[wp-trac] [WordPress Trac] #43785: wptexturize fails to skip JavaScript if code contains <
WordPress Trac
noreply at wordpress.org
Tue Apr 17 07:51:58 UTC 2018
#43785: wptexturize fails to skip JavaScript if code contains <
--------------------------+-----------------------------
Reporter: nextendweb | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
As the [https://codex.wordpress.org/Function_Reference/wptexturize
documentation] states: Text enclosed in the tags <pre>, <code>, <kbd>,
<style>, <script>, and <tt> will be skipped
If the script tag contains < character inside, then the wptexturize
functions fails and starts to encode the codes.
{{{#!php
<?php
echo wptexturize('<script
type="text/javascript">window&&document</script>');
//Result: <script type="text/javascript">if(a>b)window&&document</script>
// OK
}}}
wptexturize -> preg_split -> $textarr value:
{{{
Array
(
[0] => <script type="text/javascript">
[1] => if(a>b)window&&document
[2] => </script>
)
}}}
----
{{{#!php
<?php
echo wptexturize('<script
type="text/javascript">if(a>b)window&&document</script>');
//Result: <script type="text/javascript">window&&document</script>
// OK
}}}
wptexturize -> preg_split -> $textarr value:
{{{
Array
(
[0] => <script type="text/javascript">
[1] => window&&document
[2] => </script>
)
}}}
----
{{{#!php
<?php
echo wptexturize('<script
type="text/javascript">if(a<b)window&&document</script>');
//Result: <script
type="text/javascript">if(a<b)window&&document</script>
// ERROR
}}}
wptexturize -> preg_split -> $textarr value:
{{{
Array
(
[0] => <script type="text/javascript">
[1] => if(a
[2] => <b)window&&document</script>
)
}}}
&& characters encoded into && which breaks the JavaScript code.
This issue can happen if shortcode inserted into the editor and the editor
value rendered with the wptexturize function and the shortcode contains
JavaScript code.
----
More tests which works as expected:
{{{#!php
<?php
echo wptexturize('<script
type="text/javascript">$("<div/>").length&&document</script>');
echo wptexturize('<script
type="text/javascript">$("<div></div>").length&&document</script>');
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43785>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list