sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move sanitizeText and stripTags from press this to wp.sanitize.

Browse Source 
Introduce the `wp.sanitize` namespace and add two helpers for text sanitization. `stripTags` strips HTML tags from a string using regex.

Fixes #40635.


git-svn-id: https://develop.svn.wordpress.org/trunk@41061 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Adam Silverstein 2017-07-15 15:47:16 +00:00
parent 55bb567e0f
commit d2e18ea761
4 changed files with 53 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/wp-admin/js/press-this.js
View File

@ -8,7 +8,6 @@
$window = $( window ),
$document = $( document ),
saveAlert = false,
textarea = document.createElement( 'textarea' ),
sidebarIsOpen = false,
settings = window.wpPressThisConfig || {},
data = window.wpPressThisData || {},
@ -55,38 +54,6 @@
return key || '';
}
/**
* Strips HTML tags
*
* @param string string Text to have the HTML tags striped out of.
* @returns string Stripped text.
*/
function stripTags( string ) {
string = string || '';
return string
.replace( /<!--[\s\S]*?(-->|$)/g, '' )
.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' )
.replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' );
}
/**
* Strip HTML tags and convert HTML entities.
*
* @param text string Text.
* @returns string Sanitized text.
*/
function sanitizeText( text ) {
var _text = stripTags( text );
try {
textarea.innerHTML = _text;
_text = stripTags( textarea.value );
} catch ( er ) {}
return _text;
}
/**
* Allow only HTTP or protocol relative URLs.
*
@ -97,7 +64,7 @@
url = $.trim( url || '' );
if ( /^(?:https?:)?\/\//.test( url ) ) {
url = stripTags( url );
url = wp.sanitize.stripTags( url );
return url.replace( /["\\]+/g, '' );
}
@ -224,7 +191,7 @@
$image.replaceWith( $( '<span>' ).text( $image.attr( 'alt' ) ) );
});
return sanitizeText( $element.text() );
return wp.sanitize.sanitizeText( $element.text() );
}
/**

1
src/wp-includes/js/utils.js
View File

@ -195,3 +195,4 @@ function getAllUserSettings() {
return wpCookies.getHash( 'wp-settings-' + userSettings.uid ) || {};
}

47
src/wp-includes/js/wp-sanitize.js Normal file
View File

@ -0,0 +1,47 @@
( function () {
window.wp = window.wp || {};
/**
* wp.sanitize
*
* Helper functions to sanitize strings.
*/
wp.sanitize = {
/**
* Strip HTML tags.
*
* @param {string} text Text to have the HTML tags striped out of.
*
* @return Stripped text.
*/
stripTags: function( text ) {
text = text || '';
return text
.replace( /<!--[\s\S]*?(-->|$)/g, '' )
.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' )
.replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' );
},
/**
* Strip HTML tags and convert HTML entities.
*
* @param {string} text Text to strip tags and convert HTML entities.
*
* @return Sanitized text. False on failure.
*/
sanitizeText: function( text ) {
var _text = wp.utils.stripTags( text ),
textarea = document.createElement( 'textarea' );
try {
textarea.innerHTML = _text;
_text = wp.utils.stripTags( textarea.value );
} catch ( er ) {}
return _text;
}
};
}() );

4
src/wp-includes/script-loader.php
View File

@ -338,6 +338,8 @@ function wp_default_scripts( &$scripts ) {
),
) );
$scripts->add( 'wp-sanitize', "/wp-includes/js/wp-sanitize$suffix.js", array('jquery'), false, 1 );
$scripts->add( 'wp-backbone', "/wp-includes/js/wp-backbone$suffix.js", array('backbone', 'wp-util'), false, 1 );
$scripts->add( 'revisions', "/wp-admin/js/revisions$suffix.js", array( 'wp-backbone', 'jquery-ui-slider', 'hoverIntent' ), false, 1 );
@ -576,7 +578,7 @@ function wp_default_scripts( &$scripts ) {
'permalinkSaved' => __( 'Permalink saved' ),
) );
$scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box' ), false, 1 );
$scripts->add( 'press-this', "/wp-admin/js/press-this$suffix.js", array( 'jquery', 'tags-box', 'wp-sanitize' ), false, 1 );
did_action( 'init' ) && $scripts->localize( 'press-this', 'pressThisL10n', array(
'newPost' => __( 'Title' ),
'serverError' => __( 'Connection lost or the server is busy. Please try again later.' ),