PluginProbe ʕ •ᴥ•ʔ
Kirki – Freeform Page Builder, Website Builder & Customizer / 6.0.12
Kirki – Freeform Page Builder, Website Builder & Customizer v6.0.12
6.0.12 6.0.11 6.0.10 6.0.9 6.0.8 6.0.7 6.0.6 6.0.5 6.0.4 6.0.3 6.0.2 6.0.1 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 4.0.19 4.0.20 4.0.21 4.0.22 4.0.23 4.0.24 4.1 4.2.0 5.0.0 5.1.0 5.1.1 5.2.0 5.2.1 5.2.2 5.2.3 6.0.0 trunk 3.0.40 3.0.41 3.0.42 3.0.43 3.0.44 3.0.45 3.1.0 3.1.1 3.1.2
kirki / includes / View.php
kirki / includes Last commit date
API 2 weeks ago Admin 1 month ago Ajax 1 week ago ExportImport 2 weeks ago FormValidator 2 months ago Frontend 1 week ago Manager 2 weeks ago API.php 1 month ago Admin.php 2 months ago Ajax.php 1 week ago Apps.php 1 month ago ContentManager.php 2 months ago DbQueryUtils.php 1 month ago ElementVisibilityConditions.php 2 months ago Frontend.php 2 months ago HelperFunctions.php 1 week ago KirkiBase.php 2 months ago PostsQueryUtils.php 2 months ago Staging.php 2 months ago View.php 2 weeks ago
View.php
308 lines
1 <?php
2
3 namespace Kirki;
4
5 defined( 'ABSPATH' ) || exit;
6
7 /**
8 * View class for HTML sanitization and escaping
9 *
10 * @since 1.0.0
11 */
12 class View {
13
14 /**
15 * Get allowed html tags
16 *
17 * @return array
18 */
19 public static function get_allowed_html_tags() {
20 $allowed_tags = wp_kses_allowed_html( 'post' );
21
22 $form_common_attributes = [
23 'id' => true,
24 'class' => true,
25 'name' => true,
26 'value' => true,
27 'title' => true,
28 'style' => true,
29 'disabled' => true,
30 'readonly' => true,
31 'required' => true,
32 'hidden' => true,
33 'tabindex' => true,
34 'accesskey' => true,
35 'autocomplete' => true,
36 'autofocus' => true,
37 'form' => true,
38 'aria-label' => true,
39 'aria-hidden' => true,
40 'aria-describedby' => true,
41 'data-*' => true,
42 'xml:lang' => true,
43 ];
44
45 $input_attributes = array_merge($form_common_attributes, [
46 'type' => true,
47 'placeholder' => true,
48 'checked' => true,
49 'maxlength' => true,
50 'minlength' => true,
51 'min' => true,
52 'max' => true,
53 'step' => true,
54 'pattern' => true,
55 'size' => true,
56 'multiple' => true,
57 'accept' => true,
58 'src' => true,
59 'alt' => true,
60 'list' => true,
61 ]);
62
63 $select_attributes = array_merge($form_common_attributes, [
64 'multiple' => true,
65 'size' => true,
66 ]);
67
68 $option_attributes = [
69 'value' => true,
70 'selected' => true,
71 'disabled' => true,
72 'label' => true,
73 'data-*' => true,
74 'xml:lang' => true,
75 ];
76
77 $form_tags = [
78 'form' => [
79 'action' => true,
80 'method' => true,
81 'class' => true,
82 'id' => true,
83 'data-*' => true,
84 'xml:lang' => true,
85 ],
86 'input' => $input_attributes,
87 'select' => $select_attributes,
88 'option' => $option_attributes,
89 'label' => [
90 'for' => true,
91 'class' => true,
92 'id' => true,
93 'style' => true,
94 'data-*' => true,
95 'xml:lang' => true,
96 ],
97 'fieldset' => [
98 'disabled' => true,
99 'form' => true,
100 'name' => true,
101 'class' => true,
102 'id' => true,
103 'data-*' => true,
104 'xml:lang' => true,
105 ],
106 'legend' => [
107 'class' => true,
108 'id' => true,
109 'data-*' => true,
110 'xml:lang' => true,
111 ],
112 ];
113
114 $svg_allowed_tags = [
115 'svg',
116 'g',
117 'path',
118 'circle',
119 'rect',
120 'line',
121 'ellipse',
122 'polygon',
123 'polyline',
124 'text',
125 'tspan',
126 'defs',
127 'linearGradient',
128 'radialGradient',
129 'stop',
130 'desc',
131 'use',
132 'mask'
133 ];
134
135 $svg_common_attributes = [
136 'id' => true,
137 'class' => true,
138 'style' => true,
139 'fill' => true,
140 'fill-opacity' => true,
141 'fill-rule' => true,
142 'stroke' => true,
143 'stroke-width' => true,
144 'stroke-linecap' => true,
145 'stroke-linejoin'=> true,
146 'stroke-opacity' => true,
147 'd' => true,
148 'x' => true,
149 'y' => true,
150 'width' => true,
151 'height' => true,
152 'viewBox' => true,
153 'viewbox' => true,
154 'xmlns' => true,
155 'transform' => true,
156 'mask' => true,
157 'maskUnits' => true,
158 'maskunits' => true,
159 'x1' => true,
160 'y1' => true,
161 'x2' => true,
162 'y2' => true,
163 'cx' => true,
164 'cy' => true,
165 'r' => true,
166 'rx' => true,
167 'ry' => true,
168 'points' => true,
169 'offset' => true,
170 'stop-color' => true,
171 'stop-opacity' => true,
172 'xlink:href' => true,
173 ];
174
175 $svg_tags = array_fill_keys($svg_allowed_tags, $svg_common_attributes);
176
177 $extra_tags = [
178 'iframe' => [
179 'src' => true,
180 'width' => true,
181 'height' => true,
182 'frameborder' => true,
183 'allow' => true,
184 'allowfullscreen' => true,
185 'loading' => true,
186 'title' => true,
187 'name' => true,
188 'id' => true,
189 'class' => true,
190 'style' => true,
191 'sandbox' => true,
192 'referrerpolicy' => true,
193 'scrolling' => true,
194 'importance' => true,
195 'data-*' => true,
196 'xml:lang' => true,
197 ],
198 'a' => [
199 'disabled' => true,
200 'href' => true,
201 'target' => true,
202 'class' => true,
203 'id' => true,
204 'data-*' => true,
205 'xml:lang' => true,
206 ],
207 'style' => [
208 'type' => true,
209 ],
210 'script' => [
211 'type' => true,
212 'src' => true,
213 'async' => true,
214 'defer' => true,
215 'integrity' => true,
216 'crossorigin' => true,
217 'data-*' => true,
218 ],
219 'img' => [
220 'src' => true,
221 'alt' => true,
222 'width' => true,
223 'height' => true,
224 'srcset' => true,
225 'sizes' => true,
226 'loading' => true,
227 'class' => true,
228 'id' => true,
229 'style' => true,
230 'title' => true,
231 'data-*' => true,
232 'xml:lang' => true,
233 ],
234 'video' => [
235 'src' => true,
236 'controls' => true,
237 'muted' => true,
238 'autoplay' => true,
239 'playsinline' => true,
240 'poster' => true,
241 'width' => true,
242 'height' => true,
243 'class' => true,
244 'id' => true,
245 'style' => true,
246 'data-*' => true,
247 'xml:lang' => true,
248 ],
249 ];
250
251 // Add Kirki-specific custom attributes to all elements
252 $kirki_custom_attributes = [
253 'collection' => true,
254 'navigation' => true,
255 'pages' => true,
256 'number' => true,
257 'hide' => true,
258 'on' => true,
259 ];
260
261 // Merge custom attributes with all tags
262 foreach ( $allowed_tags as $tag => $tag_attributes ) {
263 if ( is_array( $tag_attributes ) ) {
264 $allowed_tags[ $tag ] = array_merge( $tag_attributes, $kirki_custom_attributes );
265 }
266 }
267
268 // Also add to extra tags
269 foreach ( $extra_tags as $tag => $tag_attributes ) {
270 if ( is_array( $tag_attributes ) ) {
271 $extra_tags[ $tag ] = array_merge( $tag_attributes, $kirki_custom_attributes );
272 }
273 }
274
275 $video_tags = [
276 'source' => [
277 'src' => true,
278 'type' => true,
279 'data-*' => true,
280 'xml:lang' => true,
281 ]
282 ];
283
284 $allowed_tags = array_merge($allowed_tags, $svg_tags, $form_tags, $video_tags, $extra_tags);
285
286 return $allowed_tags;
287 }
288
289 /**
290 * return a string containing HTML by escaping any disallowed
291 * @param string $html The HTML to render.
292 * @return string
293 */
294 public static function safe_html($html) {
295 return wp_kses($html, static::get_allowed_html_tags());
296 }
297
298 /**
299 * Safely render a string containing HTML by escaping any disallowed
300 * tags.
301 * @param string $html The HTML to render.
302 *
303 * @return void
304 */
305 public static function echo_safe_html($html) {
306 echo wp_kses($html, static::get_allowed_html_tags());
307 }
308 }