safecss_filter_attr( string $css, string $deprecated = '' )
Filters an inline style attribute and removes disallowed rules.
Parameters
- $css
-
(Required) A string of CSS rules.
- $deprecated
-
(Optional) Not used.
Default value: ''
Return
(string) Filtered string of CSS rules.
Source
File: wp-includes/kses.php
function safecss_filter_attr( $css, $deprecated = '' ) {
if ( !empty( $deprecated ) )
_deprecated_argument( __FUNCTION__, 'WP-2.8.1' ); // Never implemented
$css = wp_kses_no_null($css);
$css = str_replace(array("\n","\r","\t"), '', $css);
if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
return '';
$css_array = explode( ';', trim( $css ) );
/**
* Filters list of allowed CSS attributes.
*
* @since WP-2.8.1
* @since WP-4.4.0 Added support for `min-height`, `max-height`, `min-width`, and `max-width`.
* @since WP-4.6.0 Added support for `list-style-type`.
*
* @param array $attr List of allowed CSS attributes.
*/
$allowed_attr = apply_filters( 'safe_style_css', array(
'background',
'background-color',
'border',
'border-width',
'border-color',
'border-style',
'border-right',
'border-right-color',
'border-right-style',
'border-right-width',
'border-bottom',
'border-bottom-color',
'border-bottom-style',
'border-bottom-width',
'border-left',
'border-left-color',
'border-left-style',
'border-left-width',
'border-top',
'border-top-color',
'border-top-style',
'border-top-width',
'border-spacing',
'border-collapse',
'caption-side',
'color',
'font',
'font-family',
'font-size',
'font-style',
'font-variant',
'font-weight',
'letter-spacing',
'line-height',
'text-decoration',
'text-indent',
'text-align',
'height',
'min-height',
'max-height',
'width',
'min-width',
'max-width',
'margin',
'margin-right',
'margin-bottom',
'margin-left',
'margin-top',
'padding',
'padding-right',
'padding-bottom',
'padding-left',
'padding-top',
'clear',
'cursor',
'direction',
'float',
'overflow',
'vertical-align',
'list-style-type',
) );
if ( empty($allowed_attr) )
return $css;
$css = '';
foreach ( $css_array as $css_item ) {
if ( $css_item == '' )
continue;
$css_item = trim( $css_item );
$found = false;
if ( strpos( $css_item, ':' ) === false ) {
$found = true;
} else {
$parts = explode( ':', $css_item );
if ( in_array( trim( $parts[0] ), $allowed_attr ) )
$found = true;
}
if ( $found ) {
if( $css != '' )
$css .= ';';
$css .= $css_item;
}
}
return $css;
}
Changelog
| Version | Description |
|---|---|
| 6.2.0 | Added support for aspect-ratio, position, top, right, bottom, left, and z-index CSS properties. |
| 6.1.0 | Added support for min(), max(), minmax(), clamp(), nested var() values, and assigning values to CSS variables.<br> Added support for object-fit, gap, column-gap, row-gap, and flex-wrap.<br> Extended margin-* and padding-* support for logical properties. |
| 5.8.0 | Added support for calc() and var() values. |
| 5.7.1 | Added support for object-position. |
| 5.3.1 | Added support for gradient backgrounds. |
| 5.3.0 | Added support for grid, flex and column layout properties.<br> Extended background-* support for individual properties. |
| 5.2.0 | Added support for background-position and grid-template-columns. |
| 5.1.0 | Added support for text-transform. |
| 5.0.0 | Added support for background-image. |
| 4.6.0 | Added support for list-style-type. |
| 4.4.0 | Added support for min-height, max-height, min-width, and max-width. |
| 2.8.1 | Introduced. |