From 830ba649b111ab9939178bf9720ac4dae4e7116a Mon Sep 17 00:00:00 2001 From: Nik Tsekouras Date: Fri, 17 Jan 2025 09:18:06 +0200 Subject: [PATCH] Forms: Properly support formatting options for labels and required text (#40924) * Forms: remove formatting options from labels * update `strip_tags` with `wp_kses_post` * remove extra param in `wp_kses_post` --- .../changelog/forms-remove-formatting-options-from-labels | 4 ++++ .../src/blocks/contact-form/components/jetpack-field-label.js | 2 +- .../forms/src/contact-form/class-contact-form-field.php | 4 ++-- .../forms/src/contact-form/class-contact-form-plugin.php | 4 ++-- 4 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 projects/packages/forms/changelog/forms-remove-formatting-options-from-labels diff --git a/projects/packages/forms/changelog/forms-remove-formatting-options-from-labels b/projects/packages/forms/changelog/forms-remove-formatting-options-from-labels new file mode 100644 index 0000000000000..8bd16866ef2ef --- /dev/null +++ b/projects/packages/forms/changelog/forms-remove-formatting-options-from-labels @@ -0,0 +1,4 @@ +Significance: patch +Type: fixed + +Forms: Properly support formatting options for labels and required text diff --git a/projects/packages/forms/src/blocks/contact-form/components/jetpack-field-label.js b/projects/packages/forms/src/blocks/contact-form/components/jetpack-field-label.js index 99c959d024fb2..fdf90f668905e 100644 --- a/projects/packages/forms/src/blocks/contact-form/components/jetpack-field-label.js +++ b/projects/packages/forms/src/blocks/contact-form/components/jetpack-field-label.js @@ -34,7 +34,7 @@ const FieldLabel = ( { } } placeholder={ placeholder ?? __( 'Add label…', 'jetpack-forms' ) } withoutInteractiveFormatting - allowedFormats={ [ 'core/bold', 'core/italic' ] } + allowedFormats={ [ 'core/italic' ] } /> { suffix && { suffix } } { required && ( diff --git a/projects/packages/forms/src/contact-form/class-contact-form-field.php b/projects/packages/forms/src/contact-form/class-contact-form-field.php index 332bcc035a885..cb234ac6a2889 100644 --- a/projects/packages/forms/src/contact-form/class-contact-form-field.php +++ b/projects/packages/forms/src/contact-form/class-contact-form-field.php @@ -455,7 +455,7 @@ public function render_label( $type, $id, $label, $required, $required_field_tex class='grunion-field-label{$type_class}" . ( $this->is_error() ? ' form-error' : '' ) . "'" . $extra_attrs_string . '>' - . esc_html( $label ) + . wp_kses_post( $label ) . ( $required ? '' : '' ) . "\n"; } @@ -1012,7 +1012,7 @@ public function render_field( $type, $id, $label, $value, $class, $placeholder, * * @param string $var Required field text. Default is "(required)". */ - $required_field_text = esc_html( apply_filters( 'jetpack_required_field_text', $required_field_text ) ); + $required_field_text = wp_kses_post( apply_filters( 'jetpack_required_field_text', $required_field_text ) ); $block_style = 'style="' . $this->block_styles . '"'; diff --git a/projects/packages/forms/src/contact-form/class-contact-form-plugin.php b/projects/packages/forms/src/contact-form/class-contact-form-plugin.php index 3ddc8262ff53d..1b86a13b66628 100644 --- a/projects/packages/forms/src/contact-form/class-contact-form-plugin.php +++ b/projects/packages/forms/src/contact-form/class-contact-form-plugin.php @@ -117,13 +117,13 @@ public static function strip_tags( $data_with_tags ) { if ( is_array( $data_with_tags ) ) { foreach ( $data_with_tags as $index => $value ) { $index = sanitize_text_field( (string) $index ); - $value = wp_kses( (string) $value, array() ); + $value = wp_kses_post( (string) $value ); $value = str_replace( '&', '&', $value ); // undo damage done by wp_kses_normalize_entities() $data_without_tags[ $index ] = $value; } } else { - $data_without_tags = wp_kses( (string) $data_with_tags, array() ); + $data_without_tags = wp_kses_post( (string) $data_with_tags ); $data_without_tags = str_replace( '&', '&', $data_without_tags ); // undo damage done by wp_kses_normalize_entities() }