From 2d323f896cc25ae4f821c415156e0fa679ed49ba Mon Sep 17 00:00:00 2001 From: girishpanchal30 Date: Wed, 8 Jan 2025 16:01:27 +0530 Subject: [PATCH] fix: reviewer feedback --- .../widgets/elementor/pricing-table.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php b/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php index edfe5ab5..80f2ca24 100644 --- a/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php +++ b/obfx_modules/elementor-extra-widgets/widgets/elementor/pricing-table.php @@ -1039,7 +1039,7 @@ protected function render() { $output .= '
'; if ( ! empty( $settings['title'] ) ) { // Start of title tag. - $title_tag = in_array( $settings['title_tag'], array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p' ), true ) ? $settings['title_tag'] : 'h1'; + $title_tag = $this->sanitize_tag( $settings['title_tag'] ); $output .= '<' . esc_html( $title_tag ) . ' ' . $this->get_render_attribute_string( 'title' ) . '>'; // Title string. @@ -1050,7 +1050,7 @@ protected function render() { } if ( ! empty( $settings['subtitle'] ) ) { // Start of subtitle tag. - $subtitle_tag = in_array( $settings['subtitle_tag'], array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p' ), true ) ? $settings['subtitle_tag'] : 'h1'; + $subtitle_tag = $this->sanitize_tag( $settings['subtitle_tag'] ); $output .= '<' . esc_html( $subtitle_tag ) . ' ' . $this->get_render_attribute_string( 'subtitle' ) . '>'; // Subtitle string. @@ -1159,5 +1159,16 @@ private function display_button_icon( $settings ) { } return $output; } + + /** + * Sanitize html tags. + * + * @param string $tag HTML tagname. + * + * @return string + */ + private function sanitize_tag( $tag ) { + return in_array( $tag, array( 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p' ), true ) ? $tag : 'h1'; + } }