[wp-trac] [WordPress Trac] #63851: Audit wp_json_encode usage with script tags
WordPress Trac
noreply at wordpress.org
Wed Aug 20 18:35:46 UTC 2025
#63851: Audit wp_json_encode usage with script tags
----------------------------+-------------------------
Reporter: jonsurrell | Owner: (none)
Type: task (blessed) | Status: new
Priority: normal | Milestone: 6.9
Component: General | Version:
Severity: normal | Resolution:
Keywords: good-first-bug | Focuses: javascript
----------------------------+-------------------------
Comment (by jonsurrell):
Replying to [comment:5 siliconforks]:
> Would it be better for `wp_json_encode()` to do this automatically?
Good question! How JSON (or anything) should be encoded for an HTML page
depends on the context. This focuses on JSON in script tags. Elsewhere,
JSON should be encoded in other ways with different flags. For example,
JSON inside of a `<pre>` tag would use a completely encoding strategy.
I wouldn't change the default behavior of `wp_json_encode()` (largely
analogous to PHP's `json_encode()`).
#51159 suggests adding different flavors of `wp_json_encode()` for
different contexts. It's a good idea in theory, but it's difficult to know
what contexts should be supported. Even then, some sites may want to use
`JSON_UNESCAPED_UNICODE`, but that isn't appropriate for all sites.
I'd like to focus on addressing these potential problems in Core on this
ticket and leave the addition and implementation of new or different
functionality aside.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63851#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list