[wp-trac] [WordPress Trac] #63851: Audit wp_json_encode usage with script tags
WordPress Trac
noreply at wordpress.org
Tue Jan 13 13:11:40 UTC 2026
#63851: Audit wp_json_encode usage with script tags
--------------------------------------+-------------------------
Reporter: jonsurrell | Owner: jonsurrell
Type: task (blessed) | Status: closed
Priority: normal | Milestone: 6.9
Component: General | Version:
Severity: normal | Resolution: fixed
Keywords: good-first-bug has-patch | Focuses: javascript
--------------------------------------+-------------------------
Comment (by jonsurrell):
In [changeset:"61477" 61477]:
{{{
#!CommitTicketReference repository="" revision="61477"
HTML API: Escape script tag contents automatically.
When setting JavaScript or JSON script tag content, automatically escape
sequences like `<script>` and `</script>`. This renders the content safe
for HTML. The semantics of any JSON and virtually any JavaScript are
preserved.
Script type detection follows the HTML standard for identifying JavaScript
and JSON script tags. Other script types continue to reject potentially
dangerous content.
Developed in https://github.com/WordPress/wordpress-develop/pull/10635.
Props jonsurrell, dmsnell, westonruter.
Fixes #64419. See #63851, #51159.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63851#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list