Commit 4ba2fb4

committed

HTML API: Escape script tag contents automatically.

When setting JavaScript or JSON script tag content, automatically escape sequences like `<script>` and `</script>`. This renders the content safe for HTML. The semantics of any JSON and virtually any JavaScript are preserved. Script type detection follows the HTML standard for identifying JavaScript and JSON script tags. Other script types continue to reject potentially dangerous content. Developed in WordPress/wordpress-develop#10635. Props jonsurrell, dmsnell, westonruter. Fixes #64419. See #63851, #51159. Built from https://develop.svn.wordpress.org/trunk@61477 git-svn-id: https://core.svn.wordpress.org/trunk@60789 1a063a9b-81f0-0310-95a4-ce76da25c4cd

1 parent b9ebc67 commit 4ba2fb4Copy full SHA for 4ba2fb4

3 files changed

+395

-46

lines changed

wp-includes
- html-api
  - class-wp-html-tag-processor.php
- js/dist/script-modules
  - index.php
- version.php

3 files changed

+395

-46

lines changed

Comments

(0)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit 4ba2fb4

3 files changed

3 files changed

File tree

3 files changed

3 files changed

0 commit comments