Strip HTML tags from aria-label in wc_help_tip function (woocommerce#…

…50103)

* Strip HTML tags from aria-label in wc_help_tip function

* Run same escape sequence for aria_label string

* Refactor wc_help_tip and add additional test case

* Remove blank line

plugins/woocommerce/changelog/update-no-html-arialabel

@@ -0,0 +1,4 @@
+Significance: minor
+Type: update
+
+Strip HTML tags from aria-label in wc_help_tip function

plugins/woocommerce/includes/wc-core-functions.php

@@ -1580,6 +1580,8 @@ function wc_help_tip( $tip, $allow_html = false ) {
 		$sanitized_tip = esc_attr( $tip );
 	}
 
+	$aria_label = wp_strip_all_tags( $tip );
+
 	/**
 	 * Filter the help tip.
 	 *
@@ -1592,7 +1594,7 @@ function wc_help_tip( $tip, $allow_html = false ) {
 	 *
 	 * @return string
 	 */
-	return apply_filters( 'wc_help_tip', '<span class="woocommerce-help-tip" tabindex="0" aria-label="' . $sanitized_tip . '" data-tip="' . $sanitized_tip . '"></span>', $sanitized_tip, $tip, $allow_html );
+	return apply_filters( 'wc_help_tip', '<span class="woocommerce-help-tip" tabindex="0" aria-label="' . esc_attr( $aria_label ) . '" data-tip="' . $sanitized_tip . '"></span>', $sanitized_tip, $tip, $allow_html );
 }
 
 /**

plugins/woocommerce/tests/php/includes/wc-core-functions-test.php

@@ -124,4 +124,13 @@ function() use ( $decimals ) {
 
 		remove_all_filters( 'wc_get_price_decimals' );
 	}
+
+	/**
+	 * Test wc_help_tip() function.
+	 */
+	public function test_wc_help_tip_strips_html() {
+		$expected = '<span class="woocommerce-help-tip" tabindex="0" aria-label="Strong text regular text" data-tip="&lt;strong&gt;Strong text&lt;/strong&gt; regular text"></span>';
+		$this->assertEquals( $expected, wc_help_tip( '<strong>Strong text</strong> regular text', false ) );
+		$this->assertEquals( $expected, wc_help_tip( '<strong>Strong text</strong> regular text', true ) );
+	}
 }