function decorate_mod($key, $mods, $col)
 {
     $data_key = 'data-key="' . esc_attr($key) . '"';
     $data_col = 'data-col="' . esc_attr($col) . '"';
     if (!array_key_exists($key, $mods)) {
         return "<span class=\"ITM-list-data\" {$data_key} {$data_col}><small class=\"no-value\">" . __('(no value)', 'inherit-theme-mods') . '</small></span>';
     }
     $value = esc_html(maybe_serialize($mods[$key]));
     $match_color = preg_match('/^#?([0-9,a-f,A-F]{3}|[0-9,a-f,A-F]{6})$/', $value);
     $match_inmageURL = preg_match('/\\.(jpg|jpeg|png|gif)$/i', $value);
     if (1 === $match_color) {
         # display color if color string
         $color_str = substr($value, 0, 1) === '#' ? $value : "#{$value}";
         $style_attr = ITM_Util::style_attr(array('background-color' => $color_str));
         # xss OK
         $value = esc_html($value);
         $value = "<div class=\"ITM-color-indication\" {$style_attr}></div><span class=\"ITM-list-data\" {$data_key} {$data_col}>{$value}</span>";
     } else {
         if (1 === $match_inmageURL) {
             # display image if image url
             $value = esc_url($value);
             $value = "<img src=\"{$value}\" class=\"ITM-image-indication\" alt=\"\" /><br /><span class=\"ITM-list-data\" {$data_key} {$data_col}>{$value}</span>";
             # xss OK
         } else {
             $value = "<span class=\"ITM-list-data ITM-serialized-text\" {$data_key} {$data_col}>" . esc_html($value) . '</span>';
         }
     }
     return $value;
 }
 function test_build_style_attr_xss()
 {
     $xss_vulnerable_match = preg_match('/<script>.*/', ITM_Util::style_attr(array('background-color' => '#12345', 'color' => 'red', 'padding' => 0, '" ><script>alert(1);</script>' => '', 'aaa' => '" ><script>alert(1);</script>')));
     $this->assertEquals(0, $xss_vulnerable_match);
 }