[wp-trac] [WordPress Trac] #30036: Add some escaping to $handle when printing styles.
WordPress Trac
noreply at wordpress.org
Wed Aug 13 13:55:45 UTC 2025
#30036: Add some escaping to $handle when printing styles.
-----------------------------+---------------------
Reporter: georgestephanis | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.9
Component: Script Loader | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-----------------------------+---------------------
Comment (by jonsurrell):
Leveraging the HTML API (and possibly an HTML templating solution like
#60229) would be a nice change for situations like these. Escaping is
handled contextually and correctly by the HTML API and no escaping should
happen elsewhere:
{{{#!php
<?php
$processor = new WP_HTML_Tag_Processor( '<style></style>' );
$processor->next_token();
$processor->set_attribute( 'id', 'foo' );
$processor->set_modifiable_text( '.class { color: red }' );
$inline_style_tag = $processor->get_updated_html();
echo $inline_style_tag;
// <style id="foo">.class { color: red }</style>
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30036#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list