Get WordPress

Make WordPress Core

Changeset 58294

Timestamp:
06/03/2024 01:24:25 PM (8 weeks ago)
Author:
dmsnell
Message:

KSES: Allow leading trailing double hyphen in data attributes

Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double - characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through kses.

For example, the Interactivity API frequently relies on custom data attributes
such as data-wp-on--click="...". The change in [43981] would strip these out
of the processed HTML, however.

Developed in https://github.com/WordPress/wordpress-develop/pull/6598
Discussed in https://core.trac.wordpress.org/ticket/61052

Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/kses.php

    r58196 r58294  
    12641264         * https://www.w3.org/TR/html40/struct/objects.html#adef-data).
    12651265         *
    1266          * Note: the attribute name should only contain `A-Za-z0-9_-` chars,
    1267          * double hyphens `--` are not accepted by WordPress.
     1266         * Note: the attribute name should only contain `A-Za-z0-9_-` chars.
    12681267         */
    12691268        if ( str_starts_with( $name_low, 'data-' ) && ! empty( $allowed_attr['data-*'] )
    1270             && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
     1269            && preg_match( '/^data+$/', $name_low, $match )
    12711270        ) {
    12721271            /*

  • trunk/tests/phpunit/tests/kses.php

    r58097 r58294  
    13631363     */
    13641364    public function test_wp_kses_attr_data_attribute_is_allowed() {
    1365         $test     = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data--invalid="gone"  data-also-invalid-="gone" data-two-hyphens="remains">Pens and pencils</div>';
     1365        $test     = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data-two-hyphens="remains">Pens and pencils</div>';
    13661366        $expected = '<div data-foo="foo" data-bar="bar" data-two-hyphens="remains">Pens and pencils</div>';
     1367
     1368
     1369
     1370
     1371
     1372
     1373
     1374
     1375
     1376
     1377
     1378
    13671379
    13681380        $this->assertSame( $expected, wp_kses_post( $test ) );
Note: See TracChangeset for help on using the changeset viewer.