WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
09/25/2023 09:03:19 PM (18 months ago)
Author:
westonruter
Message:

Script Loader: Use wp_get_script_tag() and wp_get_inline_script_tag()/wp_print_inline_script_tag() helper functions to output scripts on the frontend and login screen.

Using script tag helper functions allows plugins to employ the wp_script_attributes and wp_inline_script_attributes filters to inject the nonce attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in WP_Scripts.

  • Update wp_get_inline_script_tag() to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
  • Ensure the type attribute is printed first in wp_get_inline_script_tag() for back-compat.
  • Wrap existing <script> tags in output buffering to retain IDE supports.
  • In wp_get_inline_script_tag(), append the newline to $javascript before it is passed into the wp_inline_script_attributes filter so that the CSP hash can be computed properly.
  • In the_block_template_skip_link(), opt to enqueue the inline script rather than print it.
  • Add ext-php to composer.json under suggest as previously it was an undeclared dependency for running PHPUnit tests.
  • Update tests to rely on DOMDocument to compare script markup, normalizing unsemantic differences.

Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/widgets/class-wp-widget-archives.php

    r54062 r56687  
    101101                    break;
    102102            }
    103 
    104             $type_attr = current_theme_supports( 'html5', 'script' ) ? '' : ' type="text/javascript"';
    105103            ?>
    106104
     
    110108        </select>
    111109
    112 <script<?php echo $type_attr; ?>>
    113 /* <![CDATA[ */
     110            <?php ob_start(); ?>
     111<script>
    114112(function() {
    115113    var dropdown = document.getElementById( "<?php echo esc_js( $dropdown_id ); ?>" );
     
    121119    dropdown.onchange = onSelectChange;
    122120})();
    123 /* ]]> */
    124121</script>
    125122            <?php
     123            wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
    126124        } else {
    127125            $format = current_theme_supports( 'html5', 'navigation-widgets' ) ? 'html5' : 'xhtml';
Note: See TracChangeset for help on using the changeset viewer.