Merge pull request #650 from vektor-inc/change/vk-post-esc

[ Change version ] 1.13.0
vektor-inc · Aug 13, 2021 · 00c8864 · 00c8864
2 parents d583181 + 8acee4e
commit 00c8864
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 2 deletions.
diff --git a/inc/vk-components/package/class-vk-component-posts.php b/inc/vk-components/package/class-vk-component-posts.php
@@ -93,6 +93,7 @@ public static function get_view( $post, $options ) {
 		 * @return void
 		 */
 		public static function the_view( $post, $options ) {
+
 			echo wp_kses_post( self::get_view( $post, $options ) );
 		}
 
@@ -203,7 +204,71 @@ public static function get_loop( $wp_query, $options, $options_loop = array() )
 		 * @param array  $options_loop loop options.
 		 */
 		public static function the_loop( $wp_query, $options, $options_loop = array() ) {
-			echo wp_kses_post( self::get_loop( $wp_query, $options, $options_loop ) );
+			$allowed_html = self::vk_kses_post();
+			echo wp_kses( self::get_loop( $wp_query, $options, $options_loop ), $allowed_html );
+		}
+
+		/**
+		 * Kses Escape
+		 *
+		 * It's need for wp_kses_post escape ruby and rt that cope with ruby and rt.
+		 *
+		 * @return array $allowed_html
+		 */
+		public static function vk_kses_post() {
+			$common_attr = array(
+				'id'    => array(),
+				'class' => array(),
+				'role'  => array(),
+				'style' => array(),
+			);
+			$tags        = array(
+				'div',
+				'section',
+				'article',
+				'header',
+				'footer',
+				'span',
+				'h1',
+				'h2',
+				'h3',
+				'h4',
+				'h5',
+				'h6',
+				'button',
+				'p',
+				'i',
+				'a',
+				'b',
+				'strong',
+				'table',
+				'thead',
+				'tbody',
+				'tfoot',
+				'th',
+				'tr',
+				'td',
+				'tr',
+				'ol',
+				'ul',
+				'li',
+				'dl',
+				'dt',
+				'dd',
+				'img',
+				'ruby',
+				'rt',
+			);
+			foreach ( $tags as $tag ) {
+				$allowed_html[ $tag ] = $common_attr;
+			}
+			$allowed_html['a']['href']    = array();
+			$allowed_html['a']['target']  = array();
+			$allowed_html['img']['src']   = array();
+			$allowed_html['img']['sizes'] = array();
+			$allowed_html['ruby']         = array();
+			$allowed_html['rt']           = array();
+			return $allowed_html;
 		}
 
 

diff --git a/vk-blocks.php b/vk-blocks.php
@@ -3,7 +3,7 @@
  * Plugin Name: VK Blocks Pro
  * Plugin URI: https://github.com/vektor-inc/vk-blocks
  * Description: This is a plugin that extends Gutenberg's blocks.
- * Version: 1.12.0
+ * Version: 1.13.0
  * Requires at least: 5.7
  * Author: Vektor,Inc.
  * Author URI: https://vektor-inc.co.jp