Context Navigation

← Previous Change
Next Change →

media.php

Timestamp:

11/11/2022 02:26:02 AM (2 years ago)

Author:

desrosj

Message:

Media: Prevent decoding attribute corrupting JSON data.

Workaround wp_img_tag_add_decoding_attr() potentially breaking JavaScript and JSON data by limiting the addition of the decoding attribute to image tags using unescaped double quoted attributes src attributes.

Props rodricus, TimothyBlynJacobs, joelmadigan, mw108, adamsilverstein, flixos90, desrosj, mukesh27, peterwilsoncc.
Merges [54802] to the 6.1 branch.
Fixes #56969.

Location:

branches/6.1

Files:

: 2 edited

. (modified) (1 prop)
src/wp-includes/media.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

branches/6.1
- Property svn:mergeinfo changed
  /trunk merged: 54802

branches/6.1/src/wp-includes/media.php

-                      r54505
+                      r54807
  */
 function wp_img_tag_add_decoding_attr( $image, $context ) {
+    // Only apply the decoding attribute to images that have a src attribute that
+    // starts with a double quote, ensuring escaped JSON is also excluded.
+    if ( false === strpos( $image, ' src="' ) ) {
+        return $image;
+    }
     /**
      * Filters the `decoding` attribute value to add to an image. Default `async`.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 54807 for branches/6.1/src/wp-includes/media.php

Legend:

branches/6.1

branches/6.1/src/wp-includes/media.php

Download in other formats: