[wp-trac] [WordPress Trac] #62797: wp_add_inline_script does not properly escape '<!-- <script>' in contents
WordPress Trac
noreply at wordpress.org
Fri Jan 10 04:32:31 UTC 2025
#62797: wp_add_inline_script does not properly escape '<!-- <script>' in contents
--------------------------+------------------------------
Reporter: artpi | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: 6.7.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by abcd95):
Hey @artpi, Thanks for bringing this up.
I was able to reproduce the issue -
[https://bvvrdzu01i.ufs.sh/f/vtiKpIr2gd0cDloxGTVR8OIxoWJQMa70L9nCfFycm15gXv6H
Screencast]
The problem occurs because `wp_add_inline_script()` injects the block
content inside a <script> tag for preloading. When there's an unclosed
HTML comment containing <script> in the content, it breaks out of the
string context since browsers parse this as the start of a new script tag,
causing the editor to crash.
I will work on this to find a fix.
Additional Note: This happens with all variants of the script like `<!--
<SCRIPT>`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62797#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list