Script Loader: Use wp_get_script_tag()
and wp_get_inline_script_tag()
/wp_print_inline_script_tag()
helper functions to output scripts on the frontend and login screen.
Using script tag helper functions allows plugins to employ the wp_script_attributes
and wp_inline_script_attributes
filters to inject the nonce
attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in WP_Scripts
.
- Update
wp_get_inline_script_tag()
to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
- Ensure the
type
attribute is printed first in wp_get_inline_script_tag()
for back-compat.
- Wrap existing
<script>
tags in output buffering to retain IDE supports.
- In
wp_get_inline_script_tag()
, append the newline to $javascript
before it is passed into the wp_inline_script_attributes
filter so that the CSP hash can be computed properly.
- In
the_block_template_skip_link()
, opt to enqueue the inline script rather than print it.
- Add
ext-php
to composer.json
under suggest
as previously it was an undeclared dependency for running PHPUnit tests.
- Update tests to rely on
DOMDocument
to compare script markup, normalizing unsemantic differences.
Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.