The latest articles on DEV Community by Mészáros Róbert (@meszarosrob). https://dev.to/meszarosrob https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F291259%2F5bed8737-d21f-48bf-ab1e-8e1b1f6fe287.png https://dev.to/meszarosrob en Mészáros Róbert Mon, 22 Feb 2021 17:36:53 +0000 https://dev.to/meszarosrob/class-less-css-frameworks-4a4h https://dev.to/meszarosrob/class-less-css-frameworks-4a4h <p>The class-less (or no-class) CSS framework's promise is that as long as you have a valid HTML and structure your elements in a sane way, you will get a decent-looking page by including one stylesheet.</p> <p>They are useful to put something online quickly. It can also serve as a starting point or as a temporary solution while you finish other aspects of your application or website.</p> <p>Since they style only the general HTML elements (paragraphs, headings, buttons, etc.), you don't have to worry about adding their unique class names or removing them later.</p> <p>Some class-less CSS frameworks have a distinct personality, like <a href="https://kimeiga.github.io/bahunya/">Bahunya</a> or <a href="https://metakirby5.github.io/yorha/">YoRHa</a>. Others provide minimal styling, focusing on the spacing between elements and making things acceptable. The latter ones are an excellent choice for prototyping applications. The <a href="https://watercss.kognise.dev/">Water.css</a> and <a href="https://igoradamenko.github.io/awsm.css/">awsm.css</a> seem to be good ones.</p> <p>CSS-Tricks has <a href="https://css-tricks.com/no-class-css-frameworks/">an article</a> where you can find some popular ones. Another place to find a curated list is the <a href="https://github.com/dbohdan/classless-css">Classless CSS</a> repo.</p> webdev css Mészáros Róbert Tue, 06 Oct 2020 16:04:32 +0000 https://dev.to/meszarosrob/alpine-js-directives-and-wordpress-sanitization-1emh https://dev.to/meszarosrob/alpine-js-directives-and-wordpress-sanitization-1emh <p>WordPress has functions with sensible defaults for when you want to filter untrusted HTML. To extend the default allowed list, you can use the <code>wp_kses_allowed_html</code> filter.</p> <p>Mostly I see people reaching for this when dealing with complex SVG structures where lesser-known tags and attributes pop up.</p> <p>Another scenario is when working with <em>JavaScript libraries using directives</em>, such as <a href="https://github.com/alpinejs/alpine/">Alpine.js</a> or <a href="%5Bhttps://vuejs.org/%5D">Vue.js</a>.</p> <h2> The problem with directives and WordPress </h2> <p>By default, if you run trough <code>wp_kses_post</code> an HTML containing Alpine.js directives, all are stripped out.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$alpineJsHtml</span> <span class="o">=</span> <span class="sh">&lt;&lt;&lt;'EOD' &lt;div x-data="{ isVisible: false }"&gt; &lt;button type="button" x-on:click.debounce.250="isVisible = !isVisible"&gt; Toggle with debounce &lt;/button&gt; &lt;p x-show="isVisible"&gt;I'm visible&lt;/p&gt; &lt;/div&gt; EOD;</span> <span class="k">echo</span> <span class="nf">wp_kses_post</span><span class="p">(</span><span class="nv">$alpineJsHtml</span><span class="p">);</span> </code></pre> </div> <p>The output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="nt">&lt;div&gt;</span> <span class="nt">&lt;button</span> <span class="na">type=</span><span class="s">"button"</span><span class="nt">&gt;</span> Toggle with debounce <span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;p&gt;</span>I'm visible<span class="nt">&lt;/p&gt;</span> <span class="nt">&lt;/div&gt;</span> </code></pre> </div> <p>Behind the scenes, WordPress determines if an attribute is allowed using the <code>wp_kses_attr_check</code> function. Besides the <code>data-*</code> <a href="https://github.com/WordPress/WordPress/blob/1fbcdb22135c1325ae606b71347f1c1aa56451d6/wp-includes/kses.php#L1201-L1211">wildcard attribute</a>, all other attributes have to be <em>exactly predefined</em>, and unfortunately, there is no filter attached to the function to pass custom conditions.</p> <p>Alpine.js (<code>2.6.0</code>) has 14 directives, and most of them don't have a dynamic part or modifiers. Allowing them could look something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nf">add_filter</span><span class="p">(</span> <span class="s1">'wp_kses_allowed_html'</span><span class="p">,</span> <span class="k">static</span> <span class="k">function</span> <span class="p">(</span><span class="nv">$tags</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$alpinizedTags</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'div'</span><span class="p">,</span> <span class="s1">'section'</span><span class="p">,</span> <span class="s1">'template'</span><span class="p">];</span> <span class="nv">$alpineDirectives</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'x-cloak'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'x-data'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'x-if'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// ...</span> <span class="p">];</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$alpinizedTags</span> <span class="k">as</span> <span class="nv">$alpinizedTag</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="k">isset</span><span class="p">(</span><span class="nv">$tags</span><span class="p">[</span><span class="nv">$alpinizedTag</span><span class="p">]))</span> <span class="p">{</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="nv">$tags</span><span class="p">[</span><span class="nv">$alpinizedTag</span><span class="p">]</span> <span class="o">=</span> <span class="nb">array_merge</span><span class="p">(</span><span class="nv">$alpineDirectives</span><span class="p">,</span> <span class="nv">$tags</span><span class="p">[</span><span class="nv">$alpinizedTag</span><span class="p">]);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$tags</span><span class="p">;</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <h2> Dynamic directives and modifiers </h2> <p>But with directives like <code>x-on</code> where you can listen for custom events, and add modifiers that represent milliseconds, there is no sane way to predefine all possible variations. Remember, the allowed attribute has to be an exact match; no wildcards are supported.</p> <p><strong>One option</strong> is to simply update the list whenever you use a new combination.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$alpineDirectives</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'x-on'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// not enough</span> <span class="s1">'x-on:click.debounce.250'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'x-on:change'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'x-on:open-menu'</span> <span class="o">=&gt;</span> <span class="s1">'true'</span><span class="p">,</span> <span class="c1">// ...</span> <span class="p">];</span> </code></pre> </div> <p><strong>Another solution</strong> is to deal with directives case by case basis instead of relying on a global list. This is how it would look with the <code>wp_kses</code> function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">echo</span> <span class="nf">wp_kses</span><span class="p">(</span><span class="nv">$alpineJsHtml</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'div'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'x-data'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="p">],</span> <span class="s1">'button'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'type'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="s1">'x-on:click.debounce.250'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="p">]</span> <span class="p">]);</span> </code></pre> </div> <p>But we can take <strong>this idea further</strong> and construct the list of directives dynamically and allowing them automatically.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">function</span> <span class="n">allowedPostTagsWithAlpineAttrs</span><span class="p">(</span><span class="nv">$content</span><span class="p">)</span> <span class="p">{</span> <span class="k">global</span> <span class="nv">$allowedposttags</span><span class="p">;</span> <span class="c1">// Anything that looks like an Alpine.js directive</span> <span class="nb">preg_match_all</span><span class="p">(</span><span class="s1">'/(x-[\w:.-]*)/'</span><span class="p">,</span> <span class="nv">$content</span><span class="p">,</span> <span class="nv">$matches</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$matches</span> <span class="o">===</span> <span class="kc">false</span> <span class="o">||</span> <span class="nb">empty</span><span class="p">(</span><span class="nv">$matches</span><span class="p">[</span><span class="mi">0</span><span class="p">]))</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$allowedposttags</span><span class="p">;</span> <span class="p">}</span> <span class="nv">$allowedTags</span> <span class="o">=</span> <span class="nv">$allowedposttags</span><span class="p">;</span> <span class="nv">$alpineAttrs</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$matches</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">as</span> <span class="nv">$match</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$alpineAttrs</span><span class="p">[</span><span class="nv">$match</span><span class="p">]</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$allowedTags</span> <span class="k">as</span> <span class="nv">$tag</span> <span class="o">=&gt;</span> <span class="nv">$attributes</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$allowedTags</span><span class="p">[</span><span class="nv">$tag</span><span class="p">]</span> <span class="o">=</span> <span class="nb">array_merge</span><span class="p">(</span><span class="nv">$alpineAttrs</span><span class="p">,</span> <span class="nv">$attributes</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nv">$allowedTags</span><span class="p">;</span> <span class="p">}</span> <span class="k">echo</span> <span class="nf">wp_kses</span><span class="p">(</span><span class="nv">$alpineJsHtml</span><span class="p">,</span> <span class="nf">allowedPostTagsWithAlpineAttrs</span><span class="p">(</span><span class="nv">$alpineJsHtml</span><span class="p">));</span> </code></pre> </div> <p>With this approach, we don't have to keep track of the modifiers or update the directives list if Alpine.js introduces a new one.</p> wordpress alpinejs sanitization webdev