[wp-trac] [WordPress Trac] #62797: wp_add_inline_script does not properly escape '<!-- <script>' in contents
WordPress Trac
noreply at wordpress.org
Fri Jan 10 21:16:32 UTC 2025
#62797: wp_add_inline_script does not properly escape '<!-- <script>' in contents
-------------------------------------+------------------------------
Reporter: artpi | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: 5.0
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses: administration
-------------------------------------+------------------------------
Comment (by jonsurrell):
A fix for all cases from the `wp_add_inline_script` side will be
difficult. It may be something the HTML API could handle.
The problem in this case is with the JSON encoding. Use of the correct
flags should fix the problem, namely `JSON_HEX_TAG`.
[https://github.com/WordPress/wordpress-
develop/blob/1dd2f28680c98373468adb53aff18df00586c559/src/wp-includes
/class-wp-script-modules.php#L446-L481 A good example to follow is this
code used by script modules.]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62797#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list