[wp-trac] [WordPress Trac] #44988: The sanitize_html_class() is deceptive / "buggy"
    WordPress Trac 
    noreply at wordpress.org
       
    Fri Sep 28 10:28:34 UTC 2018
    
    
  
#44988: The sanitize_html_class() is deceptive / "buggy"
----------------------------+------------------------------
 Reporter:  ChiefAlchemist  |       Owner:  (none)
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Formatting      |     Version:  4.9.6
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+------------------------------
Comment (by ayeshrajans):
 The W3 spec does say that class names cannot start with a digit, single or
 double hyphens.
 https://www.w3.org/TR/CSS21/syndata.html#characters
 We can either remove the invalid characters or replace them. I'm leaning
 towards replacing them with an underscore because we cal still salvage an
 invalid class name from it (`12345` would become `'_2345'` instead of
 `''`).
 {{{#!php
 $sanitized = preg_replace( array(
                 '/^[0-9]/',
                 '/^(-[0-9])|^(--)/',
         ), array(
                 '_',
                 '__',
         ), $sanitized);
 }}}
 Backwards compatibility should not be issue because invalid classes are
 dropped by browsers anyway: https://jsfiddle.net/4om9bqhp/
 I will attach a patch in next reply, but it raises some more issues...
-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44988#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
    
    
More information about the wp-trac
mailing list