Directory

Font Library: remove insecure properties by jffng · Pull Request #56230 · WordPress/gutenberg · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Font Library: remove insecure properties #56230

Merged
merged 3 commits into from
Nov 18, 2023
Merged

Font Library: remove insecure properties #56230

merged 3 commits into from
Nov 18, 2023

Conversation

jffng
Copy link
Contributor

@jffng jffng commented Nov 16, 2023
edited

What?

Leverages the remove_insecure_properties method of WP_Theme_JSON class to further validate the CSS saved to the database and output to the client.

The PR also adds a unit test to verify the use case.

Why?

Currently it is possible to include and output non-valid CSS in the font family definition of global styles.

How?

Testing Instructions

  • Run the unit tests.
  • Ensure fonts still install as expected.

Testing Instructions for Keyboard

Screenshots or screencast

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 16, 2023
edited

This pull request has changed or added PHP files. Please confirm whether these changes need to be synced to WordPress Core, and therefore featured in the next release of WordPress.

If so, it is recommended to create a new Trac ticket and submit a pull request to the WordPress Core Github repository soon after this pull request is merged.

If you're unsure, you can always ask for help in the #core-editor channel in WordPress Slack.

Thank you! ❤️

View changed files
❔ lib/experimental/fonts/font-library/class-wp-font-family.php
❔ phpunit/class-wp-theme-json-test.php

@jffng jffng added [Type] Enhancement A suggestion for improvement. [Feature] Typography Font and typography-related issues and PRs labels Nov 16, 2023
@jffng jffng marked this pull request as ready for review November 16, 2023 22:13
jffng
jffng commented Nov 16, 2023
View reviewed changes
lib/experimental/fonts/font-library/class-wp-font-family.php
@@ -300,12 +300,17 @@ private function sanitize() {
'version' => '2',
'settings' => array(
'typography' => array(
'fontFamilies' => array( $this->data ),
'fontFamilies' => array(
'custom' => array(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The custom key is necessary to accommodate the input expected by remove_insecure_properties.

matiasbenedetto
matiasbenedetto approved these changes Nov 17, 2023
View reviewed changes
Copy link
Contributor

@matiasbenedetto matiasbenedetto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me. Thanks for the enhancement.

@jffng jffng enabled auto-merge (squash) November 17, 2023 23:30
@jffng jffng merged commit 2969b59 into trunk Nov 18, 2023
54 checks passed
@jffng jffng deleted the try/sanitize-theme-json-rendered-strings branch November 18, 2023 18:36
@github-actions github-actions bot added this to the Gutenberg 17.2 milestone Nov 18, 2023
@getdave getdave mentioned this pull request Jan 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matiasbenedetto matiasbenedetto matiasbenedetto approved these changes

@spacedmonkey spacedmonkey Awaiting requested review from spacedmonkey spacedmonkey is a code owner

Assignees
No one assigned
Labels
[Feature] Typography Font and typography-related issues and PRs [Type] Enhancement A suggestion for improvement.
Projects
None yet
Milestone
Gutenberg 17.2
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jffng @matiasbenedetto