[wp-trac] [WordPress Trac] #64500: Scripts: Use HTML API to generate script tags with improved safety
WordPress Trac
noreply at wordpress.org
Tue Jan 13 13:27:06 UTC 2026
#64500: Scripts: Use HTML API to generate script tags with improved safety
---------------------------+--------------------
Reporter: jonsurrell | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 7.0
Component: Script Loader | Version:
Severity: normal | Keywords:
Focuses: javascript |
---------------------------+--------------------
The HTML API can produce SCRIPT tags that are safe, or reject the script
tags if no safe tag can be produced.
`SCRIPT` tags have complicated and unintuitive parsing rules that make
them difficult to author correctly. Currently, authors need to provide
safe JavaScript and/or correctly escaped JSON in order to produce safe
HTML `SCRIPT` tags.
[61447] added the ability to automatically escape JSON and JavaScript
content when problematic strings are discovered, making the HTML API
especially well-suited to producing script tags.
This is similar to change [61418] where the HTML API is used to generate
style tags.
This is well documented by issues like #40737, #62797, #63851, and
#51159.
This is a follow up to #64419.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64500>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list