diff --git a/README.md b/README.md index fb41a314..16fd7bf4 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,14 @@ add_filter( 'svg_allowed_tags', function ( $tags ) { } ); ``` +### Can `wp_kses` be used with a helper to sanitize an SVG? + +Indeed, you can accomplish this with `\SafeSvg\SafeSvgTags\safe_svg_tags::kses_allowed_html()`: + +```php +echo wp_kses('', \SafeSvg\SafeSvgTags\safe_svg_tags::kses_allowed_html()) +``` + ## Support Level **Stable:** 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress. diff --git a/includes/safe-svg-tags.php b/includes/safe-svg-tags.php index a4e120cd..18ac7951 100644 --- a/includes/safe-svg-tags.php +++ b/includes/safe-svg-tags.php @@ -24,4 +24,98 @@ public static function getTags() { */ return apply_filters( 'svg_allowed_tags', parent::getTags() ); } + + /** + * Standard SVG settings for escaping through `wp_kses()` function. + * + * @return array Array of allowed HTML tags and their allowed attributes. + */ + public static function kses_allowed_html() { + return array( + 'svg' => array( + 'version' => true, + 'class' => true, + 'fill' => true, + 'height' => true, + 'xml:space' => true, + 'xmlns' => true, + 'xmlns:xlink' => true, + 'viewbox' => true, + 'enable-background' => true, + 'width' => true, + 'x' => true, + 'y' => true, + ), + 'path' => array( + 'clip-rule' => true, + 'd' => true, + 'fill' => true, + 'fill-rule' => true, + 'stroke' => true, + 'stroke-width' => true, + ), + 'g' => array( + 'class' => true, + 'clip-rule' => true, + 'd' => true, + 'transform' => true, + 'fill' => true, + 'fill-rule' => true, + 'stroke' => true, + 'stroke-width' => true, + ), + 'rect' => array( + 'clip-rule' => true, + 'd' => true, + 'transform' => true, + 'fill' => true, + 'fill-rule' => true, + 'stroke' => true, + 'stroke-width' => true, + 'width' => true, + 'height' => true, + ), + 'polygon' => array( + 'clip-rule' => true, + 'd' => true, + 'fill' => true, + 'fill-rule' => true, + 'stroke' => true, + 'stroke-width' => true, + 'points' => true, + ), + 'circle' => array( + 'clip-rule' => true, + 'd' => true, + 'fill' => true, + 'fill-rule' => true, + 'stroke' => true, + 'stroke-width' => true, + 'cx' => true, + 'cy' => true, + 'r' => true, + ), + 'lineargradient' => array( + 'id' => true, + 'gradientunits' => true, + 'x' => true, + 'y' => true, + 'x2' => true, + 'y2' => true, + 'gradienttransform' => true, + ), + 'stop' => array( + 'offset' => true, + 'style' => true, + ), + 'image' => array( + 'height' => true, + 'width' => true, + 'xlink:href' => true, + ), + 'defs' => array( + 'clipPath' => true, + ), + ); + } } diff --git a/tests/unit/test-safe-svg-tags.php b/tests/unit/test-safe-svg-tags.php index 0b8688b2..5535a717 100644 --- a/tests/unit/test-safe-svg-tags.php +++ b/tests/unit/test-safe-svg-tags.php @@ -47,4 +47,14 @@ public function test_get_tags() { $this->assertContains( 'customTag', $svg_tags ); $this->assertSame( $svg_tags, $filtered_svg_tags ); } + + /** + * Test the kses_allowed_html function. + * + * @throws PHPUnit\Framework\AssertionFailedError If the function does not return an array. + */ + public function test_kses_allowed_html() { + $allowed_html = SafeSvg\SafeSvgTags\safe_svg_tags::kses_allowed_html(); + $this->assertIsArray( $allowed_html ); + } }