WordPress Markup Markdown Snippet : Allow <style> and <script> tags

mmd-allow_styles_scripts.php

<?php

namespace MarkupMarkdown\Addons;

defined( 'ABSPATH' ) || exit;


if ( ! class_exists( 'MarkupMarkdown\\Addons\\AllowStylesScripts' ) ) {


	class AllowStylesScripts {


		/**
		 * @var String $min_user_cap
		 * @link https://developer.wordpress.org/reference/functions/current_user_can/
		 * WordPress capabilty required to make use of style and scripts
		 */
		private $min_user_cap = 'manage_options';


		public function __construct() {
			add_action( 'wp_loaded', array( $this, 'initialize_filters' ) );
			add_action( 'after_setup_theme', array( $this, 'initialize_shortcodes' ) );
		}


		/**
		 * Add a new 'wp_kses' filter
		 * @return Void
		 */
		public function initialize_filters() {
			add_filter( 'wp_kses_allowed_html', array( $this, 'allow_specific_tags' ), 10, 2 );
			add_filter( 'addon_markdown2html', array( $this, 'parse_scripts'), 20, 1 );
		}


		/**
		 * Add a custom shortcode [mmd_code]
		 * Ex: [mmd_code tag="script"]...[/mmd_code]
		 * @return Void
		 */
		public function initialize_shortcodes() {
			add_shortcode( 'mmd_code', array( $this, 'output_script' ) );
		}


		/**
		 * Generate executable javascript code
		 * 
		 * @params Array $attrs
		 * @params String $content JavaScript code encoded with WordPress filters
		 * @return String Executable JavaScript code wrapped within a script tag
		 */
		public function output_script( $attrs = array(), $content = '' ) {
			$html_tag = isset( $attrs[ 'tag' ] ) ? htmlentities( $attrs[ 'tag' ] ) : 'code';
			return '<' . $html_tag . '>' . $this->decode_script( $content ) . '</' . $html_tag . '>';
		}

		/**
		 * Filter to allow 'style' and 'script' tags inside WYSIWYG
		 * @link https://developer.wordpress.org/reference/functions/wp_kses_allowed_html/
		 * 
		 * @param Array $tags List of allowed HTML tags and attributes
		 * @param String $context Always 'post' when the filter is triggered by Markup Markdown
		 * @return Array $tags The updated list of HTML tags and attributes
		 */
		public function allow_specific_tags( $tags, $context ) {
			if ( 'post' === $context && current_user_can( $this->min_user_cap ) ) {
				$tags['script'] = array(); // Allow any inline script type
				$tags['style'] = array();  // Allow any inline style type
			}
			return $tags;
		}


		/**
		 * Parse <script> snippets inside the WYSIWYG
		 * 
		 * @param String $text JavaScript code encoded with post filters
		 * @return String The decoded executable javascript code
		 */
		public function parse_scripts( $content ) {
			$code_blocks = [];
			preg_match_all( '#<script(.*?)>(.*?)<\/script>#is', $content, $code_blocks );
			if ( ! isset( $code_blocks ) || ! is_array( $code_blocks ) || ! count( $code_blocks ) ) :
				return $content;
			endif;
			foreach( $code_blocks[ 0 ] as $id_block => $code_block ) :
				$code_text = isset( $code_blocks[ 2 ][ $id_block ] ) && ! empty( $code_blocks[ 2 ][ $id_block ] ) ? $code_blocks[ 2 ][ $id_block ] : '';
				$content = str_replace( $code_block, '[mmd_code tag="script"]' . $this->decode_script( $code_text ) . '[/mmd_code]', $content );
			endforeach;
			return $content;
		}


		/**
		 * Revert / prevent encoded chars within the code snippet
		 * 
		 * @param String $text JavaScript code encoded with post filters
		 * @return String The decoded executable javascript code
		 */
		private function decode_script( $text = '' ) {
			# Need to revert a few filters like WP Texturize
			$converted = array( '“', '”', '‘', '’' );
			$originals = array( '"', '"', "'", "'" );
			return str_replace( $converted, $originals, html_entity_decode( $text ) );
		}


	}


}


new \MarkupMarkdown\Addons\AllowStylesScripts();