safecss_filter_attr( string $css, string $deprecated = '' )

Inline CSS filter

Parameters

$css

(string) (Required) A string of CSS rules.

$deprecated

(string) (Optional) Not used.

Default value: ''

Return

(string) Filtered string of CSS rules.

Source

File: wp-includes/kses.php 

function safecss_filter_attr( $css, $deprecated = '' ) {
	if ( !empty( $deprecated ) )
		_deprecated_argument( __FUNCTION__, 'WP-2.8.1' ); // Never implemented

	$css = wp_kses_no_null($css);
	$css = str_replace(array("\n","\r","\t"), '', $css);

	if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
		return '';

	$css_array = explode( ';', trim( $css ) );

	/**
	 * Filters list of allowed CSS attributes.
	 *
	 * @since WP-2.8.1
	 * @since WP-4.4.0 Added support for `min-height`, `max-height`, `min-width`, and `max-width`.
	 * @since WP-4.6.0 Added support for `list-style-type`.
	 *
	 * @param array $attr List of allowed CSS attributes.
	 */
	$allowed_attr = apply_filters( 'safe_style_css', array(
		'background',
		'background-color',

		'border',
		'border-width',
		'border-color',
		'border-style',
		'border-right',
		'border-right-color',
		'border-right-style',
		'border-right-width',
		'border-bottom',
		'border-bottom-color',
		'border-bottom-style',
		'border-bottom-width',
		'border-left',
		'border-left-color',
		'border-left-style',
		'border-left-width',
		'border-top',
		'border-top-color',
		'border-top-style',
		'border-top-width',

		'border-spacing',
		'border-collapse',
		'caption-side',

		'color',
		'font',
		'font-family',
		'font-size',
		'font-style',
		'font-variant',
		'font-weight',
		'letter-spacing',
		'line-height',
		'text-decoration',
		'text-indent',
		'text-align',

		'height',
		'min-height',
		'max-height',

		'width',
		'min-width',
		'max-width',

		'margin',
		'margin-right',
		'margin-bottom',
		'margin-left',
		'margin-top',

		'padding',
		'padding-right',
		'padding-bottom',
		'padding-left',
		'padding-top',

		'clear',
		'cursor',
		'direction',
		'float',
		'overflow',
		'vertical-align',
		'list-style-type',
	) );

	if ( empty($allowed_attr) )
		return $css;

	$css = '';
	foreach ( $css_array as $css_item ) {
		if ( $css_item == '' )
			continue;
		$css_item = trim( $css_item );
		$found = false;
		if ( strpos( $css_item, ':' ) === false ) {
			$found = true;
		} else {
			$parts = explode( ':', $css_item );
			if ( in_array( trim( $parts[0] ), $allowed_attr ) )
				$found = true;
		}
		if ( $found ) {
			if( $css != '' )
				$css .= ';';
			$css .= $css_item;
		}
	}

	return $css;
}

Expand Source Code View on GitHub

Related

Uses

Uses
Uses Description
wp-includes/plugin.php: apply_filters()

Call the functions added to a filter hook.
wp-includes/kses.php: safe_style_css

Filters list of allowed CSS attributes.
wp-includes/kses.php: wp_kses_no_null()

Removes any invalid control characters in $string.
wp-includes/functions.php: _deprecated_argument()

Mark a function argument as deprecated and inform when it has been used.

Used By

Used By
Used By Description
wp-includes/kses.php: wp_kses_attr_check()

Determine whether an attribute is allowed.

Changelog

Changelog
Version Description
WP-2.8.1 Introduced.