WP_Theme_JSON::remove_insecure_properties( array $theme_json ): array

In this article

Removes insecure data from theme.json.

Parameters

$theme_jsonarrayrequired
Structure to sanitize.

Return

array Sanitized structure.

Source

			$style_variation_declarations[ $combined_selectors ] = $new_declarations;
		}

		// Compute declarations for remaining styles not covered by feature level selectors.
		$style_variation_declarations[ $style_variation['selector'] ] = static::compute_style_properties( $style_variation_node, $settings, null, $this->theme_json );
		// Store custom CSS for the style variation.
		if ( isset( $style_variation_node['css'] ) ) {
			$style_variation_custom_css[ $style_variation['selector'] ] = $this->process_blocks_custom_css( $style_variation_node['css'], $style_variation['selector'] );
		}
	}
}
/*
 * Get a reference to element name from path.
 * $block_metadata['path'] = array( 'styles','elements','link' );
 * Make sure that $block_metadata['path'] describes an element node, like [ 'styles', 'element', 'link' ].
 * Skip non-element paths like just ['styles'].
 */
$is_processing_element = in_array( 'elements', $block_metadata['path'], true );

$current_element = $is_processing_element ? $block_metadata['path'][ count( $block_metadata['path'] ) - 1 ] : null;

$element_pseudo_allowed = array();

if ( isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] ) ) {
	$element_pseudo_allowed = static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ];
}

/*
 * Check for allowed pseudo classes (e.g. ":hover") from the $selector ("a:hover").
 * This also resets the array keys.
 */
$pseudo_matches = array_values(
	array_filter(
		$element_pseudo_allowed,
		static function ( $pseudo_selector ) use ( $selector ) {
			return str_contains( $selector, $pseudo_selector );
		}
	)
);

$pseudo_selector = isset( $pseudo_matches[0] ) ? $pseudo_matches[0] : null;

/*
 * If the current selector is a pseudo selector that's defined in the allow list for the current
 * element then compute the style properties for it.
 * Otherwise just compute the styles for the default selector as normal.
 */
if ( $pseudo_selector && isset( $node[ $pseudo_selector ] ) &&
	isset( static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ] )
	&& in_array( $pseudo_selector, static::VALID_ELEMENT_PSEUDO_SELECTORS[ $current_element ], true )
) {
	$declarations = static::compute_style_properties( $node[ $pseudo_selector ], $settings, null, $this->theme_json, $selector, $use_root_padding );
} else {
	$declarations = static::compute_style_properties( $node, $settings, null, $this->theme_json, $selector, $use_root_padding );
}

$block_rules = '';

/*
 * 1. Bespoke declaration modifiers:
 * - 'filter': Separate the declarations that use the general selector
 * from the ones using the duotone selector.
 * - 'background|background-image': set the html min-height to 100%
 * to ensure the background covers the entire viewport.
 */
$declarations_duotone       = array();
$should_set_root_min_height = false;

foreach ( $declarations as $index => $declaration ) {
	if ( 'filter' === $declaration['name'] ) {
		/*
		 * 'unset' filters happen when a filter is unset
		 * in the site-editor UI. Because the 'unset' value
		 * in the user origin overrides the value in the
		 * theme origin, we can skip rendering anything
		 * here as no filter needs to be applied anymore.
		 * So only add declarations to with values other
		 * than 'unset'.
		 */
		if ( 'unset' !== $declaration['value'] ) {
			$declarations_duotone[] = $declaration;
		}
		unset( $declarations[ $index ] );
	}

	if ( $is_root_selector && ( 'background-image' === $declaration['name'] || 'background' === $declaration['name'] ) ) {

Changelog

VersionDescription
5.9.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.