[wp-trac] [WordPress Trac] #43785: wptexturize fails to skip JavaScript if code contains <

WordPress Trac noreply at wordpress.org
Tue Apr 17 07:51:58 UTC 2018


#43785: wptexturize fails to skip JavaScript if code contains <
--------------------------+-----------------------------
 Reporter:  nextendweb    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Formatting    |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 As the [https://codex.wordpress.org/Function_Reference/wptexturize
 documentation] states: Text enclosed in the tags <pre>, <code>, <kbd>,
 <style>, <script>, and <tt> will be skipped

 If the script tag contains < character inside, then the wptexturize
 functions fails and starts to encode the codes.

 {{{#!php
 <?php
 echo wptexturize('<script
 type="text/javascript">window&&document</script>');
 //Result: <script type="text/javascript">if(a>b)window&&document</script>
 // OK
 }}}

 wptexturize -> preg_split -> $textarr value:
 {{{
 Array
 (
     [0] => <script type="text/javascript">
     [1] => if(a>b)window&&document
     [2] => </script>
 )
 }}}


 ----


 {{{#!php
 <?php
 echo wptexturize('<script
 type="text/javascript">if(a>b)window&&document</script>');
 //Result: <script type="text/javascript">window&&document</script>
 // OK
 }}}

 wptexturize -> preg_split -> $textarr value:
 {{{
 Array
 (
     [0] => <script type="text/javascript">
     [1] => window&&document
     [2] => </script>
 )
 }}}


 ----

 {{{#!php
 <?php
 echo wptexturize('<script
 type="text/javascript">if(a<b)window&&document</script>');
 //Result: <script
 type="text/javascript">if(a<b)window&&document</script>
 // ERROR
 }}}

 wptexturize -> preg_split -> $textarr value:
 {{{
 Array
 (
     [0] => <script type="text/javascript">
     [1] => if(a
     [2] => <b)window&&document</script>
 )
 }}}

 && characters encoded into && which breaks the JavaScript code.


 This issue can happen if shortcode inserted into the editor and the editor
 value rendered with the wptexturize function and the shortcode contains
 JavaScript code.


 ----

 More tests which works as expected:
 {{{#!php
 <?php
 echo wptexturize('<script
 type="text/javascript">$("<div/>").length&&document</script>');
 echo wptexturize('<script
 type="text/javascript">$("<div></div>").length&&document</script>');
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43785>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list