[wp-trac] [WordPress Trac] #64419: HTML API: Escape JavaScript, JSON script tag contents automatically
WordPress Trac
noreply at wordpress.org
Tue Jan 13 13:11:39 UTC 2026
#64419: HTML API: Escape JavaScript, JSON script tag contents automatically
--------------------------------------+------------------------------
Reporter: jonsurrell | Owner: jonsurrell
Type: enhancement | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: HTML API | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses: javascript
--------------------------------------+------------------------------
Changes (by jonsurrell):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"61477" 61477]:
{{{
#!CommitTicketReference repository="" revision="61477"
HTML API: Escape script tag contents automatically.
When setting JavaScript or JSON script tag content, automatically escape
sequences like `<script>` and `</script>`. This renders the content safe
for HTML. The semantics of any JSON and virtually any JavaScript are
preserved.
Script type detection follows the HTML standard for identifying JavaScript
and JSON script tags. Other script types continue to reject potentially
dangerous content.
Developed in https://github.com/WordPress/wordpress-develop/pull/10635.
Props jonsurrell, dmsnell, westonruter.
Fixes #64419. See #63851, #51159.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64419#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list