[wp-trac] [WordPress Trac] #29722: wp_localize_script should be able to manage scalars
WordPress Trac
noreply at wordpress.org
Tue Nov 17 21:01:15 UTC 2020
#29722: wp_localize_script should be able to manage scalars
-------------------------------------------------+-------------------------
Reporter: Fab1en | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.7
Component: Script Loader | Version: 3.3
Severity: normal | Resolution:
Keywords: has-patch needs-docs php8 needs- | Focuses: javascript
dev-note has-unit-tests |
-------------------------------------------------+-------------------------
Changes (by helen):
* milestone: 5.6 => 5.7
Comment:
It's late to be committing something that's potentially an unexpected
change in that scalar values will now be included and decoded whereas
previously they were skipped. Consider this scenario from
@TimothyBlynJacobs and whether its outcome would change with this patch:
{{{
wp_localize_script( 'handle', 'LOCALIZED', [
'input' => [
'attr' => esc_html( get_unsafe_value() )
]
] );
?>
<script type="application/javascript">
var html = '<p attr="' + LOCALIZED.input.attr + '">'
</script>
}}}
Defensive programming to account for PHP 8 compat with plugins/themes/the
broader ecosystem is something we're targeting for a later release, so I'm
punting from 5.6 because this isn't an issue that core triggers in itself
but rather is a potential issue with custom code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29722#comment:33>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list