diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index 8ab9afd56d77a..9b998bf6e2123 100644
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@@ -1263,11 +1263,10 @@ function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowe
* `data-*` (not to be mixed with the HTML 4.0 `data` attribute, see
* https://www.w3.org/TR/html40/struct/objects.html#adef-data).
*
- * Note: the attribute name should only contain `A-Za-z0-9_-` chars,
- * double hyphens `--` are not accepted by WordPress.
+ * Note: the attribute name should only contain `A-Za-z0-9_-` chars.
*/
if ( str_starts_with( $name_low, 'data-' ) && ! empty( $allowed_attr['data-*'] )
- && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match )
+ && preg_match( '/^data-[a-z0-9_-]+$/', $name_low, $match )
) {
/*
* Add the whole attribute name to the allowed attributes and set any restrictions
diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php
index 06128970f1f5c..d0bacba8ee3a9 100644
--- a/tests/phpunit/tests/kses.php
+++ b/tests/phpunit/tests/kses.php
@@ -1362,12 +1362,24 @@ public function data_safecss_filter_attr() {
* @ticket 33121
*/
public function test_wp_kses_attr_data_attribute_is_allowed() {
- $test = 'Pens and pencils
';
+ $test = 'Pens and pencils
';
$expected = 'Pens and pencils
';
$this->assertSame( $expected, wp_kses_post( $test ) );
}
+ /**
+ * Data attributes with leading, trailing, and double "-" are globally accepted.
+ *
+ * @ticket 61052
+ */
+ public function test_wp_kses_attr_data_attribute_hypens_allowed() {
+ $test = 'Pens and pencils
';
+ $expected = 'Pens and pencils
';
+
+ $this->assertSame( $expected, wp_kses_post( $test ) );
+ }
+
/**
* Ensure wildcard attributes block unprefixed wildcard uses.
*