From ec289a6c042b3a336256056f020007a4ebb61641 Mon Sep 17 00:00:00 2001 From: tellthemachines Date: Mon, 19 Jun 2023 15:24:54 +1000 Subject: [PATCH 1/3] Add kses support for repeat --- src/wp-includes/kses.php | 8 ++------ tests/phpunit/tests/kses.php | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php index c8892994369a8..8ecad72e8ae2e 100644 --- a/src/wp-includes/kses.php +++ b/src/wp-includes/kses.php @@ -2279,7 +2279,7 @@ function kses_init() { * Extended `margin-*` and `padding-*` support for logical properties. * @since 6.2.0 Added support for `aspect-ratio`, `position`, `top`, `right`, `bottom`, `left`, * and `z-index` CSS properties. - * @since 6.3.0 Extended support for `filter` to accept a URL. + * @since 6.3.0 Extended support for `filter` to accept a URL and added support for repeat(). * * @param string $css A string of CSS rules. * @param string $deprecated Not used. @@ -2563,7 +2563,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) { * Nested functions and parentheses are also removed, so long as the parentheses are balanced. */ $css_test_string = preg_replace( - '/\b(?:var|calc|min|max|minmax|clamp)(\((?:[^()]|(?1))*\))/', + '/\b(?:var|calc|min|max|minmax|clamp|repeat)(\((?:[^()]|(?1))*\))/', '', $css_test_string ); @@ -2608,7 +2608,6 @@ function safecss_filter_attr( $css, $deprecated = '' ) { * @since 3.5.0 * @since 5.0.0 Added support for `data-*` wildcard attributes. * @since 6.0.0 Added `dir`, `lang`, and `xml:lang` to global attributes. - * @since 6.3.0 Added `aria-controls`, `aria-current`, and `aria-expanded` attributes. * * @access private * @ignore @@ -2618,11 +2617,8 @@ function safecss_filter_attr( $css, $deprecated = '' ) { */ function _wp_add_global_attributes( $value ) { $global_attributes = array( - 'aria-controls' => true, - 'aria-current' => true, 'aria-describedby' => true, 'aria-details' => true, - 'aria-expanded' => true, 'aria-label' => true, 'aria-labelledby' => true, 'aria-hidden' => true, diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php index 3c6749799ad19..d28f764a599cc 100644 --- a/tests/phpunit/tests/kses.php +++ b/tests/phpunit/tests/kses.php @@ -937,6 +937,7 @@ public function test_wp_kses_attr_no_attributes_allowed_with_false() { * @ticket 48376 * @ticket 55966 * @ticket 56122 + * @ticket 58551 * @dataProvider data_safecss_filter_attr * * @param string $css A string of CSS rules. @@ -1047,9 +1048,9 @@ public function data_safecss_filter_attr() { 'css' => 'grid-template-rows: 40px 4em 40px;grid-auto-rows: min-content;grid-row-start: -1;grid-row-end: 3;grid-row-gap: 1em', 'expected' => 'grid-template-rows: 40px 4em 40px;grid-auto-rows: min-content;grid-row-start: -1;grid-row-end: 3;grid-row-gap: 1em', ), - // `grid` does not yet support functions or `\`. + // `grid` does not yet support `\`. array( - 'css' => 'grid-template-columns: repeat(2, 50px 1fr);grid-template: 1em / 20% 20px 1fr', + 'css' => 'grid-template: 1em / 20% 20px 1fr', 'expected' => '', ), // `flex` and `grid` alignments introduced in 5.3. @@ -1321,6 +1322,20 @@ public function data_safecss_filter_attr() { 'css' => 'filter: url( my-file.svg#svg-blur );', 'expected' => 'filter: url( my-file.svg#svg-blur )', ), + // Support for `repeat` function. + array( + 'css' => 'grid-template-columns: repeat(4, minmax(0, 1fr))', + 'expected' => 'grid-template-columns: repeat(4, minmax(0, 1fr))', + ), + array( + 'css' => 'grid-template-columns: repeat(auto-fill, minmax(min(12rem, 100%), 1fr))', + 'expected' => 'grid-template-columns: repeat(auto-fill, minmax(min(12rem, 100%), 1fr))', + ), + // Malformed repeat, no closing `)`. + array( + 'css' => 'grid-template-columns: repeat(4, minmax(0, 1fr)', + 'expected' => '', + ), ); } From 79472f567023e9d6e76930c1204ddf978b3116dc Mon Sep 17 00:00:00 2001 From: tellthemachines Date: Tue, 20 Jun 2023 10:45:47 +1000 Subject: [PATCH 2/3] Re-add deleted lines --- src/wp-includes/kses.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php index 8ecad72e8ae2e..cafc64b1d13d8 100644 --- a/src/wp-includes/kses.php +++ b/src/wp-includes/kses.php @@ -2608,6 +2608,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) { * @since 3.5.0 * @since 5.0.0 Added support for `data-*` wildcard attributes. * @since 6.0.0 Added `dir`, `lang`, and `xml:lang` to global attributes. + * @since 6.3.0 Added `aria-controls`, `aria-current`, and `aria-expanded` attributes. * * @access private * @ignore @@ -2617,8 +2618,11 @@ function safecss_filter_attr( $css, $deprecated = '' ) { */ function _wp_add_global_attributes( $value ) { $global_attributes = array( + 'aria-controls' => true, + 'aria-current' => true, 'aria-describedby' => true, 'aria-details' => true, + 'aria-expanded' => true, 'aria-label' => true, 'aria-labelledby' => true, 'aria-hidden' => true, From a770e985a4909715cb50d45029f24a3dd508bd6f Mon Sep 17 00:00:00 2001 From: tellthemachines Date: Tue, 20 Jun 2023 11:41:03 +1000 Subject: [PATCH 3/3] Add test for unsupported function Co-authored-by: Peter Wilson <519727+peterwilsoncc@users.noreply.github.com> --- tests/phpunit/tests/kses.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php index d28f764a599cc..a19df38626a7a 100644 --- a/tests/phpunit/tests/kses.php +++ b/tests/phpunit/tests/kses.php @@ -1336,6 +1336,11 @@ public function data_safecss_filter_attr() { 'css' => 'grid-template-columns: repeat(4, minmax(0, 1fr)', 'expected' => '', ), + // Malformed repeat, contains unsupported function. + array( + 'css' => 'grid-template-columns: repeat(4, unsupported(0, 1fr)', + 'expected' => '', + ), ); }