Make WordPress Core


Ignore:
Timestamp:
09/25/2023 09:03:19 PM (14 months ago)
Author:
westonruter
Message:

Script Loader: Use wp_get_script_tag() and wp_get_inline_script_tag()/wp_print_inline_script_tag() helper functions to output scripts on the frontend and login screen.

Using script tag helper functions allows plugins to employ the wp_script_attributes and wp_inline_script_attributes filters to inject the nonce attribute to apply Content Security Policy (e.g. Strict CSP). Use of helper functions also simplifies logic in WP_Scripts.

  • Update wp_get_inline_script_tag() to wrap inline script in CDATA blocks for XHTML-compatibility when not using HTML5.
  • Ensure the type attribute is printed first in wp_get_inline_script_tag() for back-compat.
  • Wrap existing <script> tags in output buffering to retain IDE supports.
  • In wp_get_inline_script_tag(), append the newline to $javascript before it is passed into the wp_inline_script_attributes filter so that the CSP hash can be computed properly.
  • In the_block_template_skip_link(), opt to enqueue the inline script rather than print it.
  • Add ext-php to composer.json under suggest as previously it was an undeclared dependency for running PHPUnit tests.
  • Update tests to rely on DOMDocument to compare script markup, normalizing unsemantic differences.

Props westonruter, spacedmonkey, flixos90, 10upsimon, dmsnell, mukesh27, joemcgill, swissspidy, azaozz.
Fixes #58664.
See #39941.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r56654 r56687  
    102102     */
    103103    if ( 'loggedout' === $wp_error->get_error_code() ) {
     104        ob_start();
    104105        ?>
    105106        <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
    106107        <?php
     108        wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
    107109    }
    108110
     
    194196    </head>
    195197    <body class="login no-js <?php echo esc_attr( implode( ' ', $classes ) ); ?>">
    196     <script type="text/javascript">
    197         document.body.className = document.body.className.replace('no-js','js');
    198     </script>
     198    <?php
     199    wp_print_inline_script_tag( "document.body.className = document.body.className.replace('no-js','js');" );
     200    ?>
     201
    199202    <?php
    200203    /**
     
    415418
    416419    if ( ! empty( $input_id ) ) {
     420        ob_start();
    417421        ?>
    418         <script type="text/javascript">
     422        <script>
    419423        try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
    420424        if(typeof wpOnload==='function')wpOnload();
    421425        </script>
    422426        <?php
     427        wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
    423428    }
    424429
     
    442447 */
    443448function wp_shake_js() {
    444     ?>
    445     <script type="text/javascript">
    446     document.querySelector('form').classList.add('shake');
    447     </script>
    448     <?php
     449    wp_print_inline_script_tag( "document.querySelector('form').classList.add('shake');" );
    449450}
    450451
     
    13581359
    13591360                if ( $customize_login ) {
     1361                    ob_start();
    13601362                    ?>
    1361                     <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
     1363                    <script>setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
    13621364                    <?php
     1365                    wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
    13631366                }
    13641367
     
    16061609        $login_script .= "if ( typeof wpOnload === 'function' ) { wpOnload() }";
    16071610
    1608         ?>
    1609         <script type="text/javascript">
    1610             <?php echo $login_script; ?>
    1611         </script>
    1612         <?php
     1611        wp_print_inline_script_tag( $login_script );
    16131612
    16141613        if ( $interim_login ) {
     1614            ob_start();
    16151615            ?>
    1616             <script type="text/javascript">
     1616            <script>
    16171617            ( function() {
    16181618                try {
     
    16281628            </script>
    16291629            <?php
     1630            wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
    16301631        }
    16311632
Note: See TracChangeset for help on using the changeset viewer.