-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitizer removes square-bracketed binding attributes #1076
Comments
@laras126 Hi! You're absolutely right. This is a problem in v0.6 of the plugin. However, in 0.7 support for amp-bind was added via #895. Would you please try the 0.7 branch and confirm that the problem with amp-bind is fixed? Note also that you won't have to include |
@westonruter Heyy, it works! How would you suggest implementing this update on a live site running the version on the plugin repository? |
@laras126 with the plugin repo cloned, you can run these commands: git checkout 0.7
npm install
npm run build That will create an |
Okay great, thank you @westonruter! Works like a charm. |
Expected behavior:
The square-bracketed binding attributes identified in
$globally_allowed_attrs
should not removed by the sanitizer.Actual behavior:
Attributes surrounded with square-brackets e.g.
[class]
and[text]
are removed by the sanitizer even though they are AMP compatible.Steps to reproduce:
amp-bind
in component scripts in functions.php:[my_button]
to the post editor.Notes
Adding a
print_r($attr_name);
to ./includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php reveals that, in the above example, the name of the attribute to be removed isfoo
. A similar problem occurs when a different expression constitutes the attribute's value – e.g.[class]="foo ? 'foo' : 'bar'"
– the$attr_name
is printed as:
.If the sanitizer is disabled by commenting out line 118 in ./includes/templates/class-amp-content.php, the
amp-bind
attribute is rendered and functions as expected.The text was updated successfully, but these errors were encountered: