Releases · websevendev/attributes-for-blocks

Security update: users without unfiltered_html capability can no longer add attributes. When a user without the capability updates a post all existing attributes are stripped. Issue discovered by Francesco Carlucci (CVE ID: CVE-2024-8318, CVSS Severity Score: 6.4 (Medium)). The vulnerability made it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accessed an injected page.
Tested up to WordPress 6.6.
Update @wordpress/* packages.

Assets 3

07 Apr 18:22

websevendev

1.0.6

Assets 3

17 Jul 07:57

websevendev

1.0.5

Use WP_HTML_Tag_Processor for adding HTML attributes.
Remove afb_sanitize_attribute_key and afb_sanitize_attribute_value filters (now handled by WP_HTML_Tag_Processor).
Use render_block filter to apply attributes instead of overriding block's render_callback.
Move all PHP code to main file for simplicity.
Add $attribute param to afb_attribute_separator filter.
Remove uppercase text transform from attribute input labels, use monospace font for value.
Add button to edit attributes in a modal for more space.
Update @wordpress/* packages.
Regression: for blocks that render multiple root elements attributes are only applied to the first one.

Assets 3

15 Jul 23:12

websevendev

1.0.4

Assets 3

08 Jul 09:21

websevendev

1.0.3

Update @wordpress/* packages.
Test with WordPress 6.0.
Convert advanced style attribute editor to TypeScript and refactor.
Fix duplicate attribute values being output when the block has both JS and PHP render functions.
Add GitHub link.
Remove src folder from plugin.