[wp-trac] [WordPress Trac] #45387: Valid HTML get mangled on the frontend

WordPress Trac noreply at wordpress.org
Mon Jun 7 16:30:25 UTC 2021


#45387: Valid HTML get mangled on the frontend
--------------------------+------------------------------
 Reporter:  youknowriad   |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Editor        |     Version:
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by mcsf):

 This issue has come up again in a different form in the following
 Gutenberg bug report:

 https://github.com/WordPress/gutenberg/issues/11789#issuecomment-847242464

 (In a gist, `<script>alert('rock & roll')</script>` works as expected, but
 `<script>if (3 < 4) alert('rock & roll')</script>` yields an alert message
 with an escaped `&`.)

 In this case, we can't really work around the issue by escaping content
 (as described in [https://core.trac.wordpress.org/ticket/45387#comment:6
 #6]), nor by escaping HTML attributes (as described in
 [https://core.trac.wordpress.org/ticket/45387#comment:1 #1]): we are
 dealing with a `<script>` tag and so special characters like `<` and `&`
 should somehow be preserved.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45387#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list