mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-04 17:20:07 +00:00
KSES: Allow HTML data-* attributes.
Add global support for HTML attributes prefixed `data-` for authors and contributors, as required by the new editor. Merges [43727] to trunk. Props azaozz, peterwilsoncc. Fixes #33121. git-svn-id: https://develop.svn.wordpress.org/trunk@43981 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -825,4 +825,99 @@ EOF;
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Data attributes are globally accepted.
|
||||
*
|
||||
* @ticket 33121
|
||||
*/
|
||||
function test_wp_kses_attr_data_attribute_is_allowed() {
|
||||
$test = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data--invaild="gone" data-also-invaild-="gone" data-two-hyphens="remains">Pens and pencils</div>';
|
||||
$expected = '<div data-foo="foo" data-bar="bar" data-two-hyphens="remains">Pens and pencils</div>';
|
||||
|
||||
$this->assertEquals( $expected, wp_kses_post( $test ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure wildcard attributes block unprefixed wildcard uses.
|
||||
*
|
||||
* @ticket 33121
|
||||
*/
|
||||
function test_wildcard_requires_hyphen_after_prefix() {
|
||||
$allowed_html = array(
|
||||
'div' => array(
|
||||
'data-*' => true,
|
||||
'on-*' => true,
|
||||
),
|
||||
);
|
||||
|
||||
$string = '<div datamelformed-prefix="gone" data="gone" data-="gone" onclick="alert(1)">Malformed attributes</div>';
|
||||
$expected = '<div>Malformed attributes</div>';
|
||||
|
||||
$actual = wp_kses( $string, $allowed_html );
|
||||
|
||||
$this->assertSame( $expected, $actual );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure wildcard allows two hyphen.
|
||||
*
|
||||
* @ticket 33121
|
||||
*/
|
||||
function test_wildcard_allows_two_hyphens() {
|
||||
$allowed_html = array(
|
||||
'div' => array(
|
||||
'data-*' => true,
|
||||
),
|
||||
);
|
||||
|
||||
$string = '<div data-wp-id="pens-and-pencils">Well formed attribute</div>';
|
||||
$expected = '<div data-wp-id="pens-and-pencils">Well formed attribute</div>';
|
||||
|
||||
$actual = wp_kses( $string, $allowed_html );
|
||||
|
||||
$this->assertSame( $expected, $actual );
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure wildcard attributes only support valid prefixes.
|
||||
*
|
||||
* @dataProvider data_wildcard_attribute_prefixes
|
||||
*
|
||||
* @ticket 33121
|
||||
*/
|
||||
function test_wildcard_attribute_prefixes( $wildcard_attribute, $expected ) {
|
||||
$allowed_html = array(
|
||||
'div' => array(
|
||||
$wildcard_attribute => true,
|
||||
),
|
||||
);
|
||||
|
||||
$name = str_replace( '*', strtolower( __FUNCTION__ ), $wildcard_attribute );
|
||||
$value = __FUNCTION__;
|
||||
$whole = "{$name}=\"{$value}\"";
|
||||
|
||||
$actual = wp_kses_attr_check( $name, $value, $whole, 'n', 'div', $allowed_html );
|
||||
|
||||
$this->assertSame( $expected, $actual );
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array Array of arguments for wildcard testing
|
||||
* [0] The prefix being tested.
|
||||
* [1] The outcome of `wp_kses_attr_check` for the prefix.
|
||||
*/
|
||||
function data_wildcard_attribute_prefixes() {
|
||||
return array(
|
||||
// Ends correctly
|
||||
array( 'data-*', true ),
|
||||
|
||||
// Does not end with trialing `-`.
|
||||
array( 'data*', false ),
|
||||
|
||||
// Multiple wildcards.
|
||||
array( 'd*ta-*', false ),
|
||||
array( 'data**', false ),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1079,9 +1079,9 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
|
||||
array(
|
||||
// Raw values.
|
||||
array(
|
||||
'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
|
||||
'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
|
||||
'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
|
||||
'title' => '<a href="#" target="_blank" unfiltered=true>link</a>',
|
||||
'description' => '<a href="#" target="_blank" unfiltered=true>link</a>',
|
||||
'caption' => '<a href="#" target="_blank" unfiltered=true>link</a>',
|
||||
),
|
||||
// Expected returned values.
|
||||
array(
|
||||
|
||||
@@ -3283,9 +3283,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
||||
array(
|
||||
// Raw values.
|
||||
array(
|
||||
'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
|
||||
'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
|
||||
'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
|
||||
'title' => '<a href="#" target="_blank" unfiltered=true>link</a>',
|
||||
'content' => '<a href="#" target="_blank" unfiltered=true>link</a>',
|
||||
'excerpt' => '<a href="#" target="_blank" unfiltered=true>link</a>',
|
||||
),
|
||||
// Expected returned values.
|
||||
array(
|
||||
|
||||
Reference in New Issue
Block a user