KSES: Allow HTML data-* attributes.

Add global support for HTML attributes prefixed `data-` for authors and contributors, as required by the new editor.

Merges [43727] to trunk.

Props azaozz, peterwilsoncc.
Fixes #33121.


git-svn-id: https://develop.svn.wordpress.org/trunk@43981 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jeremy Felt
2018-12-12 02:38:14 +00:00
parent 894a8e02d2
commit 1c9f359857
4 changed files with 129 additions and 13 deletions

View File

@@ -825,4 +825,99 @@ EOF;
),
);
}
/**
* Data attributes are globally accepted.
*
* @ticket 33121
*/
function test_wp_kses_attr_data_attribute_is_allowed() {
$test = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data--invaild="gone" data-also-invaild-="gone" data-two-hyphens="remains">Pens and pencils</div>';
$expected = '<div data-foo="foo" data-bar="bar" data-two-hyphens="remains">Pens and pencils</div>';
$this->assertEquals( $expected, wp_kses_post( $test ) );
}
/**
* Ensure wildcard attributes block unprefixed wildcard uses.
*
* @ticket 33121
*/
function test_wildcard_requires_hyphen_after_prefix() {
$allowed_html = array(
'div' => array(
'data-*' => true,
'on-*' => true,
),
);
$string = '<div datamelformed-prefix="gone" data="gone" data-="gone" onclick="alert(1)">Malformed attributes</div>';
$expected = '<div>Malformed attributes</div>';
$actual = wp_kses( $string, $allowed_html );
$this->assertSame( $expected, $actual );
}
/**
* Ensure wildcard allows two hyphen.
*
* @ticket 33121
*/
function test_wildcard_allows_two_hyphens() {
$allowed_html = array(
'div' => array(
'data-*' => true,
),
);
$string = '<div data-wp-id="pens-and-pencils">Well formed attribute</div>';
$expected = '<div data-wp-id="pens-and-pencils">Well formed attribute</div>';
$actual = wp_kses( $string, $allowed_html );
$this->assertSame( $expected, $actual );
}
/**
* Ensure wildcard attributes only support valid prefixes.
*
* @dataProvider data_wildcard_attribute_prefixes
*
* @ticket 33121
*/
function test_wildcard_attribute_prefixes( $wildcard_attribute, $expected ) {
$allowed_html = array(
'div' => array(
$wildcard_attribute => true,
),
);
$name = str_replace( '*', strtolower( __FUNCTION__ ), $wildcard_attribute );
$value = __FUNCTION__;
$whole = "{$name}=\"{$value}\"";
$actual = wp_kses_attr_check( $name, $value, $whole, 'n', 'div', $allowed_html );
$this->assertSame( $expected, $actual );
}
/**
* @return array Array of arguments for wildcard testing
* [0] The prefix being tested.
* [1] The outcome of `wp_kses_attr_check` for the prefix.
*/
function data_wildcard_attribute_prefixes() {
return array(
// Ends correctly
array( 'data-*', true ),
// Does not end with trialing `-`.
array( 'data*', false ),
// Multiple wildcards.
array( 'd*ta-*', false ),
array( 'data**', false ),
);
}
}

View File

@@ -1079,9 +1079,9 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
array(
// Raw values.
array(
'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'description' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'caption' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'title' => '<a href="#" target="_blank" unfiltered=true>link</a>',
'description' => '<a href="#" target="_blank" unfiltered=true>link</a>',
'caption' => '<a href="#" target="_blank" unfiltered=true>link</a>',
),
// Expected returned values.
array(

View File

@@ -3283,9 +3283,9 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
array(
// Raw values.
array(
'title' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'content' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'excerpt' => '<a href="#" target="_blank" data-unfiltered=true>link</a>',
'title' => '<a href="#" target="_blank" unfiltered=true>link</a>',
'content' => '<a href="#" target="_blank" unfiltered=true>link</a>',
'excerpt' => '<a href="#" target="_blank" unfiltered=true>link</a>',
),
// Expected returned values.
array(