Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added escaping function to p element attribute for 'dynamic' create-block template. #44473

Closed
wants to merge 1 commit into from
Closed

Added escaping function to p element attribute for 'dynamic' create-block template. #44473

wants to merge 1 commit into from

Conversation

ghost
Copy link

@ghost ghost commented Sep 26, 2022

What?

This PR simply uses the wp_kses_data(); function to escape the data, as per the Phpcs WordPress Coding Standards instruction within the IDE. Probably not essential, but I was confused.

@ghost ghost requested review from gziolo and ryanwelcher as code owners September 26, 2022 18:23
@github-actions github-actions bot added the First-time Contributor Pull request opened by a first-time contributor to Gutenberg repository label Sep 26, 2022
@github-actions
Copy link

👋 Thanks for your first Pull Request and for helping build the future of Gutenberg and WordPress, @lewis-elborn! In case you missed it, we'd love to have you join us in our Slack community, where we hold regularly weekly meetings open to anyone to coordinate with each other.

If you want to learn more about WordPress development in general, check out the Core Handbook full of helpful information.

ryanwelcher
ryanwelcher approved these changes Sep 26, 2022
View reviewed changes
Copy link
Contributor

@ryanwelcher ryanwelcher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great addition! Thanks for taking the time to put it together.

@gziolo
Copy link
Member

gziolo commented Sep 26, 2022

I’m not sure it’s necessary here. We should double-check at which stage wp_kses_data gets applied to all blocks.

@gziolo
Copy link
Member

gziolo commented Sep 26, 2022

See:

https://github.com/WordPress/wordpress-develop/blob/9d4750abd0e72b77b015701b98f31ae77ced880b/src/wp-includes/blocks.php#L794

All blocks get automatically sanitized.

@ghost ghost mentioned this pull request Sep 26, 2022
Closed
@ghost
Copy link
Author

ghost commented Sep 26, 2022
edited by ghost
Loading

@gziolo, this doesn't appear to be strictly true. See #2085 in the WPCS Repo.

@gziolo gziolo added the [Tool] Create Block /packages/create-block label Sep 27, 2022
@Mamaduka
Copy link
Member

I think per discussion in WordPress/WordPress-Coding-Standards#2085, the hardening should happen in get_block_wrapper_attributes.

The current assumption is that the get_block_wrapper_attributes doesn't need escaping.

@github-actions github-actions bot added the Stale label Oct 13, 2022
@gziolo gziolo added the [Feature] Block API API that allows to express the block paradigm. label Nov 21, 2022
@gziolo gziolo removed [Feature] Block API API that allows to express the block paradigm. [Tool] Create Block /packages/create-block labels Apr 18, 2023
@jordesign
Copy link
Contributor

@lewis-elborn - just looping back to this stale PR to see if it is something you're still pursuing or if it can be closed?

@ghost ghost closed this by deleting the head repository Mar 6, 2024
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gziolo gziolo Awaiting requested review from gziolo gziolo is a code owner

Assignees
No one assigned
Labels
First-time Contributor Pull request opened by a first-time contributor to Gutenberg repository
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gziolo @Mamaduka @jordesign @ryanwelcher @lewiselborn