KSES: Allow position-related CSS properties.

Adds support for the following CSS properties considered safe for inline CSS: * `position` * `top` * `right` * `bottom` * `left` * `z-index` References: * [WordPress/gutenberg#46142 Gutenberg PR 46142]. Follow-up to [54117]. Props andrewserong, mukesh27. Fixes #57504. Built from https://develop.svn.wordpress.org/trunk@55184 git-svn-id: http://core.svn.wordpress.org/trunk@54717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
markjaquith · Feb 1, 2023 · 1056e01 · 1056e01
1 parent 379bec8
commit 1056e01
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/wp-includes/kses.php b/wp-includes/kses.php
@@ -2277,6 +2277,7 @@ function kses_init() {
  *              nested `var()` values, and assigning values to CSS variables.
  *              Added support for `object-fit`, `gap`, `column-gap`, `row-gap`, and `flex-wrap`.
  *              Extended `margin-*` and `padding-*` support for logical properties.
+ * @since 6.2.0 Added support for `position`, `top`, `right`, `bottom`, `left` and `z-index` position CSS properties.
  *
  * @param string $css        A string of CSS rules.
  * @param string $deprecated Not used.
@@ -2438,6 +2439,13 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'overflow',
 			'vertical-align',
 
+			'position',
+			'top',
+			'right',
+			'bottom',
+			'left',
+			'z-index',
+
 			// Custom CSS properties.
 			'--*',
 		)

diff --git a/wp-includes/version.php b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.2-alpha-55183';
+$wp_version = '6.2-alpha-55184';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.