Update escaping for Featured Item product image

This commit is contained in:
Daniel W. Robert 2023-09-26 10:12:29 -04:00 committed by Luigi
parent 56a037a8c8
commit e3ccb230d1
1 changed files with 3 additions and 2 deletions

View File

@ -201,7 +201,8 @@ abstract class FeaturedItem extends AbstractDynamicBlock {
* @return string * @return string
*/ */
private function render_image( $attributes, $item, string $image_url ) { private function render_image( $attributes, $item, string $image_url ) {
$style = sprintf( 'object-fit: %s;', esc_attr( $attributes['imageFit'] ) ); $style = sprintf( 'object-fit: %s;', esc_attr( $attributes['imageFit'] ) );
$img_alt = $attributes['alt'] ?: $this->get_item_title( $item );
if ( $this->hasFocalPoint( $attributes ) ) { if ( $this->hasFocalPoint( $attributes ) ) {
$style .= sprintf( $style .= sprintf(
@ -214,7 +215,7 @@ abstract class FeaturedItem extends AbstractDynamicBlock {
if ( ! empty( $image_url ) ) { if ( ! empty( $image_url ) ) {
return sprintf( return sprintf(
'<img alt="%1$s" class="wc-block-%2$s__background-image" src="%3$s" style="%4$s" />', '<img alt="%1$s" class="wc-block-%2$s__background-image" src="%3$s" style="%4$s" />',
wp_kses_post( $attributes['alt'] ?: $this->get_item_title( $item ) ), esc_attr( $img_alt ),
$this->block_name, $this->block_name,
esc_url( $image_url ), esc_url( $image_url ),
esc_attr( $style ) esc_attr( $style )