[wp-trac] [WordPress Trac] #40899: '&' Is always escaped in the JavaScript template.

Tue Sep 8 06:50:52 UTC 2020

#40899: '&' Is always escaped in the JavaScript template.
--------------------------+------------------------------
 Reporter:  tmatsuur      |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  4.7.5
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by tmatsuur):

 Thanks @noisysocks .

 This is something I wondered when using the JavaScript template in my own
 plugin.

 1.Place the attachment in the plugin directory with an appropriate name.

 2.Log in to the admin page and activate the plugin.

 3.Open the site top page and look under the search widget.

 The version of WordPress is 5.5.1 and the theme is Twenty Twenty.

 The output source code was as follows.
 {{{
         <script type="text/template" id="tmpl-fields">
 <div id="after_widget_search">
 <p>&</p>
 <p>Unscaped: {{{data.value}}}</p>
 <p>Escaped: {{data.value}}</p>
 </div>
 </script>
 <script type="text/javascript">
 ( function($) {
         $(document).ready( function () {
                 var template = wp.template( 'fields' );
                 $( '.widget_search' ).after( template( { value:
 "W<i>o</i>&r'l\"d" } ) );
         } );
 } )( jQuery );
 </script>
 }}}

 When I checked the HTML of the relevant part with the developer tool of
 Chrome, it was as follows.

 {{{
 <div id="after_widget_search">
 <p>&</p>
 <p>Unscaped: W<i>o</i>&r'l"d</p>
 <p>Escaped: W<i>o</i>&r'l"d</p>
 </div>
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/40899#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform