Tests_Formatting_WPTexturize extends WP_UnitTestCase {
'[/gallery ...]]',
),
array(
'[[gallery <br ... /> ...]]', // This gets parsed as an escaped shortcode with embedded HTML. Brains may explode.
'[[gallery <br ... /> ...]]',
'[[gallery <br ... /> &#8230;]]',
),
array(
'<br [[gallery ...]] ... />',