[wp-trac] [WordPress Trac] #51159: Let's expand our context specific escaping methods for wp_json_encode().
WordPress Trac
noreply at wordpress.org
Thu May 9 19:29:16 UTC 2024
#51159: Let's expand our context specific escaping methods for wp_json_encode().
-------------------------+-------------------------------------------------
Reporter: whyisjake | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses: javascript, template, coding-
| standards
-------------------------+-------------------------------------------------
Comment (by dmsnell):
There's a lot in this ticket, so thank you @whyisjake for posting it. It
took me a few reads before I realized it's four years old!
Unfortunately I believe that the situation is even-more complicated than
this.
All of this dovetails nicely with the goals of the HTML API, which is to
provide a reliable, safe, and convenient interface for working with HTML,
and SCRIPT and JSON encoding is an important part of that, particularly
because of how context-sensitive this is.
Maybe we need a separate method in the HTML specifically for JSON-
serializing content //into// HTML.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51159#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list