[wp-trac] [WordPress Trac] #58664: Eliminate manual construction of script tags in WP_Scripts

WordPress Trac noreply at wordpress.org
Wed Jun 28 20:30:01 UTC 2023 

#58664: Eliminate manual construction of script tags in WP_Scripts
---------------------------+--------------------
 Reporter:  westonruter    |      Owner:  (none)
     Type:  defect (bug)   |     Status:  new
 Priority:  normal         |  Milestone:  6.4
Component:  Script Loader  |    Version:  trunk
 Severity:  normal         |   Keywords:
  Focuses:  javascript     |
---------------------------+--------------------
 Helper functions for constructing script tags
 (`wp_print_inline_script_tag()`, `wp_get_inline_script_tag()`, and
 `wp_get_script_tag()`) were [https://make.wordpress.org/core/2021/02/23
 /introducing-script-attributes-related-functions-in-wordpress-5-7/ added]
 in WP 5.7. However, they were not implemented in `WP_Scripts` for where
 core prints the majority of its scripts. Some of the instances were
 replaced in [56033] for #12009, specifically for inline before/after
 scripts.

 1. [https://github.com/WordPress/wordpress-
 develop/blob/260e97646db619c3c1bba0d400f1288b450ea701/src/wp-includes
 /class-wp-scripts.php#L413-L420 Main registered scripts]
 2. [https://github.com/WordPress/wordpress-
 develop/blob/260e97646db619c3c1bba0d400f1288b450ea701/src/wp-includes
 /class-wp-scripts.php#L248 Extra scripts] (i.e. from
 `wp_localize_script()`)
 3. [https://github.com/WordPress/wordpress-
 develop/blob/260e97646db619c3c1bba0d400f1288b450ea701/src/wp-includes
 /class-wp-scripts.php#L338 Translation scripts]

 Using the helper functions also makes the code much more readable as well
 as more robust by automatically escaping attribute values and allowing the
 `wp_script_attributes` and `wp_inline_script_attributes` filters to apply
 to the attributes being printed. It also ensures the non-HTML5 CDATA
 wrapper comments are added consistently. This would seem to be a logical
 follow-up to #39941 which introduced these functions but didn't make use
 of them in `WP_Scripts`. This will facilitate adding CSP attributes to
 scripts that core prints.

 Caveat: Some plugins are (ab)using the `clean_url` filter to inject
 `async`/`defer` attributes into `script` tags. Such plugins will break
 with the adoption of these helper functions. Any such plugins should be
 updated to use the new script loading strategies instead, or inject
 attributes with the `script_loader_tag` filter which is a much better fit
 for this purpose.

 A [https://github.com/10up/wordpress-develop/pull/58 stale pull request]
 is exists which drafted this change.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58664>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list