fix: WC escaping

oblakstudio · Dec 17, 2024 · 899156e · 899156e
1 parent 4652e69
commit 899156e
Showing 1 changed file with 25 additions and 13 deletions.
diff --git a/src/Oblak-WooCommerce/ruleset.xml b/src/Oblak-WooCommerce/ruleset.xml
@@ -7,6 +7,11 @@
 	-->
   <rule ref="WooCommerce"/>
 
+  <!--
+	#############################################################################
+	Custom overrides
+	#############################################################################
+	-->
   <rule ref="WordPress.WP.I18n">
 		<properties>
 			<property name="text_domain" type="array" extend="true">
@@ -15,29 +20,36 @@
 		</properties>
 	</rule>
 
-  <!--
-	#############################################################################
-	Custom overrides
-	#############################################################################
-	-->
   <rule ref="WordPress.Security.ValidatedSanitizedInput">
 		<properties>
-			<property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink,wc_sanitize_textarea" />
+			<property name="customSanitizingFunctions" type="array" extend="true">
+        <element value="wc_clean"/>
+        <element value="wc_sanitize_tooltip"/>
+        <element value="wc_format_decimal"/>
+        <element value="wc_stock_amount"/>
+        <element value="wc_sanitize_permalink"/>
+        <element value="wc_sanitize_textarea"/>
+      </property>
 		</properties>
 	</rule>
 
 	<rule ref="WordPress.Security.EscapeOutput">
 		<properties>
-			<property name="customEscapingFunctions" type="array" value="wc_help_tip,wc_sanitize_tooltip,wc_selected,wc_kses_notice,wc_esc_json,wc_query_string_form_fields,wc_make_phone_clickable" />
+			<property name="customEscapingFunctions" type="array" extend="true">
+        <element value="wc_help_tip"/>
+        <element value="wc_sanitize_tooltip"/>
+        <element value="wc_selected"/>
+        <element value="wc_kses_notice"/>
+        <element value="wc_esc_json"/>
+        <element value="wc_query_string_form_fields"/>
+        <element value="wc_make_phone_clickable"/>
+      </property>
+			<property name="customAutoEscapedFunctions" type="array">
+        <element value="wc_price"/>
+      </property>
 		</properties>
 	</rule>
 
-  <rule ref="WordPress.Security.EscapeOutput">
-    <properties>
-      <property name="customAutoEscapedFunctions" type="array" value="wc_price"/>
-    </properties>
-  </rule>
-
 	<rule ref="Squiz.Commenting">
 		<exclude name="Squiz.Commenting.LongConditionClosingComment" />
 		<exclude name="Squiz.Commenting.PostStatementComment" />