[wp-trac] [WordPress Trac] #64500: Scripts: Use HTML API to generate script tags with improved safety
WordPress Trac
noreply at wordpress.org
Thu Jan 15 11:12:05 UTC 2026
#64500: Scripts: Use HTML API to generate script tags with improved safety
--------------------------------------+-------------------------
Reporter: jonsurrell | Owner: jonsurrell
Type: enhancement | Status: closed
Priority: normal | Milestone: 7.0
Component: Script Loader | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses: javascript
--------------------------------------+-------------------------
Changes (by jonsurrell):
* owner: (none) => jonsurrell
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"61485" 61485]:
{{{
#!CommitTicketReference repository="" revision="61485"
Script Loader: Use HTML API to generate SCRIPT tags.
Script tags have complicated and unintuitive parsing rules that make them
difficult to author correctly. The HTML API automatically escapes script
tag contents as necessary and will set attributes correctly. Using the
HTML API to generate SCRIPT tags improves safety when working with SCRIPT
tags, resolving a class of issues that have manifested repeatedly.
Changeset [61418] applied the HTML API to generate style tags in a similar
way.
Developed in https://github.com/WordPress/wordpress-develop/pull/10639.
Props jonsurrell, dmsnell, westonruter.
Fixes #64500. See #64419, #40737, #62797, #63851, #51159.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64500#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list