From d2e18ea76136283cb9b3adf611006558ea02486c Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamsilverstein@git.wordpress.org>
Date: Sat, 15 Jul 2017 15:47:16 +0000
Subject: [PATCH] Move `sanitizeText` and `stripTags` from press this to
 `wp.sanitize`.

Introduce the `wp.sanitize` namespace and add two helpers for text sanitization. `stripTags` strips HTML tags from a string using regex.

Fixes #40635.


git-svn-id: https://develop.svn.wordpress.org/trunk@41061 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/js/press-this.js     | 37 ++----------------------
 src/wp-includes/js/utils.js       |  1 +
 src/wp-includes/js/wp-sanitize.js | 47 +++++++++++++++++++++++++++++++
 src/wp-includes/script-loader.php |  4 ++-
 4 files changed, 53 insertions(+), 36 deletions(-)
 create mode 100644 src/wp-includes/js/wp-sanitize.js

diff --git a/src/wp-admin/js/press-this.js b/src/wp-admin/js/press-this.js
index bf2e8300df..5d4d16546d 100644
--- a/src/wp-admin/js/press-this.js
+++ b/src/wp-admin/js/press-this.js
@@ -8,7 +8,6 @@
 			$window               = $( window ),
 			$document             = $( document ),
 			saveAlert             = false,
-			textarea              = document.createElement( 'textarea' ),
 			sidebarIsOpen         = false,
 			settings              = window.wpPressThisConfig || {},
 			data                  = window.wpPressThisData || {},
@@ -55,38 +54,6 @@
 			return key || '';
 		}
 
-		/**
-		 * Strips HTML tags
-		 *
-		 * @param string string Text to have the HTML tags striped out of.
-		 * @returns string Stripped text.
-		 */
-		function stripTags( string ) {
-			string = string || '';
-
-			return string
-				.replace( /<!--[\s\S]*?(-->|$)/g, '' )
-				.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' )
-				.replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' );
-		}
-
-		/**
-		 * Strip HTML tags and convert HTML entities.
-		 *
-		 * @param text string Text.
-		 * @returns string Sanitized text.
-		 */
-		function sanitizeText( text ) {
-			var _text = stripTags( text );
-
-			try {
-				textarea.innerHTML = _text;
-				_text = stripTags( textarea.value );
-			} catch ( er ) {}
-
-			return _text;
-		}
-
 		/**
 		 * Allow only HTTP or protocol relative URLs.
 		 *
@@ -97,7 +64,7 @@
 			url = $.trim( url || '' );
 
 			if ( /^(?:https?:)?\/\//.test( url ) ) {
-				url = stripTags( url );
+				url = wp.sanitize.stripTags( url );
 				return url.replace( /["\\]+/g, '' );
 			}
 
@@ -224,7 +191,7 @@
 				$image.replaceWith( $( '<span>' ).text( $image.attr( 'alt' ) ) );
 			});
 
-			return sanitizeText( $element.text() );
+			return wp.sanitize.sanitizeText( $element.text() );
 		}
 
 		/**
diff --git a/src/wp-includes/js/utils.js b/src/wp-includes/js/utils.js
index d8fa7d8d22..48e078ed24 100644
--- a/src/wp-includes/js/utils.js
+++ b/src/wp-includes/js/utils.js
@@ -195,3 +195,4 @@ function getAllUserSettings() {
 
 	return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {};
 }
+
diff --git a/src/wp-includes/js/wp-sanitize.js b/src/wp-includes/js/wp-sanitize.js
new file mode 100644
index 0000000000..c03d163dac
--- /dev/null
+++ b/src/wp-includes/js/wp-sanitize.js
@@ -0,0 +1,47 @@
+( function () {
+
+	window.wp = window.wp || {};
+
+	/**
+	 * wp.sanitize
+	 *
+	 * Helper functions to sanitize strings.
+	 */
+	wp.sanitize = {
+
+		/**
+		 * Strip HTML tags.
+		 *
+		 * @param {string} text Text to have the HTML tags striped out of.
+		 *
+		 * @return  Stripped text.
+		 */
+		stripTags: function( text ) {
+			text = text || '';
+
+			return text
+				.replace( /<!--[\s\S]*?(-->|$)/g, '' )
+				.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' )
+				.replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' );
+		},
+
+		/**
+		 * Strip HTML tags and convert HTML entities.
+		 *
+		 * @param {string} text Text to strip tags and convert HTML entities.
+		 *
+		 * @return Sanitized text. False on failure.
+		 */
+		sanitizeText: function( text ) {
+			var _text = wp.utils.stripTags( text ),
+				textarea = document.createElement( 'textarea' );
+
+			try {
+				textarea.innerHTML = _text;
+				_text = wp.utils.stripTags( textarea.value );
+			} catch ( er ) {}
+
+			return _text;
+		}
+	};
+}() );
diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php
index 92ab72dfbb..0058c5e956 100644
--- a/src/wp-includes/script-loader.php
+++ b/src/wp-includes/script-loader.php
@@ -338,6 +338,8 @@ function wp_default_scripts( &$scripts ) {
 		),
 	) );
 
+	$scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array('jquery'), false, 1 );
+
 	$scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array('backbone', 'wp-util'), false, 1 );
 
 	$scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 );
@@ -576,7 +578,7 @@ function wp_default_scripts( &$scripts ) {
 			'permalinkSaved' => __( 'Permalink saved' ),
 		) );
 
-		$scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box' ), false, 1 );
+		$scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box', 'wp-sanitize' ), false, 1 );
 		did_action( 'init' ) && $scripts->localize( 'press-this', 'pressThisL10n', array(
 			'newPost' => __( 'Title' ),
 			'serverError' => __( 'Connection lost or the server is busy. Please try again later.' ),