From 55fe27d73b54621389c56f3f66a368a5b8e17bf2 Mon Sep 17 00:00:00 2001
From: Egidio Corica <ecorica@beapi.fr>
Date: Wed, 1 Dec 2021 10:22:45 +0100
Subject: [PATCH] Add escape for the svg and add method to allow svg tag

---
 inc/Helpers/Formatting/Link.php |  2 +-
 inc/Services/Svg.php            | 35 ++++++++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/inc/Helpers/Formatting/Link.php b/inc/Helpers/Formatting/Link.php
index a0fd5ffb..e86e5d87 100644
--- a/inc/Helpers/Formatting/Link.php
+++ b/inc/Helpers/Formatting/Link.php
@@ -172,7 +172,7 @@ function get_the_link( array $attributes, array $settings = [] ): string {
 	// Implode all attributes for display purposes
 	$attributes_escaped = implode( ' ', $attributes_escaped );
 	// Escape content for display purposes
-	$label = $settings['content'] ? escape_content_value( $settings['content'], $settings['escape']['content'] ?? 'esc_html' ) : '';
+	$label = $settings['content'] ? escape_content_value( $settings['content'], $settings['escape']['content'] ?? 'wp_kses_post' ) : '';
 
 	$link_markup = sprintf( '<a %s>%s%s</a>', $attributes_escaped, $settings['new_window'], $label );
 
diff --git a/inc/Services/Svg.php b/inc/Services/Svg.php
index 99ed68db..82878e4f 100644
--- a/inc/Services/Svg.php
+++ b/inc/Services/Svg.php
@@ -16,6 +16,7 @@ class Svg implements Service {
 	 * @param Service_Container $container
 	 */
 	public function register( Service_Container $container ): void {
+		add_filter( 'wp_kses_allowed_html', [ $this, 'allow_svg_tag' ] );
 	}
 
 	/**
@@ -52,9 +53,41 @@ public function get_the_icon( string $icon_class, array $additionnal_classes = [
 
 	/**
 	 * @param string $icon_class
-	 * @param array  $additionnal_classes
+	 * @param array $additionnal_classes
 	 */
 	public function the_icon( string $icon_class, array $additionnal_classes = [] ): void {
 		echo $this->get_the_icon( $icon_class, $additionnal_classes ); //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
 	}
+
+	/**
+	 * Allow svg tag
+	 *
+	 * @param $tags
+	 *
+	 * @return mixed
+	 * @author Egidio CORICA
+	 */
+	public function allow_svg_tag( $tags ) {
+		$tags['svg'] = [
+			'xmlns'       => [],
+			'fill'        => [],
+			'viewbox'     => [],
+			'role'        => [],
+			'aria-hidden' => [],
+			'focusable'   => [],
+			'class'       => [],
+		];
+
+		$tags['path'] = [
+			'd'    => [],
+			'fill' => [],
+		];
+
+		$tags['use'] = [
+			'xmlns:xlink' => [],
+			'xlink:href'  => [],
+		];
+
+		return $tags;
+	}
 }