Commit c55a0f2

committed

HTML API: Escape script tag contents automatically.

When setting JavaScript or JSON script tag content, automatically escape sequences like `<script>` and `</script>`. This renders the content safe for HTML. The semantics of any JSON and virtually any JavaScript are preserved. Script type detection follows the HTML standard for identifying JavaScript and JSON script tags. Other script types continue to reject potentially dangerous content. Developed in #10635. Props jonsurrell, dmsnell, westonruter. Fixes #64419. See #63851, #51159. git-svn-id: https://develop.svn.wordpress.org/trunk@61477 602fd350-edb4-49c9-b593-d223f7449a82

1 parent 1ba12d4 commit c55a0f2Copy full SHA for c55a0f2

5 files changed

+771

-33

lines changed

src/wp-includes/html-api
- class-wp-html-tag-processor.php
tests/phpunit
- data/html-api
  - script-element-escaping-diagram.dot
  - script-element-escaping-diagram.php
- tests/html-api
  - wpHtmlTagProcessorModifiableText.php
  - wpHtmlTagProcessorScriptTag.php

5 files changed

+771

-33

lines changed

Comments

(0)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit c55a0f2

5 files changed

5 files changed

File tree

5 files changed

5 files changed

0 commit comments