safecss_filter_attr() – Filters an inline style attribute and removes disallowed rules.

You appear to be a bot. Output may be restricted

Description

Filters an inline style attribute and removes disallowed rules.

Usage

$string = safecss_filter_attr( $css, $deprecated );

Parameters

$css
( string ) required – A string of CSS rules.
$deprecated
( string ) optional – Not used.

Returns

string Filtered string of CSS rules.

Source

File name: wordpress/wp-includes/kses.php
Lines:

101 to 200 of 270

      'padding',
      'padding-right',
      'padding-bottom',
      'padding-left',
      'padding-top',

      'flex',
      'flex-basis',
      'flex-direction',
      'flex-flow',
      'flex-grow',
      'flex-shrink',

      'grid-template-columns',
      'grid-auto-columns',
      'grid-column-start',
      'grid-column-end',
      'grid-column-gap',
      'grid-template-rows',
      'grid-auto-rows',
      'grid-row-start',
      'grid-row-end',
      'grid-row-gap',
      'grid-gap',

      'justify-content',
      'justify-items',
      'justify-self',
      'align-content',
      'align-items',
      'align-self',

      'clear',
      'cursor',
      'direction',
      'float',
      'list-style-type',
      'object-position',
      'overflow',
      'vertical-align',
    )
  );

  /*
	 * CSS attributes that accept URL data types.
	 *
	 * This is in accordance to the CSS spec and unrelated to
	 * the sub-set of supported attributes above.
	 *
	 * See: https://developer.mozilla.org/en-US/docs/Web/CSS/url
	 */
  $css_url_data_types = array(
    'background',
    'background-image',

    'cursor',

    'list-style',
    'list-style-image',
  );

  /*
	 * CSS attributes that accept gradient data types.
	 *
	 */
  $css_gradient_data_types = array(
    'background',
    'background-image',
  );

  if ( empty( $allowed_attr ) ) {
    return $css;
  }

  $css = '';
  foreach ( $css_array as $css_item ) {
    if ( '' === $css_item ) {
      continue;
    }

    $css_item        = trim( $css_item );
    $css_test_string = $css_item;
    $found           = false;
    $url_attr        = false;
    $gradient_attr   = false;

    if ( strpos( $css_item, ':' ) === false ) {
      $found = true;
    } else {
      $parts        = explode( ':', $css_item, 2 );
      $css_selector = trim( $parts[0] );

      if ( in_array( $css_selector, $allowed_attr, true ) ) {
        $found         = true;
        $url_attr      = in_array( $css_selector, $css_url_data_types, true );
        $gradient_attr = in_array( $css_selector, $css_gradient_data_types, true );
      }
    }

 

 View on GitHub View on Trac