From 428600fb939758f78cd8bccabce02e8fe189e6b3 Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Sun, 22 Sep 2019 22:17:57 +0000 Subject: [PATCH] KSES: Add support for modern layout techniques in `style` attribute. Adds support for `flex`, `grid` and `column` layout techniques to the list of CSS attributes considered safe for inline CSS. The `\` character and CSS functions, eg `minmax()` are not yet supported. Extends support of `border` properties to include `border-radius` and individual `background` properties to include all those implicitly supported by the shorthand attribute. Props mrahmadawais, marybaum, birgire, peterwilsoncc, azaozz. Fixes #37248. See #47367. Built from https://develop.svn.wordpress.org/trunk@46235 git-svn-id: http://core.svn.wordpress.org/trunk@46047 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/kses.php | 39 ++++++++++++++++++++++++++++++++++++--- wp-includes/version.php | 2 +- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 7975949370..07edc91ea9 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -2071,7 +2071,8 @@ function safecss_filter_attr( $css, $deprecated = '' ) { * @since 5.0.0 Added support for `background-image`. * @since 5.1.0 Added support for `text-transform`. * @since 5.2.0 Added support for `background-position` and `grid-template-columns` - * @since 5.3.0 Added support for `flex`, `flex-grow`, `flex-shrink`, and `flex-basis`. + * @since 5.3.0 Added support for `grid`, `flex` and `column` layout properties. + * Extend `background-*` support of individual properties. * * @param string[] $attr Array of allowed CSS attributes. */ @@ -2082,8 +2083,12 @@ function safecss_filter_attr( $css, $deprecated = '' ) { 'background-color', 'background-image', 'background-position', + 'background-size', + 'background-attachment', + 'background-blend-mode', 'border', + 'border-radius', 'border-width', 'border-color', 'border-style', @@ -2108,6 +2113,14 @@ function safecss_filter_attr( $css, $deprecated = '' ) { 'border-collapse', 'caption-side', + 'columns', + 'column-count', + 'column-fill', + 'column-gap', + 'column-rule', + 'column-span', + 'column-width', + 'color', 'font', 'font-family', @@ -2143,9 +2156,30 @@ function safecss_filter_attr( $css, $deprecated = '' ) { 'padding-top', 'flex', + 'flex-basis', + 'flex-direction', + 'flex-flow', 'flex-grow', 'flex-shrink', - 'flex-basis', + + 'grid-template-columns', + 'grid-auto-columns', + 'grid-column-start', + 'grid-column-end', + 'grid-column-gap', + 'grid-template-rows', + 'grid-auto-rows', + 'grid-row-start', + 'grid-row-end', + 'grid-row-gap', + 'grid-gap', + + 'justify-content', + 'justify-items', + 'justify-self', + 'align-content', + 'align-items', + 'align-self', 'clear', 'cursor', @@ -2154,7 +2188,6 @@ function safecss_filter_attr( $css, $deprecated = '' ) { 'overflow', 'vertical-align', 'list-style-type', - 'grid-template-columns', ) ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 3bb3301de0..bc742911bf 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-alpha-46234'; +$wp_version = '5.3-alpha-46235'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.