[wp-trac] [WordPress Trac] #59446: Use script helper functions in admin to enable Content-Security-Policy opt-in
WordPress Trac
noreply at wordpress.org
Fri Nov 3 17:27:17 UTC 2023
#59446: Use script helper functions in admin to enable Content-Security-Policy opt-
in
----------------------------+-----------------------------
Reporter: westonruter | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Administration | Version: 5.7
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: javascript
----------------------------+-----------------------------
Comment (by westonruter):
Replying to [comment:4 bedas]:
> Replying to [comment:3 westonruter]:
> I guess then there is some issue with `wp_inline_script_attributes`,
because if it is intended for front end, then it shouldn't run in the
backend - but does, and misses the array key `type` in that case. [...]
the very least we would need to specify on the doc page that this needs to
be hooked explicitly to front end, or that an isset() should be run (which
IMO is quite uncommon for filters/hooks, usually they run only where the
data is available)
This filter is not specific for the frontend. It is intended to be used in
any context, whether frontend or admin. The `type` array key is only
supplied automatically if the page is not HTML5. So yes, an `isset()`
check should always be done for `$attributes['type']`. If it is not set,
then it is assumed to be `text/javascript`, per the HTML spec.
> I also notice that the documentation for the related
`wp_get_inline_script_tag` is wrongly saying to use `wp_script_attributes`
to filter the tags.
Good catch. The phpdoc for `wp_get_inline_script_tag()` needs to be
updated.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59446#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list