RTC: Sanitize remote CRDT changes from untrusted contributors by maxschmeling · Pull Request #77207 · WordPress/gutenberg

maxschmeling · 2026-04-09T18:55:37Z

Still a work in progress. This can break valid administrative HTML on load, and doesn't account for poisoned CRDT doc changes getting persisted in a trusted save.

Summary

Adds HTML sanitization to the @wordpress/sync package via DOMPurify, configured with the wp_kses_allowed_html( 'post' ) allowlist injected from PHP, mitigating XSS risk from RTC collaborators without the unfiltered_html capability injecting dangerous content.
Sanitization is gated by a per-room permissions.unfilteredHtml flag computed server-side: when all tracked contributors share the unfiltered_html capability, remote changes are passed through; when any contributor lacks it, all string values in the changes object are recursively sanitized before reaching the local entity store.

How it works

When a remote update arrives via the Yjs CRDT document, the sync manager extracts the changed properties through getChangesFromCRDTDoc and writes them to the local store via handlers.editRecord(). The new sanitizeRemoteChanges() helper intercepts this flow when the room is untrusted, recursively walking the changes object and running every string through DOMPurify. The allowlist is built from window._wpCollaborationKsesHtml, which PHP populates from wp_kses_allowed_html( 'post' ), and a custom uponSanitizeAttribute hook enforces per-tag attribute scoping to match kses semantics.

The trust signal flows from the server: PHP tracks every authenticated contributor per room in postmeta, computes permissions: { unfiltered_html: bool } on each poll response (fail-closed on empty lists), clears the list on save_post, and the HTTP polling provider relays the flag as a permissions event before any updates in the same response are applied.

Test plan

All existing @wordpress/sync tests continue to pass
New sanitize.test.ts covers script stripping, event handler removal, javascript: URI blocking on anchors and form actions, meta/base/style stripping, per-tag attribute scoping, safe HTML preservation, block comment preservation, primitive pass-through, recursive traversal of arrays/objects, and the class-instance recursion boundary
New integration tests in manager.ts and polling-manager.test.ts verify that XSS payloads from a simulated remote peer are stripped when permissions.unfilteredHtml is false, including the default-false path before the first poll arrives, and that the wire permissions field is only honored when strictly === true

Made with Cursor and Claude Code

When a remote RTC collaborator sends malicious content (e.g. `<script>` tags, event handler attributes, `javascript:` URIs) through the shared CRDT document, it could execute in other collaborators' browsers when written to the local store. This adds DOMPurify sanitization at the single gateway where remote CRDT content enters the local entity store (`_updateEntityRecord` in the sync manager). All string values in the changes object are recursively sanitized before being passed to `editRecord`, while preserving WordPress block comment delimiters and safe HTML. Made-with: Cursor

github-actions · 2026-04-09T18:55:48Z

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: maxschmeling <maxschmeling@git.wordpress.org>
Co-authored-by: alecgeatches <alecgeatches@git.wordpress.org>
Co-authored-by: peterwilsoncc <peterwilsoncc@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

github-actions · 2026-04-09T19:07:58Z

Size Change: +9.33 kB (+0.12%)

Total Size: 7.76 MB

📦 View Changed

Filename	Size	Change
`build/scripts/sync/index.min.js`	47.9 kB	+9.33 kB (+24.19%)	🚨

ℹ️ View Unchanged

Filename	Size
`build/modules/a11y/index.min.js`	355 B
`build/modules/abilities/index.min.js`	42.3 kB
`build/modules/block-editor/utils/fit-text-frontend.min.js`	617 B
`build/modules/block-library/accordion/view.min.js`	595 B
`build/modules/block-library/file/view.min.js`	346 B
`build/modules/block-library/form/view.min.js`	528 B
`build/modules/block-library/image/view.min.js`	2.64 kB
`build/modules/block-library/navigation/view.min.js`	1.14 kB
`build/modules/block-library/playlist/view.min.js`	10.9 kB
`build/modules/block-library/query/view.min.js`	518 B
`build/modules/block-library/search/view.min.js`	498 B
`build/modules/block-library/tabs/view.min.js`	946 B
`build/modules/boot/index.min.js`	17 kB
`build/modules/connectors/index.min.js`	2.05 kB
`build/modules/core-abilities/index.min.js`	907 B
`build/modules/edit-site-init/index.min.js`	1.4 kB
`build/modules/interactivity-router/full-page.min.js`	451 B
`build/modules/interactivity-router/index.min.js`	11.6 kB
`build/modules/interactivity/index.min.js`	15.1 kB
`build/modules/latex-to-mathml/index.min.js`	56.5 kB
`build/modules/latex-to-mathml/loader.min.js`	131 B
`build/modules/lazy-editor/index.min.js`	13.9 kB
`build/modules/route/index.min.js`	25.2 kB
`build/modules/vips/loader.min.js`	127 B
`build/modules/vips/worker.min.js`	4.56 MB
`build/modules/workflow/index.min.js`	19.9 kB
`build/scripts/a11y/index.min.js`	1.06 kB
`build/scripts/annotations/index.min.js`	2.49 kB
`build/scripts/api-fetch/index.min.js`	2.83 kB
`build/scripts/autop/index.min.js`	2.18 kB
`build/scripts/base-styles/index.min.js`	98 B
`build/scripts/blob/index.min.js`	631 B
`build/scripts/block-directory/index.min.js`	8.03 kB
`build/scripts/block-editor/index.min.js`	340 kB
`build/scripts/block-library/index.min.js`	317 kB
`build/scripts/block-serialization-default-parser/index.min.js`	1.16 kB
`build/scripts/block-serialization-spec-parser/index.min.js`	3.08 kB
`build/scripts/blocks/index.min.js`	56.9 kB
`build/scripts/commands/index.min.js`	21 kB
`build/scripts/components/index.min.js`	265 kB
`build/scripts/compose/index.min.js`	11.1 kB
`build/scripts/core-commands/index.min.js`	4.31 kB
`build/scripts/core-data/index.min.js`	30.9 kB
`build/scripts/customize-widgets/index.min.js`	12.3 kB
`build/scripts/data-controls/index.min.js`	795 B
`build/scripts/data/index.min.js`	9.66 kB
`build/scripts/date/index.min.js`	23.6 kB
`build/scripts/deprecated/index.min.js`	756 B
`build/scripts/dom-ready/index.min.js`	476 B
`build/scripts/dom/index.min.js`	5 kB
`build/scripts/edit-post/index.min.js`	16.4 kB
`build/scripts/edit-site/index.min.js`	262 kB
`build/scripts/edit-widgets/index.min.js`	19.9 kB
`build/scripts/editor/index.min.js`	413 kB
`build/scripts/element/index.min.js`	5.17 kB
`build/scripts/escape-html/index.min.js`	587 B
`build/scripts/format-library/index.min.js`	10.7 kB
`build/scripts/hooks/index.min.js`	1.83 kB
`build/scripts/html-entities/index.min.js`	494 B
`build/scripts/i18n/index.min.js`	2.47 kB
`build/scripts/is-shallow-equal/index.min.js`	572 B
`build/scripts/keyboard-shortcuts/index.min.js`	1.57 kB
`build/scripts/keycodes/index.min.js`	1.56 kB
`build/scripts/list-reusable-blocks/index.min.js`	2.49 kB
`build/scripts/media-utils/index.min.js`	79.2 kB
`build/scripts/notices/index.min.js`	1.85 kB
`build/scripts/nux/index.min.js`	1.89 kB
`build/scripts/patterns/index.min.js`	7.98 kB
`build/scripts/plugins/index.min.js`	2.15 kB
`build/scripts/preferences-persistence/index.min.js`	2.15 kB
`build/scripts/preferences/index.min.js`	3.3 kB
`build/scripts/primitives/index.min.js`	1.01 kB
`build/scripts/priority-queue/index.min.js`	1.62 kB
`build/scripts/private-apis/index.min.js`	1.1 kB
`build/scripts/react-i18n/index.min.js`	833 B
`build/scripts/redux-routine/index.min.js`	3.37 kB
`build/scripts/reusable-blocks/index.min.js`	3.1 kB
`build/scripts/rich-text/index.min.js`	14 kB
`build/scripts/router/index.min.js`	5.96 kB
`build/scripts/server-side-render/index.min.js`	1.91 kB
`build/scripts/shortcode/index.min.js`	1.59 kB
`build/scripts/style-engine/index.min.js`	2.41 kB
`build/scripts/theme/index.min.js`	22 kB
`build/scripts/token-list/index.min.js`	739 B
`build/scripts/undo-manager/index.min.js`	918 B
`build/scripts/upload-media/index.min.js`	8.22 kB
`build/scripts/url/index.min.js`	3.98 kB
`build/scripts/vendors/react-dom.min.js`	43.3 kB
`build/scripts/vendors/react-jsx-runtime.min.js`	667 B
`build/scripts/vendors/react.min.js`	2.77 kB
`build/scripts/viewport/index.min.js`	1.22 kB
`build/scripts/warning/index.min.js`	454 B
`build/scripts/widgets/index.min.js`	7.8 kB
`build/scripts/wordcount/index.min.js`	1.04 kB
`build/styles/base-styles/admin-schemes-rtl.css`	1.71 kB
`build/styles/base-styles/admin-schemes-rtl.min.css`	775 B
`build/styles/base-styles/admin-schemes.css`	1.71 kB
`build/styles/base-styles/admin-schemes.min.css`	775 B
`build/styles/block-directory/style-rtl.css`	1.97 kB
`build/styles/block-directory/style-rtl.min.css`	1.06 kB
`build/styles/block-directory/style.css`	1.98 kB
`build/styles/block-directory/style.min.css`	1.06 kB
`build/styles/block-editor/content-rtl.css`	5.46 kB
`build/styles/block-editor/content-rtl.min.css`	4.03 kB
`build/styles/block-editor/content.css`	5.46 kB
`build/styles/block-editor/content.min.css`	4.02 kB
`build/styles/block-editor/default-editor-styles-rtl.css`	697 B
`build/styles/block-editor/default-editor-styles-rtl.min.css`	224 B
`build/styles/block-editor/default-editor-styles.css`	697 B
`build/styles/block-editor/default-editor-styles.min.css`	224 B
`build/styles/block-editor/style-rtl.css`	18.6 kB
`build/styles/block-editor/style-rtl.min.css`	15.8 kB
`build/styles/block-editor/style.css`	18.6 kB
`build/styles/block-editor/style.min.css`	15.8 kB
`build/styles/block-library/accordion-heading/style-rtl.css`	346 B
`build/styles/block-library/accordion-heading/style-rtl.min.css`	325 B
`build/styles/block-library/accordion-heading/style.css`	346 B
`build/styles/block-library/accordion-heading/style.min.css`	325 B
`build/styles/block-library/accordion-item/style-rtl.css`	239 B
`build/styles/block-library/accordion-item/style-rtl.min.css`	180 B
`build/styles/block-library/accordion-item/style.css`	238 B
`build/styles/block-library/accordion-item/style.min.css`	180 B
`build/styles/block-library/accordion-panel/style-rtl.css`	110 B
`build/styles/block-library/accordion-panel/style-rtl.min.css`	99 B
`build/styles/block-library/accordion-panel/style.css`	110 B
`build/styles/block-library/accordion-panel/style.min.css`	99 B
`build/styles/block-library/accordion/style-rtl.css`	69 B
`build/styles/block-library/accordion/style-rtl.min.css`	62 B
`build/styles/block-library/accordion/style.css`	69 B
`build/styles/block-library/accordion/style.min.css`	62 B
`build/styles/block-library/archives/style-rtl.css`	101 B
`build/styles/block-library/archives/style-rtl.min.css`	90 B
`build/styles/block-library/archives/style.css`	101 B
`build/styles/block-library/archives/style.min.css`	90 B
`build/styles/block-library/audio/editor-rtl.css`	166 B
`build/styles/block-library/audio/editor-rtl.min.css`	149 B
`build/styles/block-library/audio/editor.css`	166 B
`build/styles/block-library/audio/editor.min.css`	151 B
`build/styles/block-library/audio/style-rtl.css`	945 B
`build/styles/block-library/audio/style-rtl.min.css`	132 B
`build/styles/block-library/audio/style.css`	945 B
`build/styles/block-library/audio/style.min.css`	132 B
`build/styles/block-library/audio/theme-rtl.css`	967 B
`build/styles/block-library/audio/theme-rtl.min.css`	134 B
`build/styles/block-library/audio/theme.css`	967 B
`build/styles/block-library/audio/theme.min.css`	134 B
`build/styles/block-library/avatar/editor-rtl.css`	127 B
`build/styles/block-library/avatar/editor-rtl.min.css`	115 B
`build/styles/block-library/avatar/editor.css`	127 B
`build/styles/block-library/avatar/editor.min.css`	115 B
`build/styles/block-library/avatar/style-rtl.css`	117 B
`build/styles/block-library/avatar/style-rtl.min.css`	104 B
`build/styles/block-library/avatar/style.css`	117 B
`build/styles/block-library/avatar/style.min.css`	104 B
`build/styles/block-library/breadcrumbs/style-rtl.css`	233 B
`build/styles/block-library/breadcrumbs/style-rtl.min.css`	203 B
`build/styles/block-library/breadcrumbs/style.css`	233 B
`build/styles/block-library/breadcrumbs/style.min.css`	203 B
`build/styles/block-library/button/editor-rtl.css`	306 B
`build/styles/block-library/button/editor-rtl.min.css`	265 B
`build/styles/block-library/button/editor.css`	317 B
`build/styles/block-library/button/editor.min.css`	265 B
`build/styles/block-library/button/style-rtl.css`	651 B
`build/styles/block-library/button/style-rtl.min.css`	596 B
`build/styles/block-library/button/style.css`	662 B
`build/styles/block-library/button/style.min.css`	596 B
`build/styles/block-library/buttons/editor-rtl.css`	391 B
`build/styles/block-library/buttons/editor-rtl.min.css`	291 B
`build/styles/block-library/buttons/editor.css`	391 B
`build/styles/block-library/buttons/editor.min.css`	291 B
`build/styles/block-library/buttons/style-rtl.css`	452 B
`build/styles/block-library/buttons/style-rtl.min.css`	349 B
`build/styles/block-library/buttons/style.css`	453 B
`build/styles/block-library/buttons/style.min.css`	349 B
`build/styles/block-library/calendar/style-rtl.css`	271 B
`build/styles/block-library/calendar/style-rtl.min.css`	239 B
`build/styles/block-library/calendar/style.css`	271 B
`build/styles/block-library/calendar/style.min.css`	239 B
`build/styles/block-library/categories/editor-rtl.css`	171 B
`build/styles/block-library/categories/editor-rtl.min.css`	132 B
`build/styles/block-library/categories/editor.css`	170 B
`build/styles/block-library/categories/editor.min.css`	131 B
`build/styles/block-library/categories/style-rtl.css`	226 B
`build/styles/block-library/categories/style-rtl.min.css`	169 B
`build/styles/block-library/categories/style.css`	235 B
`build/styles/block-library/categories/style.min.css`	169 B
`build/styles/block-library/classic-rtl.css`	363 B
`build/styles/block-library/classic-rtl.min.css`	321 B
`build/styles/block-library/classic.css`	363 B
`build/styles/block-library/classic.min.css`	321 B
`build/styles/block-library/code/editor-rtl.css`	59 B
`build/styles/block-library/code/editor-rtl.min.css`	53 B
`build/styles/block-library/code/editor.css`	59 B
`build/styles/block-library/code/editor.min.css`	53 B
`build/styles/block-library/code/style-rtl.css`	158 B
`build/styles/block-library/code/style-rtl.min.css`	140 B
`build/styles/block-library/code/style.css`	178 B
`build/styles/block-library/code/style.min.css`	140 B
`build/styles/block-library/code/theme-rtl.css`	135 B
`build/styles/block-library/code/theme-rtl.min.css`	122 B
`build/styles/block-library/code/theme.css`	135 B
`build/styles/block-library/code/theme.min.css`	122 B
`build/styles/block-library/columns/editor-rtl.css`	119 B
`build/styles/block-library/columns/editor-rtl.min.css`	108 B
`build/styles/block-library/columns/editor.css`	119 B
`build/styles/block-library/columns/editor.min.css`	108 B
`build/styles/block-library/columns/style-rtl.css`	1.3 kB
`build/styles/block-library/columns/style-rtl.min.css`	421 B
`build/styles/block-library/columns/style.css`	1.3 kB
`build/styles/block-library/columns/style.min.css`	421 B
`build/styles/block-library/comment-author-avatar/editor-rtl.css`	136 B
`build/styles/block-library/comment-author-avatar/editor-rtl.min.css`	124 B
`build/styles/block-library/comment-author-avatar/editor.css`	136 B
`build/styles/block-library/comment-author-avatar/editor.min.css`	124 B
`build/styles/block-library/comment-author-name/style-rtl.css`	79 B
`build/styles/block-library/comment-author-name/style-rtl.min.css`	72 B
`build/styles/block-library/comment-author-name/style.css`	79 B
`build/styles/block-library/comment-author-name/style.min.css`	72 B
`build/styles/block-library/comment-content/style-rtl.css`	137 B
`build/styles/block-library/comment-content/style-rtl.min.css`	120 B
`build/styles/block-library/comment-content/style.css`	137 B
`build/styles/block-library/comment-content/style.min.css`	120 B
`build/styles/block-library/comment-date/style-rtl.css`	72 B
`build/styles/block-library/comment-date/style-rtl.min.css`	65 B
`build/styles/block-library/comment-date/style.css`	72 B
`build/styles/block-library/comment-date/style.min.css`	65 B
`build/styles/block-library/comment-edit-link/style-rtl.css`	77 B
`build/styles/block-library/comment-edit-link/style-rtl.min.css`	70 B
`build/styles/block-library/comment-edit-link/style.css`	77 B
`build/styles/block-library/comment-edit-link/style.min.css`	70 B
`build/styles/block-library/comment-reply-link/style-rtl.css`	78 B
`build/styles/block-library/comment-reply-link/style-rtl.min.css`	71 B
`build/styles/block-library/comment-reply-link/style.css`	78 B
`build/styles/block-library/comment-reply-link/style.min.css`	71 B
`build/styles/block-library/comment-template/style-rtl.css`	213 B
`build/styles/block-library/comment-template/style-rtl.min.css`	191 B
`build/styles/block-library/comment-template/style.css`	213 B
`build/styles/block-library/comment-template/style.min.css`	191 B
`build/styles/block-library/comments-pagination-numbers/editor-rtl.css`	135 B
`build/styles/block-library/comments-pagination-numbers/editor-rtl.min.css`	122 B
`build/styles/block-library/comments-pagination-numbers/editor.css`	144 B
`build/styles/block-library/comments-pagination-numbers/editor.min.css`	121 B
`build/styles/block-library/comments-pagination/editor-rtl.css`	184 B
`build/styles/block-library/comments-pagination/editor-rtl.min.css`	168 B
`build/styles/block-library/comments-pagination/editor.css`	184 B
`build/styles/block-library/comments-pagination/editor.min.css`	168 B
`build/styles/block-library/comments-pagination/style-rtl.css`	224 B
`build/styles/block-library/comments-pagination/style-rtl.min.css`	201 B
`build/styles/block-library/comments-pagination/style.css`	236 B
`build/styles/block-library/comments-pagination/style.min.css`	201 B
`build/styles/block-library/comments-title/editor-rtl.css`	83 B
`build/styles/block-library/comments-title/editor-rtl.min.css`	75 B
`build/styles/block-library/comments-title/editor.css`	83 B
`build/styles/block-library/comments-title/editor.min.css`	75 B
`build/styles/block-library/comments/editor-rtl.css`	968 B
`build/styles/block-library/comments/editor-rtl.min.css`	842 B
`build/styles/block-library/comments/editor.css`	968 B
`build/styles/block-library/comments/editor.min.css`	842 B
`build/styles/block-library/comments/style-rtl.css`	754 B
`build/styles/block-library/comments/style-rtl.min.css`	637 B
`build/styles/block-library/comments/style.css`	752 B
`build/styles/block-library/comments/style.min.css`	637 B
`build/styles/block-library/common-rtl.css`	2.48 kB
`build/styles/block-library/common-rtl.min.css`	1.12 kB
`build/styles/block-library/common.css`	2.5 kB
`build/styles/block-library/common.min.css`	1.12 kB
`build/styles/block-library/cover/editor-rtl.css`	1.05 kB
`build/styles/block-library/cover/editor-rtl.min.css`	631 B
`build/styles/block-library/cover/editor.css`	1.05 kB
`build/styles/block-library/cover/editor.min.css`	631 B
`build/styles/block-library/cover/style-rtl.css`	2.5 kB
`build/styles/block-library/cover/style-rtl.min.css`	1.82 kB
`build/styles/block-library/cover/style.css`	2.51 kB
`build/styles/block-library/cover/style.min.css`	1.81 kB
`build/styles/block-library/details/editor-rtl.css`	72 B
`build/styles/block-library/details/editor-rtl.min.css`	65 B
`build/styles/block-library/details/editor.css`	72 B
`build/styles/block-library/details/editor.min.css`	65 B
`build/styles/block-library/details/style-rtl.css`	97 B
`build/styles/block-library/details/style-rtl.min.css`	86 B
`build/styles/block-library/details/style.css`	97 B
`build/styles/block-library/details/style.min.css`	86 B
`build/styles/block-library/editor-elements-rtl.css`	117 B
`build/styles/block-library/editor-elements-rtl.min.css`	75 B
`build/styles/block-library/editor-elements.css`	117 B
`build/styles/block-library/editor-elements.min.css`	75 B
`build/styles/block-library/editor-rtl.css`	12.5 kB
`build/styles/block-library/editor-rtl.min.css`	10.3 kB
`build/styles/block-library/editor.css`	12.5 kB
`build/styles/block-library/editor.min.css`	10.3 kB
`build/styles/block-library/elements-rtl.css`	84 B
`build/styles/block-library/elements-rtl.min.css`	54 B
`build/styles/block-library/elements.css`	84 B
`build/styles/block-library/elements.min.css`	54 B
`build/styles/block-library/embed/editor-rtl.css`	391 B
`build/styles/block-library/embed/editor-rtl.min.css`	331 B
`build/styles/block-library/embed/editor.css`	390 B
`build/styles/block-library/embed/editor.min.css`	331 B
`build/styles/block-library/embed/style-rtl.css`	1.29 kB
`build/styles/block-library/embed/style-rtl.min.css`	448 B
`build/styles/block-library/embed/style.css`	1.29 kB
`build/styles/block-library/embed/style.min.css`	448 B
`build/styles/block-library/embed/theme-rtl.css`	967 B
`build/styles/block-library/embed/theme-rtl.min.css`	133 B
`build/styles/block-library/embed/theme.css`	967 B
`build/styles/block-library/embed/theme.min.css`	133 B
`build/styles/block-library/file/editor-rtl.css`	352 B
`build/styles/block-library/file/editor-rtl.min.css`	324 B
`build/styles/block-library/file/editor.css`	353 B
`build/styles/block-library/file/editor.min.css`	324 B
`build/styles/block-library/file/style-rtl.css`	318 B
`build/styles/block-library/file/style-rtl.min.css`	278 B
`build/styles/block-library/file/style.css`	331 B
`build/styles/block-library/file/style.min.css`	278 B
`build/styles/block-library/footnotes/style-rtl.css`	220 B
`build/styles/block-library/footnotes/style-rtl.min.css`	198 B
`build/styles/block-library/footnotes/style.css`	219 B
`build/styles/block-library/footnotes/style.min.css`	197 B
`build/styles/block-library/form-input/editor-rtl.css`	286 B
`build/styles/block-library/form-input/editor-rtl.min.css`	265 B
`build/styles/block-library/form-input/editor.css`	285 B
`build/styles/block-library/form-input/editor.min.css`	264 B
`build/styles/block-library/form-input/style-rtl.css`	467 B
`build/styles/block-library/form-input/style-rtl.min.css`	366 B
`build/styles/block-library/form-input/style.css`	467 B
`build/styles/block-library/form-input/style.min.css`	366 B
`build/styles/block-library/form-submission-notification/editor-rtl.css`	368 B
`build/styles/block-library/form-submission-notification/editor-rtl.min.css`	344 B
`build/styles/block-library/form-submission-notification/editor.css`	368 B
`build/styles/block-library/form-submission-notification/editor.min.css`	341 B
`build/styles/block-library/form-submit-button/style-rtl.css`	77 B
`build/styles/block-library/form-submit-button/style-rtl.min.css`	69 B
`build/styles/block-library/form-submit-button/style.css`	77 B
`build/styles/block-library/form-submit-button/style.min.css`	69 B
`build/styles/block-library/freeform/editor-rtl.css`	1.12 kB
`build/styles/block-library/freeform/editor-rtl.min.css`	288 B
`build/styles/block-library/freeform/editor.css`	1.12 kB
`build/styles/block-library/freeform/editor.min.css`	288 B
`build/styles/block-library/gallery/editor-rtl.css`	1.52 kB
`build/styles/block-library/gallery/editor-rtl.min.css`	615 B
`build/styles/block-library/gallery/editor.css`	1.52 kB
`build/styles/block-library/gallery/editor.min.css`	616 B
`build/styles/block-library/gallery/style-rtl.css`	2.84 kB
`build/styles/block-library/gallery/style-rtl.min.css`	1.84 kB
`build/styles/block-library/gallery/style.css`	2.84 kB
`build/styles/block-library/gallery/style.min.css`	1.84 kB
`build/styles/block-library/gallery/theme-rtl.css`	941 B
`build/styles/block-library/gallery/theme-rtl.min.css`	108 B
`build/styles/block-library/gallery/theme.css`	941 B
`build/styles/block-library/gallery/theme.min.css`	108 B
`build/styles/block-library/group/editor-rtl.css`	772 B
`build/styles/block-library/group/editor-rtl.min.css`	335 B
`build/styles/block-library/group/editor.css`	772 B
`build/styles/block-library/group/editor.min.css`	335 B
`build/styles/block-library/group/style-rtl.css`	120 B
`build/styles/block-library/group/style-rtl.min.css`	103 B
`build/styles/block-library/group/style.css`	120 B
`build/styles/block-library/group/style.min.css`	103 B
`build/styles/block-library/group/theme-rtl.css`	468 B
`build/styles/block-library/group/theme-rtl.min.css`	79 B
`build/styles/block-library/group/theme.css`	468 B
`build/styles/block-library/group/theme.min.css`	79 B
`build/styles/block-library/heading/style-rtl.css`	604 B
`build/styles/block-library/heading/style-rtl.min.css`	205 B
`build/styles/block-library/heading/style.css`	604 B
`build/styles/block-library/heading/style.min.css`	205 B
`build/styles/block-library/html/editor-rtl.css`	1.29 kB
`build/styles/block-library/html/editor-rtl.min.css`	464 B
`build/styles/block-library/html/editor.css`	1.3 kB
`build/styles/block-library/html/editor.min.css`	464 B
`build/styles/block-library/icon/editor-rtl.css`	776 B
`build/styles/block-library/icon/editor-rtl.min.css`	377 B
`build/styles/block-library/icon/editor.css`	776 B
`build/styles/block-library/icon/editor.min.css`	377 B
`build/styles/block-library/icon/style-rtl.css`	218 B
`build/styles/block-library/icon/style-rtl.min.css`	154 B
`build/styles/block-library/icon/style.css`	218 B
`build/styles/block-library/icon/style.min.css`	154 B
`build/styles/block-library/image/editor-rtl.css`	1.64 kB
`build/styles/block-library/image/editor-rtl.min.css`	782 B
`build/styles/block-library/image/editor.css`	1.64 kB
`build/styles/block-library/image/editor.min.css`	780 B
`build/styles/block-library/image/style-rtl.css`	2.92 kB
`build/styles/block-library/image/style-rtl.min.css`	1.86 kB
`build/styles/block-library/image/style.css`	2.92 kB
`build/styles/block-library/image/style.min.css`	1.85 kB
`build/styles/block-library/image/theme-rtl.css`	971 B
`build/styles/block-library/image/theme-rtl.min.css`	137 B
`build/styles/block-library/image/theme.css`	971 B
`build/styles/block-library/image/theme.min.css`	137 B
`build/styles/block-library/latest-comments/style-rtl.css`	392 B
`build/styles/block-library/latest-comments/style-rtl.min.css`	352 B
`build/styles/block-library/latest-comments/style.css`	390 B
`build/styles/block-library/latest-comments/style.min.css`	352 B
`build/styles/block-library/latest-posts/editor-rtl.css`	154 B
`build/styles/block-library/latest-posts/editor-rtl.min.css`	139 B
`build/styles/block-library/latest-posts/editor.css`	153 B
`build/styles/block-library/latest-posts/editor.min.css`	138 B
`build/styles/block-library/latest-posts/style-rtl.css`	1.36 kB
`build/styles/block-library/latest-posts/style-rtl.min.css`	520 B
`build/styles/block-library/latest-posts/style.css`	1.37 kB
`build/styles/block-library/latest-posts/style.min.css`	520 B
`build/styles/block-library/list/style-rtl.css`	498 B
`build/styles/block-library/list/style-rtl.min.css`	107 B
`build/styles/block-library/list/style.css`	498 B
`build/styles/block-library/list/style.min.css`	107 B
`build/styles/block-library/loginout/style-rtl.css`	68 B
`build/styles/block-library/loginout/style-rtl.min.css`	61 B
`build/styles/block-library/loginout/style.css`	68 B
`build/styles/block-library/loginout/style.min.css`	61 B
`build/styles/block-library/math/editor-rtl.css`	491 B
`build/styles/block-library/math/editor-rtl.min.css`	105 B
`build/styles/block-library/math/editor.css`	502 B
`build/styles/block-library/math/editor.min.css`	105 B
`build/styles/block-library/math/style-rtl.css`	70 B
`build/styles/block-library/math/style-rtl.min.css`	61 B
`build/styles/block-library/math/style.css`	70 B
`build/styles/block-library/math/style.min.css`	61 B
`build/styles/block-library/media-text/editor-rtl.css`	389 B
`build/styles/block-library/media-text/editor-rtl.min.css`	321 B
`build/styles/block-library/media-text/editor.css`	389 B
`build/styles/block-library/media-text/editor.min.css`	320 B
`build/styles/block-library/media-text/style-rtl.css`	873 B
`build/styles/block-library/media-text/style-rtl.min.css`	552 B
`build/styles/block-library/media-text/style.css`	901 B
`build/styles/block-library/media-text/style.min.css`	550 B
`build/styles/block-library/more/editor-rtl.css`	796 B
`build/styles/block-library/more/editor-rtl.min.css`	393 B
`build/styles/block-library/more/editor.css`	798 B
`build/styles/block-library/more/editor.min.css`	393 B
`build/styles/block-library/navigation-link/editor-rtl.css`	1.28 kB
`build/styles/block-library/navigation-link/editor-rtl.min.css`	710 B
`build/styles/block-library/navigation-link/editor.css`	1.27 kB
`build/styles/block-library/navigation-link/editor.min.css`	713 B
`build/styles/block-library/navigation-link/style-rtl.css`	579 B
`build/styles/block-library/navigation-link/style-rtl.min.css`	190 B
`build/styles/block-library/navigation-link/style.css`	579 B
`build/styles/block-library/navigation-link/style.min.css`	188 B
`build/styles/block-library/navigation-overlay-close/style-rtl.css`	260 B
`build/styles/block-library/navigation-overlay-close/style-rtl.min.css`	237 B
`build/styles/block-library/navigation-overlay-close/style.css`	260 B
`build/styles/block-library/navigation-overlay-close/style.min.css`	237 B
`build/styles/block-library/navigation-submenu/editor-rtl.css`	1.12 kB
`build/styles/block-library/navigation-submenu/editor-rtl.min.css`	295 B
`build/styles/block-library/navigation-submenu/editor.css`	1.12 kB
`build/styles/block-library/navigation-submenu/editor.min.css`	294 B
`build/styles/block-library/navigation/editor-rtl.css`	3.28 kB
`build/styles/block-library/navigation/editor-rtl.min.css`	2.28 kB
`build/styles/block-library/navigation/editor.css`	3.29 kB
`build/styles/block-library/navigation/editor.min.css`	2.28 kB
`build/styles/block-library/navigation/style-rtl.css`	3.59 kB
`build/styles/block-library/navigation/style-rtl.min.css`	2.52 kB
`build/styles/block-library/navigation/style.css`	3.59 kB
`build/styles/block-library/navigation/style.min.css`	2.5 kB
`build/styles/block-library/nextpage/editor-rtl.css`	799 B
`build/styles/block-library/nextpage/editor-rtl.min.css`	392 B
`build/styles/block-library/nextpage/editor.css`	800 B
`build/styles/block-library/nextpage/editor.min.css`	392 B
`build/styles/block-library/page-list/editor-rtl.css`	1.18 kB
`build/styles/block-library/page-list/editor-rtl.min.css`	356 B
`build/styles/block-library/page-list/editor.css`	1.18 kB
`build/styles/block-library/page-list/editor.min.css`	356 B
`build/styles/block-library/page-list/style-rtl.css`	207 B
`build/styles/block-library/page-list/style-rtl.min.css`	192 B
`build/styles/block-library/page-list/style.css`	207 B
`build/styles/block-library/page-list/style.min.css`	192 B
`build/styles/block-library/paragraph/editor-rtl.css`	315 B
`build/styles/block-library/paragraph/editor-rtl.min.css`	292 B
`build/styles/block-library/paragraph/editor.css`	314 B
`build/styles/block-library/paragraph/editor.min.css`	292 B
`build/styles/block-library/paragraph/style-rtl.css`	746 B
`build/styles/block-library/paragraph/style-rtl.min.css`	341 B
`build/styles/block-library/paragraph/style.css`	752 B
`build/styles/block-library/paragraph/style.min.css`	340 B
`build/styles/block-library/playlist-track/style-rtl.css`	453 B
`build/styles/block-library/playlist-track/style-rtl.min.css`	420 B
`build/styles/block-library/playlist-track/style.css`	453 B
`build/styles/block-library/playlist-track/style.min.css`	420 B
`build/styles/block-library/playlist/editor-rtl.css`	120 B
`build/styles/block-library/playlist/editor-rtl.min.css`	112 B
`build/styles/block-library/playlist/editor.css`	120 B
`build/styles/block-library/playlist/editor.min.css`	112 B
`build/styles/block-library/playlist/style-rtl.css`	1.52 kB
`build/styles/block-library/playlist/style-rtl.min.css`	1.42 kB
`build/styles/block-library/playlist/style.css`	1.52 kB
`build/styles/block-library/playlist/style.min.css`	1.42 kB
`build/styles/block-library/post-author-biography/style-rtl.css`	96 B
`build/styles/block-library/post-author-biography/style-rtl.min.css`	86 B
`build/styles/block-library/post-author-biography/style.css`	96 B
`build/styles/block-library/post-author-biography/style.min.css`	86 B
`build/styles/block-library/post-author-name/style-rtl.css`	76 B
`build/styles/block-library/post-author-name/style-rtl.min.css`	69 B
`build/styles/block-library/post-author-name/style.css`	76 B
`build/styles/block-library/post-author-name/style.min.css`	69 B
`build/styles/block-library/post-author/editor-rtl.css`	490 B
`build/styles/block-library/post-author/editor-rtl.min.css`	104 B
`build/styles/block-library/post-author/editor.css`	490 B
`build/styles/block-library/post-author/editor.min.css`	104 B
`build/styles/block-library/post-author/style-rtl.css`	213 B
`build/styles/block-library/post-author/style-rtl.min.css`	188 B
`build/styles/block-library/post-author/style.css`	214 B
`build/styles/block-library/post-author/style.min.css`	189 B
`build/styles/block-library/post-comments-count/style-rtl.css`	79 B
`build/styles/block-library/post-comments-count/style-rtl.min.css`	72 B
`build/styles/block-library/post-comments-count/style.css`	79 B
`build/styles/block-library/post-comments-count/style.min.css`	72 B
`build/styles/block-library/post-comments-form/editor-rtl.css`	104 B
`build/styles/block-library/post-comments-form/editor-rtl.min.css`	96 B
`build/styles/block-library/post-comments-form/editor.css`	104 B
`build/styles/block-library/post-comments-form/editor.min.css`	96 B
`build/styles/block-library/post-comments-form/style-rtl.css`	585 B
`build/styles/block-library/post-comments-form/style-rtl.min.css`	525 B
`build/styles/block-library/post-comments-form/style.css`	584 B
`build/styles/block-library/post-comments-form/style.min.css`	525 B
`build/styles/block-library/post-comments-link/style-rtl.css`	78 B
`build/styles/block-library/post-comments-link/style-rtl.min.css`	71 B
`build/styles/block-library/post-comments-link/style.css`	78 B
`build/styles/block-library/post-comments-link/style.min.css`	71 B
`build/styles/block-library/post-content/style-rtl.css`	68 B
`build/styles/block-library/post-content/style-rtl.min.css`	61 B
`build/styles/block-library/post-content/style.css`	68 B
`build/styles/block-library/post-content/style.min.css`	61 B
`build/styles/block-library/post-date/style-rtl.css`	69 B
`build/styles/block-library/post-date/style-rtl.min.css`	62 B
`build/styles/block-library/post-date/style.css`	69 B
`build/styles/block-library/post-date/style.min.css`	62 B
`build/styles/block-library/post-excerpt/editor-rtl.css`	78 B
`build/styles/block-library/post-excerpt/editor-rtl.min.css`	71 B
`build/styles/block-library/post-excerpt/editor.css`	78 B
`build/styles/block-library/post-excerpt/editor.min.css`	71 B
`build/styles/block-library/post-excerpt/style-rtl.css`	171 B
`build/styles/block-library/post-excerpt/style-rtl.min.css`	155 B
`build/styles/block-library/post-excerpt/style.css`	171 B
`build/styles/block-library/post-excerpt/style.min.css`	155 B
`build/styles/block-library/post-featured-image/editor-rtl.css`	1.14 kB
`build/styles/block-library/post-featured-image/editor-rtl.min.css`	719 B
`build/styles/block-library/post-featured-image/editor.css`	1.14 kB
`build/styles/block-library/post-featured-image/editor.min.css`	717 B
`build/styles/block-library/post-featured-image/style-rtl.css`	392 B
`build/styles/block-library/post-featured-image/style-rtl.min.css`	347 B
`build/styles/block-library/post-featured-image/style.css`	392 B
`build/styles/block-library/post-featured-image/style.min.css`	347 B
`build/styles/block-library/post-navigation-link/style-rtl.css`	234 B
`build/styles/block-library/post-navigation-link/style-rtl.min.css`	215 B
`build/styles/block-library/post-navigation-link/style.css`	245 B
`build/styles/block-library/post-navigation-link/style.min.css`	214 B
`build/styles/block-library/post-template/style-rtl.css`	1.25 kB
`build/styles/block-library/post-template/style-rtl.min.css`	414 B
`build/styles/block-library/post-template/style.css`	1.25 kB
`build/styles/block-library/post-template/style.min.css`	414 B
`build/styles/block-library/post-terms/style-rtl.css`	108 B
`build/styles/block-library/post-terms/style-rtl.min.css`	96 B
`build/styles/block-library/post-terms/style.css`	108 B
`build/styles/block-library/post-terms/style.min.css`	96 B
`build/styles/block-library/post-time-to-read/style-rtl.css`	77 B
`build/styles/block-library/post-time-to-read/style-rtl.min.css`	70 B
`build/styles/block-library/post-time-to-read/style.css`	77 B
`build/styles/block-library/post-time-to-read/style.min.css`	70 B
`build/styles/block-library/post-title/style-rtl.css`	175 B
`build/styles/block-library/post-title/style-rtl.min.css`	162 B
`build/styles/block-library/post-title/style.css`	175 B
`build/styles/block-library/post-title/style.min.css`	162 B
`build/styles/block-library/preformatted/style-rtl.css`	511 B
`build/styles/block-library/preformatted/style-rtl.min.css`	125 B
`build/styles/block-library/preformatted/style.css`	511 B
`build/styles/block-library/preformatted/style.min.css`	125 B
`build/styles/block-library/pullquote/editor-rtl.css`	146 B
`build/styles/block-library/pullquote/editor-rtl.min.css`	133 B
`build/styles/block-library/pullquote/editor.css`	146 B
`build/styles/block-library/pullquote/editor.min.css`	133 B
`build/styles/block-library/pullquote/style-rtl.css`	765 B
`build/styles/block-library/pullquote/style-rtl.min.css`	365 B
`build/styles/block-library/pullquote/style.css`	764 B
`build/styles/block-library/pullquote/style.min.css`	365 B
`build/styles/block-library/pullquote/theme-rtl.css`	195 B
`build/styles/block-library/pullquote/theme-rtl.min.css`	176 B
`build/styles/block-library/pullquote/theme.css`	195 B
`build/styles/block-library/pullquote/theme.min.css`	176 B
`build/styles/block-library/query-pagination-numbers/editor-rtl.css`	134 B
`build/styles/block-library/query-pagination-numbers/editor-rtl.min.css`	121 B
`build/styles/block-library/query-pagination-numbers/editor.css`	144 B
`build/styles/block-library/query-pagination-numbers/editor.min.css`	118 B
`build/styles/block-library/query-pagination/editor-rtl.css`	168 B
`build/styles/block-library/query-pagination/editor-rtl.min.css`	154 B
`build/styles/block-library/query-pagination/editor.css`	168 B
`build/styles/block-library/query-pagination/editor.min.css`	154 B
`build/styles/block-library/query-pagination/style-rtl.css`	254 B
`build/styles/block-library/query-pagination/style-rtl.min.css`	237 B
`build/styles/block-library/query-pagination/style.css`	265 B
`build/styles/block-library/query-pagination/style.min.css`	237 B
`build/styles/block-library/query-title/style-rtl.css`	71 B
`build/styles/block-library/query-title/style-rtl.min.css`	64 B
`build/styles/block-library/query-title/style.css`	71 B
`build/styles/block-library/query-title/style.min.css`	64 B
`build/styles/block-library/query-total/style-rtl.css`	71 B
`build/styles/block-library/query-total/style-rtl.min.css`	64 B
`build/styles/block-library/query-total/style.css`	71 B
`build/styles/block-library/query-total/style.min.css`	64 B
`build/styles/block-library/query/editor-rtl.css`	1.28 kB
`build/styles/block-library/query/editor-rtl.min.css`	438 B
`build/styles/block-library/query/editor.css`	1.28 kB
`build/styles/block-library/query/editor.min.css`	438 B
`build/styles/block-library/quote/style-rtl.css`	255 B
`build/styles/block-library/quote/style-rtl.min.css`	238 B
`build/styles/block-library/quote/style.css`	256 B
`build/styles/block-library/quote/style.min.css`	238 B
`build/styles/block-library/quote/theme-rtl.css`	253 B
`build/styles/block-library/quote/theme-rtl.min.css`	233 B
`build/styles/block-library/quote/theme.css`	254 B
`build/styles/block-library/quote/theme.min.css`	236 B
`build/styles/block-library/read-more/style-rtl.css`	146 B
`build/styles/block-library/read-more/style-rtl.min.css`	131 B
`build/styles/block-library/read-more/style.css`	146 B
`build/styles/block-library/read-more/style.min.css`	131 B
`build/styles/block-library/reset-rtl.css`	936 B
`build/styles/block-library/reset-rtl.min.css`	467 B
`build/styles/block-library/reset.css`	936 B
`build/styles/block-library/reset.min.css`	467 B
`build/styles/block-library/rss/editor-rtl.css`	144 B
`build/styles/block-library/rss/editor-rtl.min.css`	126 B
`build/styles/block-library/rss/editor.css`	144 B
`build/styles/block-library/rss/editor.min.css`	126 B
`build/styles/block-library/rss/style-rtl.css`	1.11 kB
`build/styles/block-library/rss/style-rtl.min.css`	284 B
`build/styles/block-library/rss/style.css`	1.12 kB
`build/styles/block-library/rss/style.min.css`	283 B
`build/styles/block-library/search/editor-rtl.css`	217 B
`build/styles/block-library/search/editor-rtl.min.css`	199 B
`build/styles/block-library/search/editor.css`	217 B
`build/styles/block-library/search/editor.min.css`	199 B
`build/styles/block-library/search/style-rtl.css`	1.1 kB
`build/styles/block-library/search/style-rtl.min.css`	665 B
`build/styles/block-library/search/style.css`	1.1 kB
`build/styles/block-library/search/style.min.css`	666 B
`build/styles/block-library/search/theme-rtl.css`	130 B
`build/styles/block-library/search/theme-rtl.min.css`	113 B
`build/styles/block-library/search/theme.css`	130 B
`build/styles/block-library/search/theme.min.css`	113 B
`build/styles/block-library/separator/editor-rtl.css`	106 B
`build/styles/block-library/separator/editor-rtl.min.css`	100 B
`build/styles/block-library/separator/editor.css`	106 B
`build/styles/block-library/separator/editor.min.css`	100 B
`build/styles/block-library/separator/style-rtl.css`	284 B
`build/styles/block-library/separator/style-rtl.min.css`	248 B
`build/styles/block-library/separator/style.css`	297 B
`build/styles/block-library/separator/style.min.css`	248 B
`build/styles/block-library/separator/theme-rtl.css`	226 B
`build/styles/block-library/separator/theme-rtl.min.css`	195 B
`build/styles/block-library/separator/theme.css`	226 B
`build/styles/block-library/separator/theme.min.css`	195 B
`build/styles/block-library/shortcode/editor-rtl.css`	1.1 kB
`build/styles/block-library/shortcode/editor-rtl.min.css`	286 B
`build/styles/block-library/shortcode/editor.css`	1.1 kB
`build/styles/block-library/shortcode/editor.min.css`	286 B
`build/styles/block-library/site-logo/editor-rtl.css`	1.12 kB
`build/styles/block-library/site-logo/editor-rtl.min.css`	696 B
`build/styles/block-library/site-logo/editor.css`	1.12 kB
`build/styles/block-library/site-logo/editor.min.css`	692 B
`build/styles/block-library/site-logo/style-rtl.css`	239 B
`build/styles/block-library/site-logo/style-rtl.min.css`	218 B
`build/styles/block-library/site-logo/style.css`	238 B
`build/styles/block-library/site-logo/style.min.css`	218 B
`build/styles/block-library/site-tagline/editor-rtl.css`	94 B
`build/styles/block-library/site-tagline/editor-rtl.min.css`	87 B
`build/styles/block-library/site-tagline/editor.css`	94 B
`build/styles/block-library/site-tagline/editor.min.css`	87 B
`build/styles/block-library/site-tagline/style-rtl.css`	72 B
`build/styles/block-library/site-tagline/style-rtl.min.css`	65 B
`build/styles/block-library/site-tagline/style.css`	72 B
`build/styles/block-library/site-tagline/style.min.css`	65 B
`build/styles/block-library/site-title/editor-rtl.css`	93 B
`build/styles/block-library/site-title/editor-rtl.min.css`	85 B
`build/styles/block-library/site-title/editor.css`	93 B
`build/styles/block-library/site-title/editor.min.css`	85 B
`build/styles/block-library/site-title/style-rtl.css`	153 B
`build/styles/block-library/site-title/style-rtl.min.css`	143 B
`build/styles/block-library/site-title/style.css`	153 B
`build/styles/block-library/site-title/style.min.css`	143 B
`build/styles/block-library/social-link/editor-rtl.css`	346 B
`build/styles/block-library/social-link/editor-rtl.min.css`	314 B
`build/styles/block-library/social-link/editor.css`	348 B
`build/styles/block-library/social-link/editor.min.css`	314 B
`build/styles/block-library/social-links/editor-rtl.css`	737 B
`build/styles/block-library/social-links/editor-rtl.min.css`	339 B
`build/styles/block-library/social-links/editor.css`	738 B
`build/styles/block-library/social-links/editor.min.css`	338 B
`build/styles/block-library/social-links/style-rtl.css`	1.57 kB
`build/styles/block-library/social-links/style-rtl.min.css`	1.51 kB
`build/styles/block-library/social-links/style.css`	1.57 kB
`build/styles/block-library/social-links/style.min.css`	1.51 kB
`build/styles/block-library/spacer/editor-rtl.css`	774 B
`build/styles/block-library/spacer/editor-rtl.min.css`	346 B
`build/styles/block-library/spacer/editor.css`	774 B
`build/styles/block-library/spacer/editor.min.css`	346 B
`build/styles/block-library/spacer/style-rtl.css`	55 B
`build/styles/block-library/spacer/style-rtl.min.css`	48 B
`build/styles/block-library/spacer/style.css`	55 B
`build/styles/block-library/spacer/style.min.css`	48 B
`build/styles/block-library/style-rtl.css`	21.5 kB
`build/styles/block-library/style-rtl.min.css`	18 kB
`build/styles/block-library/style.css`	21.6 kB
`build/styles/block-library/style.min.css`	18 kB
`build/styles/block-library/tab-panel/style-rtl.css`	75 B
`build/styles/block-library/tab-panel/style-rtl.min.css`	64 B
`build/styles/block-library/tab-panel/style.css`	75 B
`build/styles/block-library/tab-panel/style.min.css`	64 B
`build/styles/block-library/tab/style-rtl.css`	233 B
`build/styles/block-library/tab/style-rtl.min.css`	210 B
`build/styles/block-library/tab/style.css`	233 B
`build/styles/block-library/tab/style.min.css`	210 B
`build/styles/block-library/table-of-contents/style-rtl.css`	89 B
`build/styles/block-library/table-of-contents/style-rtl.min.css`	83 B
`build/styles/block-library/table-of-contents/style.css`	89 B
`build/styles/block-library/table-of-contents/style.min.css`	83 B
`build/styles/block-library/table/editor-rtl.css`	1.25 kB
`build/styles/block-library/table/editor-rtl.min.css`	394 B
`build/styles/block-library/table/editor.css`	1.25 kB
`build/styles/block-library/table/editor.min.css`	394 B
`build/styles/block-library/table/style-rtl.css`	1.06 kB
`build/styles/block-library/table/style-rtl.min.css`	641 B
`build/styles/block-library/table/style.css`	1.06 kB
`build/styles/block-library/table/style.min.css`	640 B
`build/styles/block-library/table/theme-rtl.css`	985 B
`build/styles/block-library/table/theme-rtl.min.css`	152 B
`build/styles/block-library/table/theme.css`	985 B
`build/styles/block-library/table/theme.min.css`	152 B
`build/styles/block-library/tabs-menu-item/editor-rtl.css`	168 B
`build/styles/block-library/tabs-menu-item/editor-rtl.min.css`	155 B
`build/styles/block-library/tabs-menu-item/editor.css`	168 B
`build/styles/block-library/tabs-menu-item/editor.min.css`	155 B
`build/styles/block-library/tabs-menu-item/style-rtl.css`	404 B
`build/styles/block-library/tabs-menu-item/style-rtl.min.css`	361 B
`build/styles/block-library/tabs-menu-item/style.css`	405 B
`build/styles/block-library/tabs-menu-item/style.min.css`	362 B
`build/styles/block-library/tabs-menu/editor-rtl.css`	116 B
`build/styles/block-library/tabs-menu/editor-rtl.min.css`	104 B
`build/styles/block-library/tabs-menu/editor.css`	116 B
`build/styles/block-library/tabs-menu/editor.min.css`	104 B
`build/styles/block-library/tabs/style-rtl.css`	95 B
`build/styles/block-library/tabs/style-rtl.min.css`	84 B
`build/styles/block-library/tabs/style.css`	95 B
`build/styles/block-library/tabs/style.min.css`	84 B
`build/styles/block-library/tag-cloud/style-rtl.css`	283 B
`build/styles/block-library/tag-cloud/style-rtl.min.css`	248 B
`build/styles/block-library/tag-cloud/style.css`	283 B
`build/styles/block-library/tag-cloud/style.min.css`	248 B
`build/styles/block-library/template-part/editor-rtl.css`	1.2 kB
`build/styles/block-library/template-part/editor-rtl.min.css`	368 B
`build/styles/block-library/template-part/editor.css`	1.2 kB
`build/styles/block-library/template-part/editor.min.css`	368 B
`build/styles/block-library/template-part/theme-rtl.css`	492 B
`build/styles/block-library/template-part/theme-rtl.min.css`	113 B
`build/styles/block-library/template-part/theme.css`	492 B
`build/styles/block-library/template-part/theme.min.css`	113 B
`build/styles/block-library/term-count/style-rtl.css`	70 B
`build/styles/block-library/term-count/style-rtl.min.css`	63 B
`build/styles/block-library/term-count/style.css`	70 B
`build/styles/block-library/term-count/style.min.css`	63 B
`build/styles/block-library/term-description/style-rtl.css`	138 B
`build/styles/block-library/term-description/style-rtl.min.css`	126 B
`build/styles/block-library/term-description/style.css`	138 B
`build/styles/block-library/term-description/style.min.css`	126 B
`build/styles/block-library/term-name/style-rtl.css`	69 B
`build/styles/block-library/term-name/style-rtl.min.css`	62 B
`build/styles/block-library/term-name/style.css`	69 B
`build/styles/block-library/term-name/style.min.css`	62 B
`build/styles/block-library/term-template/editor-rtl.css`	267 B
`build/styles/block-library/term-template/editor-rtl.min.css`	225 B
`build/styles/block-library/term-template/editor.css`	267 B
`build/styles/block-library/term-template/editor.min.css`	225 B
`build/styles/block-library/term-template/style-rtl.css`	124 B
`build/styles/block-library/term-template/style-rtl.min.css`	114 B
`build/styles/block-library/term-template/style.css`	124 B
`build/styles/block-library/term-template/style.min.css`	114 B
`build/styles/block-library/text-columns/editor-rtl.css`	481 B
`build/styles/block-library/text-columns/editor-rtl.min.css`	95 B
`build/styles/block-library/text-columns/editor.css`	481 B
`build/styles/block-library/text-columns/editor.min.css`	95 B
`build/styles/block-library/text-columns/style-rtl.css`	177 B
`build/styles/block-library/text-columns/style-rtl.min.css`	165 B
`build/styles/block-library/text-columns/style.css`	177 B
`build/styles/block-library/text-columns/style.min.css`	165 B
`build/styles/block-library/theme-rtl.css`	1.59 kB
`build/styles/block-library/theme-rtl.min.css`	715 B
`build/styles/block-library/theme.css`	1.6 kB
`build/styles/block-library/theme.min.css`	719 B
`build/styles/block-library/verse/style-rtl.css`	155 B
`build/styles/block-library/verse/style-rtl.min.css`	137 B
`build/styles/block-library/verse/style.css`	155 B
`build/styles/block-library/verse/style.min.css`	137 B
`build/styles/block-library/video/editor-rtl.css`	825 B
`build/styles/block-library/video/editor-rtl.min.css`	415 B
`build/styles/block-library/video/editor.css`	826 B
`build/styles/block-library/video/editor.min.css`	416 B
`build/styles/block-library/video/style-rtl.css`	1.02 kB
`build/styles/block-library/video/style-rtl.min.css`	202 B
`build/styles/block-library/video/style.css`	1.02 kB
`build/styles/block-library/video/style.min.css`	202 B
`build/styles/block-library/video/theme-rtl.css`	967 B
`build/styles/block-library/video/theme-rtl.min.css`	134 B
`build/styles/block-library/video/theme.css`	967 B
`build/styles/block-library/video/theme.min.css`	134 B
`build/styles/commands/style-rtl.css`	2.07 kB
`build/styles/commands/style-rtl.min.css`	1.17 kB
`build/styles/commands/style.css`	2.06 kB
`build/styles/commands/style.min.css`	1.17 kB
`build/styles/components/style-rtl.css`	17.3 kB
`build/styles/components/style-rtl.min.css`	14.1 kB
`build/styles/components/style.css`	17.4 kB
`build/styles/components/style.min.css`	14.1 kB
`build/styles/customize-widgets/style-rtl.css`	2.35 kB
`build/styles/customize-widgets/style-rtl.min.css`	1.44 kB
`build/styles/customize-widgets/style.css`	2.35 kB
`build/styles/customize-widgets/style.min.css`	1.44 kB
`build/styles/edit-post/classic-rtl.css`	1.29 kB
`build/styles/edit-post/classic-rtl.min.css`	425 B
`build/styles/edit-post/classic.css`	1.31 kB
`build/styles/edit-post/classic.min.css`	428 B
`build/styles/edit-post/style-rtl.css`	3.98 kB
`build/styles/edit-post/style-rtl.min.css`	2.67 kB
`build/styles/edit-post/style.css`	3.99 kB
`build/styles/edit-post/style.min.css`	2.67 kB
`build/styles/edit-site/style-rtl.css`	20.9 kB
`build/styles/edit-site/style-rtl.min.css`	17.1 kB
`build/styles/edit-site/style.css`	21 kB
`build/styles/edit-site/style.min.css`	17.1 kB
`build/styles/edit-widgets/style-rtl.css`	5.29 kB
`build/styles/edit-widgets/style-rtl.min.css`	3.95 kB
`build/styles/edit-widgets/style.css`	5.29 kB
`build/styles/edit-widgets/style.min.css`	3.96 kB
`build/styles/editor/style-rtl.css`	26.6 kB
`build/styles/editor/style-rtl.min.css`	22.5 kB
`build/styles/editor/style.css`	26.6 kB
`build/styles/editor/style.min.css`	22.4 kB
`build/styles/format-library/style-rtl.css`	735 B
`build/styles/format-library/style-rtl.min.css`	326 B
`build/styles/format-library/style.css`	746 B
`build/styles/format-library/style.min.css`	326 B
`build/styles/list-reusable-blocks/style-rtl.css`	1.07 kB
`build/styles/list-reusable-blocks/style-rtl.min.css`	250 B
`build/styles/list-reusable-blocks/style.css`	1.07 kB
`build/styles/list-reusable-blocks/style.min.css`	249 B
`build/styles/media-utils/style-rtl.css`	2.08 kB
`build/styles/media-utils/style-rtl.min.css`	1.17 kB
`build/styles/media-utils/style.css`	2.08 kB
`build/styles/media-utils/style.min.css`	1.17 kB
`build/styles/nux/style-rtl.css`	1.48 kB
`build/styles/nux/style-rtl.min.css`	622 B
`build/styles/nux/style.css`	1.5 kB
`build/styles/nux/style.min.css`	618 B
`build/styles/patterns/style-rtl.css`	1.46 kB
`build/styles/patterns/style-rtl.min.css`	611 B
`build/styles/patterns/style.css`	1.46 kB
`build/styles/patterns/style.min.css`	611 B
`build/styles/preferences/style-rtl.css`	1.26 kB
`build/styles/preferences/style-rtl.min.css`	415 B
`build/styles/preferences/style.css`	1.26 kB
`build/styles/preferences/style.min.css`	415 B
`build/styles/reusable-blocks/style-rtl.css`	1.11 kB
`build/styles/reusable-blocks/style-rtl.min.css`	275 B
`build/styles/reusable-blocks/style.css`	1.11 kB
`build/styles/reusable-blocks/style.min.css`	275 B
`build/styles/widgets/style-rtl.css`	2.05 kB
`build/styles/widgets/style-rtl.min.css`	1.16 kB
`build/styles/widgets/style.css`	2.06 kB
`build/styles/widgets/style.min.css`	1.16 kB

_{compressed-size-action}

github-actions · 2026-04-09T19:26:55Z

Flaky tests detected in d54d55f.
Some tests passed with failed attempts. The failures may not be related to this commit but are still reported for visibility. See the documentation for more information.

🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/24528527757
📝 Reported issues:

[Flaky Test] post title and content are editable and blocks can be inserted #76524 in /test/e2e/specs/editor/various/post-content-focus-mode.spec.js
[Flaky Test] should show correct homepage actions based on current homepage or posts page #77385 in /test/e2e/specs/site-editor/homepage-settings.spec.js

Track which users submit sync updates via a contributor list stored in post meta on the sync storage post. On each poll response the server checks every contributor against the `unfiltered_html` capability and returns a `trustworthy` flag. The list is cleared on post save so the check resets for subsequent editing sessions. On the client side the polling provider relays the flag through a new `trustworthy` provider event. The sync manager stores it per entity and only runs DOMPurify sanitization when `trustworthy` is false, avoiding unnecessary filtering when all collaborators are trusted. Made-with: Cursor

alecgeatches · 2026-04-13T22:15:28Z

+		$storage = new WP_Sync_Post_Meta_Storage();
+		$storage->clear_contributors( $room );
+	}
+	add_action( 'save_post', 'gutenberg_clear_sync_contributors_on_save', 10, 2 );


Are there any other actions we might want to clear out contributors for? Maybe on wp_delete_post() we'd want to check for and clean up contributor meta? Not immediately important, though.

Actually not sure on delete. I would think we might want to just leave the standard WP behavior there.

Move contributor tracking to the top of the per-room loop in handle_request so that every authenticated access is recorded, including awareness-only polls. This is simpler and more conservative than gating on whether the request carries document updates. Made-with: Cursor

Replace the read-modify-write pattern (get list, append, update row) with add_post_meta inserting one row per contributor per access. Concurrent requests from different users no longer risk overwriting each other. Duplicates across rows are deduplicated in get_contributors() via array_unique. Made-with: Cursor

Check for an existing row with the same meta key and user ID value before inserting. This prevents unbounded row growth from repeated polls by the same user. A rare race between concurrent requests can produce at most one extra row per user, which get_contributors() already handles via array_unique. Made-with: Cursor

Go back to plain add_post_meta without the direct DB dedup query. Made-with: Cursor

Check existing meta rows via get_post_meta before inserting to avoid growing the table on every poll. A rare race can still produce one duplicate per user, handled by array_unique in get_contributors(). Made-with: Cursor

alecgeatches · 2026-04-13T22:26:14Z

+export function sanitizeRemoteChanges(
+	changes: Partial< ObjectData >
+): Partial< ObjectData > {
+	return sanitizeObjectData( changes );


Does this cause any issues with rich text HTML?

I'm having trouble testing this PR due to some build errors, but looking at how DOMPurify works I don't think rich text will be an issue. There's a huge default whitelist which includes tags like <strong>.

alecgeatches · 2026-04-14T17:35:30Z

 				'room'           => $room,
 				'should_compact' => $should_compact,
 				'total_updates'  => $total_updates,
+				'trustworthy'    => $trustworthy,


Instead of trustworthy, can we have this 1:1 match the capability it represents? E.g. trust_unfiltered_html. I can imagine we might inspect other capabilities that affect syncing in the future, and "trustworthy" might mean something else in that context.

Or, even more generally, we could use the capability directly:

{ sync_capabilities: [ 'unfiltered_html' ] // When all users have the capability // or sync_capabilities: [] // When an untrusted user joins }

peterwilsoncc

~~I know this is a work in progress but I've added in a few suggestions for starting with the assumption the user doesn't have unfiltered HTML.~~

Edit: Ignore all of this, I completely misread the code.

…ss proven otherwise

alecgeatches · 2026-04-16T18:16:04Z

Edit: Ignore all of this, I completely misread the code.

@peterwilsoncc I agree with the overall idea that the code should be explicit and easy to read about being deny-first in your code comments above. I pushed up some changes in f095565 to address that, even if it's functionally the same logic.

alecgeatches · 2026-04-16T19:14:35Z

Hmm, I noticed one issue with this change:

gutenberg/packages/sync/src/manager.ts

Line 267 in d54d55f

permissions: { unfilteredHtml: false },

This causes the document to load with an assumed unfilteredHtml: false, which means we apply sanitization before we receive an /update poll. That works for security, but it also breaks an admin-only session. If I add this to a custom HTML block as an admin:

<script>console.log('Legitimate admin script');</script>

Then save and refresh the page, the script is sanitized on initial load before we receive the unfiltered_html signal. This obviously should still keep working when an admin is the only user on a post. Looking into how to address this without breaking the security model.

peterwilsoncc

I've left a couple of notes inline.

DOMPurify looks to be maintained based on a quick review of the repo so I think it's fine to add. @youknowriad @ellatrix @desrosj do any of you have strong feelings on this?

peterwilsoncc · 2026-04-16T23:53:29Z

+		'window._wpCollaborationEnabled = ' . wp_json_encode( $enabled ) . ';' .
+			'window._wpCollaborationKsesHtml = ' . wp_json_encode( wp_kses_allowed_html( 'post' ) ) . ';',


Maybe:

$config = [ enabled: $enabled, kses: $enabled ? wp_kses_allowed_html( 'post' ) : [] ]; window._wpCollaboration = wp_json_encode( $config );

It might be helpful to keep window._wpCollaborationEnabled for a bit while wp-dev and gb get synced up with intent to remove.

peterwilsoncc · 2026-04-17T00:22:30Z

+// URI scheme filtering is left to DOMPurify's built-in `IS_ALLOWED_URI`
+// pattern (blocks `javascript:`, `data:`, `vbscript:`, etc.) rather than a
+// hand-rolled regex around `wp_allowed_protocols()`. Slightly stricter than
+// kses (a few exotic schemes like `irc:`, `webcal:` are dropped), which is
+// acceptable for a security-first sanitizer.


Yeah, I'm happy with this if allowed protocols is overly complex.

Also, use multi-line comment standard per WP standards for inline comments (applies throughout so I won't repeat myself).

github-actions Bot added the [Package] Sync label Apr 9, 2026

maxschmeling changed the title ~~Sync: Sanitize remote CRDT changes with DOMPurify to prevent XSS~~ RTC: Sanitize remote CRDT changes with DOMPurify to prevent XSS Apr 9, 2026

maxschmeling added the [Feature] Real-time Collaboration Phase 3 of the Gutenberg roadmap around real-time collaboration label Apr 9, 2026

maxschmeling mentioned this pull request Apr 13, 2026

Collaborative Editing iteration for WordPress 7.0 #74549

Open

maxschmeling added the [Type] Security Related to security concerns or efforts label Apr 13, 2026

maxschmeling requested a review from alecgeatches April 13, 2026 20:59

maxschmeling requested a review from spacedmonkey as a code owner April 13, 2026 21:28

alecgeatches reviewed Apr 13, 2026

View reviewed changes

Comment thread lib/compat/wordpress-7.0/class-wp-http-polling-sync-server.php Outdated

alecgeatches reviewed Apr 13, 2026

View reviewed changes

Comment thread lib/compat/wordpress-7.0/class-wp-sync-post-meta-storage.php Outdated

alecgeatches reviewed Apr 13, 2026

View reviewed changes

maxschmeling added 5 commits April 13, 2026 17:16

Revert "Sync: Deduplicate contributor rows before writing"

3c0517d

Go back to plain add_post_meta without the direct DB dedup query. Made-with: Cursor

Sync: Skip contributor insert when user is already tracked

517aa69

Check existing meta rows via get_post_meta before inserting to avoid growing the table on every poll. A rare race can still produce one duplicate per user, handled by array_unique in get_contributors(). Made-with: Cursor

alecgeatches reviewed Apr 13, 2026

View reviewed changes

Remove duplicate onTrustChange keys in tests

e4f36cc

alecgeatches reviewed Apr 14, 2026

View reviewed changes

alecgeatches added 7 commits April 15, 2026 11:34

Merge branch 'trunk' into sync/sanitize-remote-changes-xss

7f9d79c

Fix HttpPollingEvents type errors

ccc491d

Add onTrustChange to tests, remove unused functions

4ba07d9

Switch from DOMPurify to built-in safeHTML

37a2a21

Change trustworthy flag to permissions.unfiltered_html

dfce851

Add guard around new clear_contributors() method

2855189

Add TS reference to @wordpress/dom to fix build

1a38799

Fix PHPCS violations

e459ac9

alecgeatches changed the title ~~RTC: Sanitize remote CRDT changes with DOMPurify to prevent XSS~~ RTC: Sanitize untrusted remote CRDT changes with safeHTML Apr 15, 2026

peterwilsoncc reviewed Apr 16, 2026

View reviewed changes

Comment thread lib/compat/wordpress-7.0/class-wp-http-polling-sync-server.php Outdated

Comment thread lib/compat/wordpress-7.0/class-wp-http-polling-sync-server.php Outdated

Comment thread packages/sync/src/providers/http-polling/polling-manager.ts Outdated

alecgeatches added 2 commits April 16, 2026 11:04

Use DOMPurify based on wp_kses options

28f8815

More explicitly ensure that unfilteredHtml permissions are false unle…

f095565

…ss proven otherwise

Remove inconsistent method_exists guards

ec9334f

alecgeatches changed the title ~~RTC: Sanitize untrusted remote CRDT changes with safeHTML~~ RTC: Sanitize remote CRDT changes from untrusted contributors Apr 16, 2026

Re-add temporary method guards until changes land in core

d54d55f

peterwilsoncc reviewed Apr 17, 2026

View reviewed changes

		'window._wpCollaborationEnabled = ' . wp_json_encode( $enabled ) . ';' .
		'window._wpCollaborationKsesHtml = ' . wp_json_encode( wp_kses_allowed_html( 'post' ) ) . ';',

Conversation

maxschmeling commented Apr 9, 2026 • edited by alecgeatches Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

How it works

Test plan

Uh oh!

github-actions Bot commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

alecgeatches Apr 13, 2026

Choose a reason for hiding this comment

Uh oh!

maxschmeling Apr 13, 2026

Choose a reason for hiding this comment

Uh oh!

alecgeatches Apr 13, 2026

Choose a reason for hiding this comment

Uh oh!

alecgeatches Apr 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

alecgeatches Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

alecgeatches Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

peterwilsoncc left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

alecgeatches commented Apr 16, 2026

Uh oh!

alecgeatches commented Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

peterwilsoncc left a comment

Choose a reason for hiding this comment

Uh oh!

peterwilsoncc Apr 16, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

peterwilsoncc Apr 17, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

maxschmeling commented Apr 9, 2026 •

edited by alecgeatches

Loading

github-actions Bot commented Apr 9, 2026 •

edited

Loading

github-actions Bot commented Apr 9, 2026 •

edited

Loading

github-actions Bot commented Apr 9, 2026 •

edited

Loading

alecgeatches Apr 14, 2026 •

edited

Loading

peterwilsoncc left a comment •

edited

Loading

alecgeatches commented Apr 16, 2026 •

edited

Loading