WordPress · t-hamano · Aug 16, 2022 · Aug 16, 2022 · Aug 17, 2022 · Aug 18, 2022
diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
@@ -2395,6 +2395,22 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 		'list-style-image',
 	);
 
+	/*
+	 * CSS attributes that accept rgb(a) color data types.
+	 *
+	 */
+	$css_color_data_types = array(
+		'color',
+
+		'border-color',
+		'border-right-color',
+		'border-bottom-color',
+		'border-left-color',
+		'border-top-color',
+
+		'background-color',
+	);
+
 	/*
 	 * CSS attributes that accept gradient data types.
 	 *
@@ -2418,6 +2434,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 		$css_test_string = $css_item;
 		$found           = false;
 		$url_attr        = false;
+		$color_attr      = false;
 		$gradient_attr   = false;
 
 		if ( strpos( $css_item, ':' ) === false ) {
@@ -2430,6 +2447,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 				$found         = true;
 				$url_attr      = in_array( $css_selector, $css_url_data_types, true );
 				$gradient_attr = in_array( $css_selector, $css_gradient_data_types, true );
+				$color_attr    = in_array( $css_selector, $css_color_data_types, true );
 			}
 		}
 
@@ -2466,6 +2484,13 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			}
 		}
 
+		if ( $found && $color_attr ) {
+			$css_value = trim( $parts[1] );
+			if ( preg_match( '/^rgb[a]?\((\d{1,3}%?),\s?(\d{1,3}%?),\s?(\d{1,3}%?)(,\s?|\s\/\s)(\d*(?:\.\d+)?)\)$/', $css_value ) ) {
+				$css_test_string = str_replace( $css_value, '', $css_test_string );
+			}
+		}
+
 		if ( $found ) {
 			// Allow CSS calc().
 			$css_test_string = preg_replace( '/calc\(((?:\([^()]*\)?|[^()])*)\)/', '', $css_test_string );

diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php
@@ -1110,14 +1110,86 @@ public function data_test_safecss_filter_attr() {
 				'css'      => 'height: expression( body.scrollTop + 50 + "px" )',
 				'expected' => '',
 			),
-			// RGB color values are not allowed.
+			// Allowed RGBA color.
 			array(
-				'css'      => 'color: rgb( 100, 100, 100 )',
+				'css'      => 'color: rgb(0,0,0,0)',
+				'expected' => 'color: rgb(0,0,0,0)',
+			),
+			array(
+				'css'      => 'border-color: rgba(0,0,0,0)',
+				'expected' => 'border-color: rgba(0,0,0,0)',
+			),
+			array(
+				'css'      => 'border-right-color: rgba(0, 0, 0, 0)',
+				'expected' => 'border-right-color: rgba(0, 0, 0, 0)',
+			),
+			array(
+				'css'      => 'border-bottom-color: rgba(100, 100, 100, 0)',
+				'expected' => 'border-bottom-color: rgba(100, 100, 100, 0)',
+			),
+			array(
+				'css'      => 'border-left-color: rgba(10%, 10%, 10%, 0)',
+				'expected' => 'border-left-color: rgba(10%, 10%, 10%, 0)',
+			),
+			array(
+				'css'      => 'border-top-color: rgba(0, 0, 0, 0.1)',
+				'expected' => 'border-top-color: rgba(0, 0, 0, 0.1)',
+			),
+			array(
+				'css'      => 'background-color: rgba(0, 0, 0, .1)',
+				'expected' => 'background-color: rgba(0, 0, 0, .1)',
+			),
+			array(
+				'css'      => 'color: rgba(0, 0, 0,.1)',
+				'expected' => 'color: rgba(0, 0, 0,.1)',
+			),
+			array(
+				'css'      => 'border-color: rgba(0, 0, 0 / 0.1)',
+				'expected' => 'border-color: rgba(0, 0, 0 / 0.1)',
+			),
+			// Invalid RGBA color.
+			array(
+				'css'      => 'color: rg(0, 0, 0, 0)',
 				'expected' => '',
 			),
-			// RGBA color values are not allowed.
 			array(
-				'css'      => 'color: rgb( 100, 100, 100, .4 )',
+				'css'      => 'text-decoration-color : rgba(0, 0, 0, 0)',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'border-color: rgba(0 , 0, 0, 0)',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'border-right-color: rgba(0,  0, 0, 0)',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'border-bottom-color: rgba(0, 0, 0/ 0.1 )',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'border-left-color: rgba(0, 0, 0 /0.1 )',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'border-top-color: rgba(0, 0, 0  / 0.1 )',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'background-color: rgba(red, 0, 0, 0)',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'color: rgba(100px, 0, 0, 0)',
+				'expected' => '',
+			),
+			array(
+				'css'      => 'border-right-color: "rgba(0, 0, 0, 0)',
+				'expected' => '',
+			),
+			array(
+				'css'      => "border-bottom-color: 'rgba(0, 0, 0, 0)",
 				'expected' => '',
 			),
 		);