-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
safecss_filter_attr: Add exceptions for min(), max(), etc. functions #3212
safecss_filter_attr: Add exceptions for min(), max(), etc. functions #3212
Conversation
I added a few more test cases to this, combined the two regexes that handle CSS functions, and rewrote said regex so that it checks for balanced parentheses.
edit: lol I accidentally |
@@ -1602,7 +1602,7 @@ public function test_remove_insecure_properties_removes_unsafe_styles() { | |||
), | |||
'core/cover' => array( | |||
'filter' => array( | |||
'duotone' => 'var(--wp--preset--duotone--blue-red, var(--fallback-unsafe))', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These changes to the WP_Theme_JSON
tests are similar to WordPress/gutenberg#31982.
We were relying on the fact safecss_filter_attr
doesn't support nested var()
functions in order to test that attributes were being passed through safecss_filter_attr
. Since this PR makes it so that safecss_filter_attr
supports nested var()
functions, we need to change the test cases to a different invalid CSS string.
cc. @oandregal to make sure I'm not mistaken 😀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is my understanding too 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, changes make sense. Thanks!
Tests passing! I’m pretty happy with this. What do you think @SergeyBiryukov? |
Thanks for the PR! Merged in r54100. |
Trac ticket: https://core.trac.wordpress.org/ticket/55966
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.