fix content rendering as html

src/blocks/button/block.php

@@ -62,7 +62,7 @@ class="ub-button-block-main ub-button-' . esc_attr($size) .
         height="' . esc_attr($iconSize[$size]) . '", width="' . esc_attr($iconSize[$size]) . '"
         viewBox="0, 0, ' . Ultimate_Blocks_IconSet::generate_fontawesome_icon($chosenIcon)[0] . ', ' . Ultimate_Blocks_IconSet::generate_fontawesome_icon($chosenIcon)[1]
         .'"><path fill="currentColor" d="' . Ultimate_Blocks_IconSet::generate_fontawesome_icon($chosenIcon)[2] . '"></svg></span>': '')
-        .'<span class="ub-button-block-btn">' . esc_html($buttonText) . '</span>
+        .'<span class="ub-button-block-btn">' . wp_filter_nohtml_kses($buttonText) . '</span>
     </div></a></div>' : join('', array_map('ub_buttons_parse', $buttons)));
     $classes = array();
     if(isset($buttons) && count($buttons) > 0){

src/blocks/buttons/button/block.php

@@ -25,7 +25,7 @@ class="ub-button-block-main ub-button-' . $size .
         'viewBox="0, 0, ' . Ultimate_Blocks_IconSet::generate_fontawesome_icon($chosenIcon)[0] . ', ' . Ultimate_Blocks_IconSet::generate_fontawesome_icon($chosenIcon)[1]
         . '"><path fill="currentColor" d="' . Ultimate_Blocks_IconSet::generate_fontawesome_icon($chosenIcon)[2] . '"></svg>'
         . '</span>': '')
-        .'<span class="ub-button-block-btn">' . esc_html($buttonText) . '</span>
+        .'<span class="ub-button-block-btn">' . wp_filter_nohtml_kses($buttonText) . '</span>
     </div></a>';
 
     $classes = array('ub-button');

src/blocks/call-to-action/block.php

@@ -14,18 +14,18 @@ function ub_render_call_to_action_block($attributes){
                 <div class="ub_call_to_action_headline">
                     <' . ($useHeadingTag ? esc_attr($selectedHeadingTag) : 'p') . ' class="ub_call_to_action_headline_text"' . ($blockID === '' ?
                     ' style="font-size: ' . esc_attr($headFontSize) . 'px; color: ' . esc_attr($headColor) . '; text-align: ' . esc_attr($headAlign) . ';"' : '') . '>' .
-                        esc_html($ub_call_to_action_headline_text) . '</' . ($useHeadingTag ? esc_attr($selectedHeadingTag) : 'p') . '></div>
+                        wp_filter_nohtml_kses($ub_call_to_action_headline_text) . '</' . ($useHeadingTag ? esc_attr($selectedHeadingTag) : 'p') . '></div>
                 <div class="ub_call_to_action_content">
                     <p class="ub_cta_content_text"' .
                         ($blockID === '' ? ' style="font-size: ' . esc_attr($contentFontSize) . 'px; color: ' . esc_attr($contentColor) . '; text-align: ' . esc_attr($contentAlign) . ';"' : '') . '>' .
-                         esc_html($ub_cta_content_text) . '</p></div>
+                         wp_filter_nohtml_kses($ub_cta_content_text) . '</p></div>
                 <div class="ub_call_to_action_button">
                     <a href="' . esc_url($url) . '" target="_' . ($openInNewTab ? 'blank' : 'self' )
                         .'" rel="' . ($addNofollow ? 'nofollow ' : '') . ($linkIsSponsored ? 'sponsored ' : '') . 'noopener noreferrer"
                         class="ub_cta_button"' . ($blockID === '' ? ' style="background-color: ' . esc_attr($buttonColor) . '; width: ' . esc_attr($buttonWidth) . 'px;"' : '') . '>
                         <p class="ub_cta_button_text"' . ($blockID === '' ? ' style="color: ' .
                         $buttonTextColor . '; font-size: ' . esc_attr($buttonFontSize) . 'px;"' : '') . '>' .
-                            esc_html($ub_cta_button_text) . '</p></a></div></div>';
+                            wp_filter_nohtml_kses($ub_cta_button_text) . '</p></a></div></div>';
 }
 
 function ub_register_call_to_action_block() {

src/blocks/content-filter/block.php

@@ -87,14 +87,14 @@ function ub_render_content_filter_block($attributes, $content){
     foreach((array)$newFilterArray as $key1 => $filterGroup){
         $filterList .= '<div class="ub-content-filter-category"
         data-canUseMultiple="' . json_encode($filterGroup['canUseMultiple']) . '">
-        <div class="ub-content-filter-category-name">' . esc_html($filterGroup['category']) . '</div>';
+        <div class="ub-content-filter-category-name">' . wp_filter_nohtml_kses($filterGroup['category']) . '</div>';
         $filters = '<div class="ub-content-filter-buttons-wrapper">';
         foreach($filterGroup['filters'] as $key2 => $tag){
             $filters .= '<div data-tagIsSelected="false" data-categoryNumber="' . $key1 . '"
             data-filterNumber="' . $key2 . '" ' . ($blockID === '' ? 'data-normalColor="' . esc_attr($buttonColor) . '" data-normalTextColor="' . esc_attr($buttonTextColor) .
             '" data-activeColor="' . esc_attr($activeButtonColor) . '" data-activeTextColor="' . esc_attr($activeButtonTextColor) .
             '"style="background-color: ' . esc_attr($buttonColor) .'; color: ' . esc_attr($buttonTextColor) . '"' : '') . ' class="ub-content-filter-tag">' .
-            esc_html($tag) . '</div>';
+            wp_filter_nohtml_kses($tag) . '</div>';
         }
         $filterList .= $filters . '</div>';
         $filterList .= '</div>';

src/blocks/content-toggle/block.php

@@ -73,7 +73,7 @@ function ub_render_content_toggle_panel_block( $attributes, $content, $block_obj
 			. ( $parentID === '' ? ' style="background-color: ' . esc_attr($theme) . ';"' : '' ) . ( $preventCollapse ? ' aria-disabled="true"' : '' )
 			.  '" aria-controls="ub-content-toggle-panel-' . esc_attr($index) . '-' . esc_attr($parentID) . '" tabindex="0">
                     <' . esc_attr($titleTag) . ' class="' . $classNamePrefix . '-accordion-title ub-content-toggle-title-' . esc_attr($parentID) . '"'
-			. ( $parentID === '' ? ' style="color:' . esc_attr($titleColor) . ';"' : '' ) . '>' . esc_html($panelTitle) . '</' . esc_attr($titleTag) . '>' .
+			. ( $parentID === '' ? ' style="color:' . esc_attr($titleColor) . ';"' : '' ) . '>' . wp_filter_nohtml_kses($panelTitle) . '</' . esc_attr($titleTag) . '>' .
 			( $toggleIcon === 'none' ? '' : '<div class="' . $classNamePrefix . '-accordion-toggle-wrap ' .  esc_attr($toggleLocation)  .
 											'"><span class="' . $classNamePrefix . '-accordion-state-indicator ' . esc_attr($icon_class) .
 											( $should_collapsed ? '' : ' open' ) . '"></span>

src/blocks/countdown/block.php

@@ -138,7 +138,7 @@ function ub_generateDigitArray($value, $maxValue = 0){
             .'</div>';
     }
     else return '<div class="wp-block-ub-count-down ub-countdown'.(isset($className) ? ' ' . esc_attr($className) : '').'" '.
-        ($blockID === ''?'style="text-align:'. esc_attr($messageAlign) .';' :'id="ub_countdown_'. esc_attr($blockID) .'"').'>'. esc_html($expiryMessage) .'</div>';
+        ($blockID === ''?'style="text-align:'. esc_attr($messageAlign) .';' :'id="ub_countdown_'. esc_attr($blockID) .'"').'>'. wp_filter_nohtml_kses($expiryMessage) .'</div>';
 }
 
 function ub_register_countdown_block() {

src/blocks/counter/block.php

@@ -78,7 +78,7 @@ public function ub_render_counter_block($attributes, $content, $block){
                     'style' => $styles
                )
           );
-          $label_markup = '<div class="ub_counter-label-wrapper"><span class="ub_counter-label">' . esc_html($label) . '</span></div>';
+          $label_markup = '<div class="ub_counter-label-wrapper"><span class="ub_counter-label">' . wp_filter_nohtml_kses($label) . '</span></div>';
           $block_content = sprintf(
                '<div %1$s>
                     <div
@@ -101,8 +101,8 @@ class="ub_counter ub_text-%2$s"
                esc_attr( $start_number ), // 3
                esc_attr( $end_number ), // 4
                esc_attr( $animation_duration ), // 5
-               esc_html( $prefix ), // 6
-               esc_html( $suffix ), // 7
+               wp_filter_nohtml_kses( $prefix ), // 6
+               wp_filter_nohtml_kses( $suffix ), // 7
                $label_position === 'top' ? $label_markup : "", //8
                $label_position === 'bottom' ? $label_markup : "" //9
           );

src/blocks/feature-box/block.php

@@ -5,18 +5,18 @@ function ub_render_feature_box_block($attributes){
 
     $column1 = '<div class="ub_feature_1">
     <img class="ub_feature_one_img" src="' . esc_url($imgOneURL) . '" alt="' . esc_attr($imgOneAlt) . '"/>
-    <p class="ub_feature_one_title"'.($blockID===''?' style="text-align: '. esc_attr($title1Align) .';"':'').'>' . esc_html($columnOneTitle) . '</p>
-    <p class="ub_feature_one_body"'.($blockID===''?' style="text-align: '. esc_attr($body1Align) .';"':'').'>' . esc_html($columnOneBody) . '</p></div>';
+    <p class="ub_feature_one_title"'.($blockID===''?' style="text-align: '. esc_attr($title1Align) .';"':'').'>' . wp_filter_nohtml_kses($columnOneTitle) . '</p>
+    <p class="ub_feature_one_body"'.($blockID===''?' style="text-align: '. esc_attr($body1Align) .';"':'').'>' . wp_filter_nohtml_kses($columnOneBody) . '</p></div>';
 
     $column2 = '<div class="ub_feature_2">
     <img class="ub_feature_two_img" src="' . esc_url($imgTwoURL) . '" alt="' . esc_attr($imgTwoAlt) . '"/>
-    <p class="ub_feature_two_title"'.($blockID===''?' style="text-align: '. esc_attr($title2Align) .';"':'').'>' . esc_html($columnTwoTitle) . '</p>
-    <p class="ub_feature_two_body"'.($blockID===''?' style="text-align: '. esc_attr($body2Align) .';"':'').'>' . esc_html($columnTwoBody) . '</p></div>';
+    <p class="ub_feature_two_title"'.($blockID===''?' style="text-align: '. esc_attr($title2Align) .';"':'').'>' . wp_filter_nohtml_kses($columnTwoTitle) . '</p>
+    <p class="ub_feature_two_body"'.($blockID===''?' style="text-align: '. esc_attr($body2Align) .';"':'').'>' . wp_filter_nohtml_kses($columnTwoBody) . '</p></div>';
 
     $column3 = '<div class="ub_feature_3">
     <img class="ub_feature_three_img" src="'. esc_url($imgThreeURL) .'" alt="' . esc_attr($imgThreeAlt) . '"/>
-    <p class="ub_feature_three_title"'.($blockID===''?' style="text-align: '. esc_attr($title3Align) .';"':'').'>' . esc_html($columnThreeTitle) . '</p>
-    <p class="ub_feature_three_body"'.($blockID===''?' style="text-align: '. esc_attr($body3Align) .';"':'').'>' . esc_html($columnThreeBody) . '</p></div>';
+    <p class="ub_feature_three_title"'.($blockID===''?' style="text-align: '. esc_attr($title3Align) .';"':'').'>' . wp_filter_nohtml_kses($columnThreeTitle) . '</p>
+    <p class="ub_feature_three_body"'.($blockID===''?' style="text-align: '. esc_attr($body3Align) .';"':'').'>' . wp_filter_nohtml_kses($columnThreeBody) . '</p></div>';
 
     $columns = $column1;
 

src/blocks/how-to/block.php

@@ -41,7 +41,7 @@ function ub_convert_to_paragraphs($string){
     }
     else{
         $string = explode('<br>', $string);
-        $string = array_map(function($p){return '<p>' . esc_html($p) . '</p>';}, $string);
+        $string = array_map(function($p){return '<p>' . wp_filter_nohtml_kses($p) . '</p>';}, $string);
         return implode('', $string);
     }
 }
@@ -56,12 +56,12 @@ function ub_render_how_to_block($attributes){
 
     $suppliesCode = '"supply": [';
     if($advancedMode && $includeSuppliesList){
-        $header .= '<' . esc_attr($secondLevelTag) . '>' . esc_html($suppliesIntro) . '</' . esc_attr($secondLevelTag) . '>';
+        $header .= '<' . esc_attr($secondLevelTag) . '>' . wp_filter_nohtml_kses($suppliesIntro) . '</' . esc_attr($secondLevelTag) . '>';
         if(isset($supplies) && count($supplies) > 0){
             $header .=  $suppliesListStyle === 'ordered' ? '<ol' : '<ul';
             $header .= ' class="ub_howto-supplies-list">';
             foreach($supplies as $i => $s){
-                $header .= '<li>' . esc_html($s['name']) . ($s['imageURL'] === '' ? '' :
+                $header .= '<li>' . wp_filter_nohtml_kses($s['name']) . ($s['imageURL'] === '' ? '' :
                             '<br><img src="' . esc_url($s['imageURL']) . '"/>') . '</li>';
                 if($i > 0){
                     $suppliesCode .= ',';
@@ -77,12 +77,12 @@ function ub_render_how_to_block($attributes){
     $toolsCode = '"tool": [';
 
     if($advancedMode && $includeToolsList){
-        $header .= '<' . esc_attr($secondLevelTag) . '>' . esc_html($toolsIntro) . '</' . esc_attr($secondLevelTag) . '>';
+        $header .= '<' . esc_attr($secondLevelTag) . '>' . wp_filter_nohtml_kses($toolsIntro) . '</' . esc_attr($secondLevelTag) . '>';
         if(isset($tools) && count($tools) > 0){
             $header .= $toolsListStyle === 'ordered' ? '<ol' : '<ul';
             $header .= ' class="ub_howto-tools-list">';
             foreach($tools as $i => $t){
-                $header .= '<li>' . esc_html($t['name']) . ($t['imageURL'] === '' ? '' :
+                $header .= '<li>' . wp_filter_nohtml_kses($t['name']) . ($t['imageURL'] === '' ? '' :
                             '<br><img src="' . esc_url($t['imageURL']) . '"/>') . '</li>';
                 if($i > 0){
                     $toolsCode .= ',';
@@ -97,7 +97,7 @@ function ub_render_how_to_block($attributes){
 
     $costDisplay = $showUnitFirst ? $costCurrency . ' ' . $cost : $cost . ' ' . $costCurrency;
 
-    $timeDisplay = '<div><' . esc_attr($secondLevelTag) . '>' . esc_html($timeIntro) . '</' . esc_attr($secondLevelTag) . '>';
+    $timeDisplay = '<div><' . esc_attr($secondLevelTag) . '>' . wp_filter_nohtml_kses($timeIntro) . '</' . esc_attr($secondLevelTag) . '>';
 
     $totalTimeDisplay = '';
 
@@ -107,7 +107,7 @@ function ub_render_how_to_block($attributes){
         }
     }
 
-    $timeDisplay .= '<p>' . esc_html($totalTimeText) . esc_html($totalTimeDisplay)  . '</div>';
+    $timeDisplay .= '<p>' . wp_filter_nohtml_kses($totalTimeText) . wp_filter_nohtml_kses($totalTimeDisplay)  . '</div>';
 
     $ISOTotalTime = generateISODurationCode($totalTime);
 
@@ -118,7 +118,7 @@ function ub_render_how_to_block($attributes){
         $stepsDisplay = ($sectionListStyle === 'ordered' ? '<ol' : '<ul') .
                             ' class="ub_howto-section-display">';
         foreach($section as $i => $s){
-            $stepsDisplay .= '<li class="ub_howto-section"><' . esc_attr($secondLevelTag) . '>' . esc_html($s['sectionName']) . '</' . esc_attr($secondLevelTag) . '>' .
+            $stepsDisplay .= '<li class="ub_howto-section"><' . esc_attr($secondLevelTag) . '>' . wp_filter_nohtml_kses($s['sectionName']) . '</' . esc_attr($secondLevelTag) . '>' .
             ($sectionListStyle === 'ordered' ? '<ol' : '<ul') . ' class="ub_howto-step-display">';
             $stepsCode .= '{"@type": "HowToSection",' . PHP_EOL
                         . '"name": "'. str_replace("\'", "'", wp_filter_nohtml_kses($s['sectionName'])) . '",' . PHP_EOL
@@ -270,14 +270,14 @@ function ub_render_how_to_block($attributes){
     "image": "' . esc_url($finalImageURL) . '"' . '}</script>';
 
     return '<div class="wp-block-ub-how-to ub_howto" id="ub_howto_' . esc_attr($blockID) . '"><' . esc_attr($firstLevelTag) . '>'
-                . esc_html($title) . '</' . esc_attr($firstLevelTag) . '>' . ub_convert_to_paragraphs($introduction) . $header .
+                . wp_filter_nohtml_kses($title) . '</' . esc_attr($firstLevelTag) . '>' . ub_convert_to_paragraphs($introduction) . $header .
                 ($advancedMode ? ($videoURL === '' ? '' : $videoEmbedCode)
-                . '<p>' . esc_html($costDisplayText) . esc_html($costDisplay) . '</p>'
+                . '<p>' . wp_filter_nohtml_kses($costDisplayText) . wp_filter_nohtml_kses($costDisplay) . '</p>'
                 . $timeDisplay : '') . $stepsDisplay .
-                '<div class="ub_howto-yield"><' . esc_attr($secondLevelTag) . '>' . esc_html($resultIntro) . '</' . esc_attr($secondLevelTag) . '>' .
+                '<div class="ub_howto-yield"><' . esc_attr($secondLevelTag) . '>' . wp_filter_nohtml_kses($resultIntro) . '</' . esc_attr($secondLevelTag) . '>' .
                 ($finalImageURL === '' ? '' : (!isset($finalImageCaption) || $finalImageCaption === '' ? '' : '<figure class="ub_howto-yield-image-container">') .
                     '<img class="ub_howto-yield-image" src="' . esc_url($finalImageURL) . '">' .
-                    (!isset($finalImageCaption) || $finalImageCaption === '' ? '' : '<figcaption>' . esc_html($finalImageCaption) . '</figcaption></figure>')) .
+                    (!isset($finalImageCaption) || $finalImageCaption === '' ? '' : '<figcaption>' . wp_filter_nohtml_kses($finalImageCaption) . '</figcaption></figure>')) .
                 ub_convert_to_paragraphs($howToYield) . '</div>
             </div>' . $JSONLD;
 }

src/blocks/image-slider/block.php

@@ -19,7 +19,7 @@ function ub_render_image_slider_block($attributes){
         <img src="' . esc_url($image['url']) . '" alt="' . esc_attr($image['alt']) . '"' .
             ($blockID === '' ? ' style="height: ' . esc_attr($sliderHeight) . 'px;"' : '') . '>' .
             '<figcaption class="ub_image_slider_image_caption">' . ($captionArray[$key]['link'] === '' ? '' : '<a href="' . esc_url($captionArray[$key]['link']) . '">')
-            . esc_html($captionArray[$key]['text'])
+            . wp_filter_nohtml_kses($captionArray[$key]['text'])
             . ($captionArray[$key]['link'] === '' ? '' : '</a>') . ' </figcaption></figure>';
     }
     $classes = array( 'ub_image_slider', 'swiper-container' );

src/blocks/notification-box/block.php

@@ -5,7 +5,7 @@ function ub_render_notification_box_block($attributes){
     return '<div>
     <div class="wp-block-ub-notification-box '. esc_attr($ub_selected_notify) .
         (isset($className) ? ' ' . esc_attr($className) : '').'"'.($blockID===''? :' id="ub-notification-box-'. esc_attr($blockID) .'"').'>
-        <p class="ub_notify_text"'.($blockID===''?' style="text-align: '. esc_attr($align) .';"':'').'>'. esc_html($ub_notify_info) .'</p>
+        <p class="ub_notify_text"'.($blockID===''?' style="text-align: '. esc_attr($align) .';"':'').'>'. wp_filter_nohtml_kses($ub_notify_info) .'</p>
     </div>
 </div>';
 }