KSES: Allow SVG presentation attributes in safe_style_css.

Add SVG presentation attributes to the list of CSS properties allowed by `safecss_filter_attr()`, so inline SVG markup can be styled via the `style` attribute.

This ports Gutenberg PR #79172 to Core.

Props afercia, westonruter, wildworks.
Fixes #65457.


git-svn-id: https://develop.svn.wordpress.org/trunk@62530 602fd350-edb4-49c9-b593-d223f7449a82

Author: t-hamano

src/wp-includes/kses.php

@@ -2579,6 +2579,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 	 * Filters the list of allowed CSS attributes.
 	 *
 	 * @since 2.8.1
+	 * @since 7.1.0 Added support for SVG presentation attributes.
 	 *
 	 * @param string[] $attr Array of allowed CSS attributes.
 	 */
@@ -2737,6 +2738,71 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'aspect-ratio',
 			'container-type',
 
+			'fill',
+			'fill-opacity',
+			'fill-rule',
+
+			'stroke',
+			'stroke-dasharray',
+			'stroke-dashoffset',
+			'stroke-linecap',
+			'stroke-linejoin',
+			'stroke-miterlimit',
+			'stroke-opacity',
+			'stroke-width',
+
+			'color-interpolation',
+			'color-interpolation-filters',
+			'paint-order',
+			'stop-color',
+			'stop-opacity',
+			'flood-color',
+			'flood-opacity',
+			'lighting-color',
+
+			'marker',
+			'marker-end',
+			'marker-mid',
+			'marker-start',
+
+			'clip-path',
+			'clip-rule',
+			'mask',
+			'mask-type',
+
+			'cx',
+			'cy',
+			'r',
+			'rx',
+			'ry',
+			'x',
+			'y',
+			'd',
+
+			'alignment-baseline',
+			'baseline-shift',
+			'dominant-baseline',
+			'glyph-orientation-horizontal',
+			'glyph-orientation-vertical',
+			'text-anchor',
+			'unicode-bidi',
+			'word-spacing',
+
+			'font-size-adjust',
+			'font-stretch',
+
+			'color-rendering',
+			'image-rendering',
+			'shape-rendering',
+			'text-rendering',
+			'vector-effect',
+
+			'transform',
+			'transform-origin',
+
+			'pointer-events',
+			'visibility',
+
 			// Custom CSS properties.
 			'--*',
 		)

tests/phpunit/tests/kses.php

@@ -1000,6 +1000,7 @@ public function test_wp_kses_attr_no_attributes_allowed_with_false() {
 	 * @ticket 58551
 	 * @ticket 60132
 	 * @ticket 64414
+	 * @ticket 65457
 	 *
 	 * @dataProvider data_safecss_filter_attr
 	 *
@@ -1473,6 +1474,43 @@ public function data_safecss_filter_attr() {
 				'css'      => 'display: grid',
 				'expected' => 'display: grid',
 			),
+			// SVG presentation attributes introduced in 7.1.0.
+			array(
+				'css'      => 'fill: none',
+				'expected' => 'fill: none',
+			),
+			array(
+				'css'      => 'fill-rule: evenodd',
+				'expected' => 'fill-rule: evenodd',
+			),
+			array(
+				'css'      => 'stroke: red',
+				'expected' => 'stroke: red',
+			),
+			array(
+				'css'      => 'stroke-width: 2',
+				'expected' => 'stroke-width: 2',
+			),
+			array(
+				'css'      => 'stroke-linecap: round',
+				'expected' => 'stroke-linecap: round',
+			),
+			array(
+				'css'      => 'paint-order: stroke',
+				'expected' => 'paint-order: stroke',
+			),
+			array(
+				'css'      => 'vector-effect: non-scaling-stroke',
+				'expected' => 'vector-effect: non-scaling-stroke',
+			),
+			array(
+				'css'      => 'clip-rule: evenodd',
+				'expected' => 'clip-rule: evenodd',
+			),
+			array(
+				'css'      => 'text-anchor: middle',
+				'expected' => 'text-anchor: middle',
+			),
 		);
 	}