[wp-trac] [WordPress Trac] #49480: Custom HTML with <script> incorrectly encodes '&' character

WordPress Trac noreply at wordpress.org
Thu Feb 20 04:47:34 UTC 2020 

#49480: Custom HTML with <script> incorrectly encodes '&' character
--------------------------+-----------------------------
 Reporter:  talldanwp     |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Embeds        |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 This was originally reported in the Gutenberg github repo
 (https://github.com/WordPress/gutenberg/issues/13186), but during a triage
 session in slack was identified as a core bug
 (https://wordpress.slack.com/archives/C02QB2JS7/p1579758213000600). #34698
 is possibly related.

 ----

 **Describe the bug**
 If the javascript code in a <script> block contains an `&` operator, it
 will be converted to `&#038`, which browser flags as a syntax error. The
 script will not work.

 I am using WP 5.0.2, Gutenberg updated Jan 3, 2019 (don't know where to
 find the version), hosted on easyWP.

 Example:

 {{{

 <script>
   const hex = [];
   for (let i = 0; i < 256; i++) {
     hex[i] = (i < 16 ? '0' : '') + (i).toString(16);
   }
   function generateUUID() {
     const r = crypto.getRandomValues(new Uint8Array(16));
     r[6] = r[6] & 0x0f | 0x40;
     r[8] = r[8] & 0x3f | 0x80;
     const h = Array.from(r).map(i => hex[i]);
     return
 `${h[0]}${h[1]}${h[2]}${h[3]}-${h[4]}${h[5]}-${h[6]}${h[7]}-${h[8]}${h[9]}-${h[10]}${h[11]}${h[12]}${h[13]}${h[14]}${h[15]}`;
   }
 </script>
 }}}



 **To Reproduce**
 Steps to reproduce the behavior:
 1. Go to a Page
 2. Click on 'add Custom HTML'
 3. Paste the above HTML <script> snippet into the block.
 4. Preview the change
 5. Open the JavaScript console. You will see a syntax error: "Invalid
 Character: '#'":

 {{{
     r[6] = r[6] & 0x0f | 0x40;
     r[8] = r[8] & 0x3f | 0x80;
 }}}

 **Expected behavior**
 I expect no syntax errors. The script should be rendered without any
 encoding of characters.

 **Screenshots**
 If applicable, add screenshots to help explain your problem.

 **Desktop (please complete the following information):**
  - OS: Mac OS X 10.14
  - Browser chrome and safari
  - Version chrome 71.0.3578.98

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49480>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list