From ed29edf5a04a3f7ce38ab4929a34a9649136c2a1 Mon Sep 17 00:00:00 2001
From: Aki Hamano <tetsuaki.hamano@gmail.com>
Date: Sat, 13 Jun 2026 22:59:30 +0900
Subject: [PATCH 1/3] KSES: Allow SVG presentation attributes in
 safe_style_css.

`safecss_filter_attr()` only keeps an allowlist of CSS properties, so SVG
presentation attributes such as `fill` and `stroke` are stripped from inline
styles when SVG markup is sanitized with `wp_kses()`. Add the SVG-specific
presentation attributes to the `safe_style_css` allowlist so they are
preserved.

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/wp-includes/kses.php | 50 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index a45d1697ea40a..82c6d1924a129 100644
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@@ -2579,6 +2579,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 	 * Filters the list of allowed CSS attributes.
 	 *
 	 * @since 2.8.1
+	 * @since 7.1.0 Added support for SVG presentation attributes.
 	 *
 	 * @param string[] $attr Array of allowed CSS attributes.
 	 */
@@ -2737,6 +2738,55 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'aspect-ratio',
 			'container-type',
 
+			'fill',
+			'fill-opacity',
+			'fill-rule',
+
+			'stroke',
+			'stroke-dasharray',
+			'stroke-dashoffset',
+			'stroke-linecap',
+			'stroke-linejoin',
+			'stroke-miterlimit',
+			'stroke-opacity',
+			'stroke-width',
+
+			'color-interpolation',
+			'color-interpolation-filters',
+			'paint-order',
+			'stop-color',
+			'stop-opacity',
+			'flood-color',
+			'flood-opacity',
+			'lighting-color',
+
+			'marker',
+			'marker-start',
+			'marker-mid',
+			'marker-end',
+
+			'clip-rule',
+			'mask-type',
+
+			'cx',
+			'cy',
+			'r',
+			'rx',
+			'ry',
+			'x',
+			'y',
+			'd',
+
+			'alignment-baseline',
+			'baseline-shift',
+			'dominant-baseline',
+			'glyph-orientation-horizontal',
+			'glyph-orientation-vertical',
+			'text-anchor',
+
+			'shape-rendering',
+			'vector-effect',
+
 			// Custom CSS properties.
 			'--*',
 		)

From 8703f791a98b6ff740880a027a388b137de0024d Mon Sep 17 00:00:00 2001
From: Aki Hamano <tetsuaki.hamano@gmail.com>
Date: Sat, 13 Jun 2026 23:05:26 +0900
Subject: [PATCH 2/3] KSES: Add tests for SVG presentation attributes in
 safe_style_css.

Cover the SVG presentation attributes added to the `safe_style_css`
allowlist to ensure they are preserved by `safecss_filter_attr()`.

Co-Authored-By: Claude <noreply@anthropic.com>
---
 tests/phpunit/tests/kses.php | 38 ++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/tests/phpunit/tests/kses.php b/tests/phpunit/tests/kses.php
index db507a6b26550..871723b98361c 100644
--- a/tests/phpunit/tests/kses.php
+++ b/tests/phpunit/tests/kses.php
@@ -1000,6 +1000,7 @@ public function test_wp_kses_attr_no_attributes_allowed_with_false() {
 	 * @ticket 58551
 	 * @ticket 60132
 	 * @ticket 64414
+	 * @ticket 65457
 	 *
 	 * @dataProvider data_safecss_filter_attr
 	 *
@@ -1473,6 +1474,43 @@ public function data_safecss_filter_attr() {
 				'css'      => 'display: grid',
 				'expected' => 'display: grid',
 			),
+			// SVG presentation attributes introduced in 7.1.0.
+			array(
+				'css'      => 'fill: none',
+				'expected' => 'fill: none',
+			),
+			array(
+				'css'      => 'fill-rule: evenodd',
+				'expected' => 'fill-rule: evenodd',
+			),
+			array(
+				'css'      => 'stroke: red',
+				'expected' => 'stroke: red',
+			),
+			array(
+				'css'      => 'stroke-width: 2',
+				'expected' => 'stroke-width: 2',
+			),
+			array(
+				'css'      => 'stroke-linecap: round',
+				'expected' => 'stroke-linecap: round',
+			),
+			array(
+				'css'      => 'paint-order: stroke',
+				'expected' => 'paint-order: stroke',
+			),
+			array(
+				'css'      => 'vector-effect: non-scaling-stroke',
+				'expected' => 'vector-effect: non-scaling-stroke',
+			),
+			array(
+				'css'      => 'clip-rule: evenodd',
+				'expected' => 'clip-rule: evenodd',
+			),
+			array(
+				'css'      => 'text-anchor: middle',
+				'expected' => 'text-anchor: middle',
+			),
 		);
 	}
 

From 74809a0ac3dd663d4b95175d1ff0d250d843def6 Mon Sep 17 00:00:00 2001
From: Aki Hamano <tetsuaki.hamano@gmail.com>
Date: Wed, 17 Jun 2026 19:15:22 +0900
Subject: [PATCH 3/3] KSES: add missing SVG presentation attributes to
 safe_style_css.

Expand the SVG presentation attribute allowlist in safecss_filter_attr()
to cover clipping/masking (clip-path, mask), text (unicode-bidi,
word-spacing), font (font-size-adjust, font-stretch), rendering
(color-rendering, image-rendering, text-rendering), transforms
(transform, transform-origin), and interactivity/visibility
(pointer-events, visibility).

These were stripped during sanitization, preventing valid SVG inline
styles from rendering. Aligns the list with Gutenberg PR #79172.

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/wp-includes/kses.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index 82c6d1924a129..6a14803ad1030 100644
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@@ -2765,7 +2765,9 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'marker-mid',
 			'marker-end',
 
+			'clip-path',
 			'clip-rule',
+			'mask',
 			'mask-type',
 
 			'cx',
@@ -2783,10 +2785,24 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			'glyph-orientation-horizontal',
 			'glyph-orientation-vertical',
 			'text-anchor',
+			'unicode-bidi',
+			'word-spacing',
 
+			'font-size-adjust',
+			'font-stretch',
+
+			'color-rendering',
+			'image-rendering',
 			'shape-rendering',
+			'text-rendering',
 			'vector-effect',
 
+			'transform',
+			'transform-origin',
+
+			'pointer-events',
+			'visibility',
+
 			// Custom CSS properties.
 			'--*',
 		)