Make WordPress Core

Changeset 56218


Ignore:
Timestamp:
07/12/2023 05:19:39 AM (16 months ago)
Author:
peterwilsoncc
Message:

General: Escape nonce used for block theme activation.

Add wp_json_encode() as an escaping function when setting the WP_BLOCK_THEME_ACTIVATE_NONCE global on the block theme preview screen.

This account for custom nonce implementations making use of special characters that require escaping in JavaScript strings.

Props antonvlasenko, ramonopoly.
Fixes #58712.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/theme-previews.php

    r56201 r56218  
    7171    ?>
    7272    <script type="text/javascript">
    73         window.WP_BLOCK_THEME_ACTIVATE_NONCE = '<?php echo wp_create_nonce( $nonce_handle ); ?>';
     73        window.WP_BLOCK_THEME_ACTIVATE_NONCE = <?php echo wp_json_encode( wp_create_nonce( $nonce_handle ) ); ?>;
    7474    </script>
    7575    <?php
Note: See TracChangeset for help on using the changeset viewer.