Script Loader: Use wp_get_script_tag() and wp_get_inline_script_tag()/wp_print_inline_script_tag() helper functions to output scripts on the frontend and login screen.
Using script tag helper functions allows plugins to employ the wp_script_attributes and wp_inline_script_attributes filters to inject the nonce attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in WP_Scripts.
- Update
wp_get_inline_script_tag() to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
- Ensure the
type attribute is printed first in wp_get_inline_script_tag() for back-compat.
- Wrap existing
<script> tags in output buffering to retain IDE supports.
- In
wp_get_inline_script_tag(), append the newline to $javascript before it is passed into the wp_inline_script_attributes filter so that the CSP hash can be computed properly.
- In
the_block_template_skip_link(), opt to enqueue the inline script rather than print it.
- Add
ext-php to composer.json under suggest as previously it was an undeclared dependency for running PHPUnit tests.
- Update tests to rely on
DOMDocument to compare script markup, normalizing unsemantic differences.
Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.