Automattic\WooCommerce\EmailEditor\Integrations\Utils
Html_Processing_Helper::sanitize_css_value
Sanitize CSS value to prevent injection attacks.
Метод класса: Html_Processing_Helper{}
Хуков нет.
Возвращает
Строку. Sanitized CSS value or empty string if invalid.
Использование
$result = Html_Processing_Helper::sanitize_css_value( $value ): string;
- $value(строка) (обязательный)
- CSS value to sanitize.
Код Html_Processing_Helper::sanitize_css_value() Html Processing Helper::sanitize css value WC 10.4.3
public static function sanitize_css_value( string $value ): string {
// Remove dangerous script injection characters (angle brackets) but preserve quotes for CSS strings.
$result = preg_replace( '/[<>]/', '', $value );
if ( null === $result ) {
$value = '';
} else {
$value = $result;
}
// Remove dangerous CSS functions and expressions.
$dangerous_patterns = array(
'/expression\s*\(/i',
'/url\s*\(\s*javascript\s*:/i',
'/url\s*\(\s*data\s*:/i',
'/url\s*\(\s*vbscript\s*:/i',
'/import\s*\(/i',
'/behavior\s*:/i',
'/binding\s*:/i',
'/filter\s*:/i',
'/progid\s*:/i',
);
foreach ( $dangerous_patterns as $pattern ) {
if ( preg_match( $pattern, $value ) ) {
return '';
}
}
return trim( $value );
}