[wp-trac] [WordPress Trac] #60979: safecss_filter_attr() should support query strings with "& " as used by Gutenberg
WordPress Trac
noreply at wordpress.org
Wed Apr 10 13:13:46 UTC 2024
#60979: safecss_filter_attr() should support query strings with "&" as used by
Gutenberg
-------------------------------+-----------------------------
Reporter: philippmuenchen | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: 6.5
Severity: normal | Keywords: needs-patch
Focuses: |
-------------------------------+-----------------------------
Gutenberg transforms "&" to "&" when saving content.
E.g. for the Media/Text-Block the content that is filtered by
{{{safecss_filter_attr()}}} might contain "&" as here:
{{{
style="background-
image:url(https://example.com/uploads/sites/2/2023/10/image.jpg?width=1024&height=600
);background-position:46% 43%"
}}}
As {{{safecss_filter_attr()}}} simply explodes the style value by
semicolons. Therefore the example above does not pass and gets striped
out. Finally the block layout breaks as the saved result is:
{{{
style="background-position:46% 43%"
}}}
Fixing it for the moment by filtering the content before kses-functions:
{{{#!php
<?php
add_filter('pre_kses', function ($content) {
// Replace all '&' with '&' in the parameters of every URL in the
content
return preg_replace_callback('/(https?:\/\/[^\s]*?)&([^#]*?)/',
function($matches) {
return str_replace('&', '&', $matches[0]);
}, $content);
});
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60979>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list