[wp-trac] [WordPress Trac] #62797: wp_add_inline_script does not properly escape '<!-- <script>' in contents
WordPress Trac
noreply at wordpress.org
Tue Aug 19 18:50:21 UTC 2025
#62797: wp_add_inline_script does not properly escape '<!-- <script>' in contents
-------------------------------------------------+-------------------------
Reporter: artpi | Owner: jonsurrell
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.9
Component: Editor | Version: 5.0
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests dev- | Focuses:
feedback | administration
-------------------------------------------------+-------------------------
Changes (by jonsurrell):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"60648" 60648]:
{{{
#!CommitTicketReference repository="" revision="60648"
Editor: Ensure preloading middleware JSON is correctly encoded.
Adds the appropriate JSON flags to `wp_json_encode()` to safely encode
data for use in script tags.
Developed in https://github.com/WordPress/wordpress-develop/pull/8145.
Props jonsurrell, bernhard-reiter, dmsnell, artpi, ankitkumarshah, abcd95,
dilipbheda, sainathpoojary, shanemuir.
Fixes #62797.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62797#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list