Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KSES: Allow leading trailing double hyphen in data attributes #6598

Closed
wants to merge 2 commits into from

Conversation

sirreal
Copy link
Member

@sirreal sirreal commented May 21, 2024

Trac ticket: Core-61052

Allow data attrbitues with leading, trailing, and double - in the attribute name.

This relaxes the hyphen restriction introduced in https://core.trac.wordpress.org/changeset/43981. It is intended to be a simple change to allow data attributes used frequently by the Interactivity API like data-wp-on--click="…".

It is not a substitute for #6429. I'd like to see that move ahead the data attribute restrictions further relaxed to align with what's allowed by the specification. This is intended to be a smaller and easier change to solve the immediate need that can be landed without too much difficulty.


This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

Copy link

Trac Ticket Missing

This pull request is missing a link to a Trac ticket. For a contribution to be considered, there must be a corresponding ticket in Trac.

To attach a pull request to a Trac ticket, please include the ticket's full URL in your pull request description. More information about contributing to WordPress on GitHub can be found in the Core Handbook.

Copy link

github-actions bot commented May 21, 2024

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props jonsurrell, dmsnell, cbravobernal.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

Copy link

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • The Plugin and Theme Directories cannot be accessed within Playground.
  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

Copy link
Member

@dmsnell dmsnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a step improvement this is helpful. I'm leaving #6429 open, but I don't want it to be a blocker for opening up this patch.

@sirreal
Copy link
Member Author

sirreal commented Jun 3, 2024

I agree, I'd still prefer to see #6429. Landing this is compatible with #6429 as a future enhancement.

@cbravobernal
Copy link
Contributor

cbravobernal commented Jun 3, 2024

I tested writing custom HTML in a post with a contributor, author, editor and admin roles and:

Screenshot 2024-06-03 at 14 00 22

  • In trunk, the data-wp-on--click is not saved on the database.
    Screenshot 2024-06-03 at 13 58 37

  • Within this branch, data-wp--on--click is saved on the database.
    Screenshot 2024-06-03 at 13 59 26

Copy link
Contributor

@cbravobernal cbravobernal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as expected.

pento pushed a commit that referenced this pull request Jun 3, 2024
Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double `-` characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through `kses`.

For example, the Interactivity API frequently relies on custom data attributes
such as `data-wp-on--click="..."`. The change in [43981] would strip these out
of the processed HTML, however.

Developed in #6598
Discussed in https://core.trac.wordpress.org/ticket/61052

Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.


git-svn-id: https://develop.svn.wordpress.org/trunk@58294 602fd350-edb4-49c9-b593-d223f7449a82
@dmsnell
Copy link
Member

dmsnell commented Jun 3, 2024

Merged in [58294]
89bec7a

@dmsnell dmsnell closed this Jun 3, 2024
@dmsnell dmsnell deleted the fix/kses-allow-data-dashes branch June 3, 2024 13:27
markjaquith pushed a commit to WordPress/WordPress that referenced this pull request Jun 3, 2024
Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double `-` characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through `kses`.

For example, the Interactivity API frequently relies on custom data attributes
such as `data-wp-on--click="..."`. The change in [43981] would strip these out
of the processed HTML, however.

Developed in WordPress/wordpress-develop#6598
Discussed in https://core.trac.wordpress.org/ticket/61052

Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.

Built from https://develop.svn.wordpress.org/trunk@58294


git-svn-id: http://core.svn.wordpress.org/trunk@57754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
github-actions bot pushed a commit to platformsh/wordpress-performance that referenced this pull request Jun 3, 2024
Expand allowable set of custom data attribute names to include those containing
leading, trailing, and double `-` characters. Previously, WordPress was
removing data attributes that are used in the Interactivity API. By allowing
these additional custom data attributes, the related Interactivity API
directives will preserve through `kses`.

For example, the Interactivity API frequently relies on custom data attributes
such as `data-wp-on--click="..."`. The change in [43981] would strip these out
of the processed HTML, however.

Developed in WordPress/wordpress-develop#6598
Discussed in https://core.trac.wordpress.org/ticket/61052

Props cbravobernal, dmsnell, gziolo, jonsurrell.
Follow-up to [43981].
Fixes #61052.

Built from https://develop.svn.wordpress.org/trunk@58294


git-svn-id: https://core.svn.wordpress.org/trunk@57754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants