Make WordPress Core


Ignore:
Timestamp:
09/29/2023 07:45:53 PM (9 months ago)
Author:
westonruter
Message:

Script Loader: Harden removal of script tag wrappers.

  • Add wp_remove_surrounding_empty_script_tags() to more precisely remove script tag wrappers and warn when doing it wrong.
  • Add clarifying comments for XML escaping logic in wp_get_inline_script_tag().
  • Leverage WP_HTML_Tag_Processor in test_remove_frameless_preview_messenger_channel.
  • Reuse assertEqualMarkup in test_blocking_dependent_with_delayed_dependency.
  • Normalize whitespace in parse_markup_fragment for assertEqualMarkup.

Follow-up to [56687].
Props dmsnell, westonruter, flixos90.
See #58664.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r56687 r56748  
    106106        <script>if("sessionStorage" in window){try{for(var key in sessionStorage){if(key.indexOf("wp-autosave-")!=-1){sessionStorage.removeItem(key)}}}catch(e){}};</script>
    107107        <?php
    108         wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
     108        wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
    109109    }
    110110
     
    420420        ob_start();
    421421        ?>
    422         <script>
     422        <script type="text/javascript">
    423423        try{document.getElementById('<?php echo $input_id; ?>').focus();}catch(e){}
    424424        if(typeof wpOnload==='function')wpOnload();
    425425        </script>
    426426        <?php
    427         wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
     427        wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
    428428    }
    429429
     
    13631363                    <script>setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); ?>', channel: 'login' }).send('login') }, 1000 );</script>
    13641364                    <?php
    1365                     wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
     1365                    wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
    13661366                }
    13671367
     
    16281628            </script>
    16291629            <?php
    1630             wp_print_inline_script_tag( str_replace( array( '<script>', '</script>' ), '', ob_get_clean() ) );
     1630            wp_print_inline_script_tag( wp_remove_surrounding_empty_script_tags( ob_get_clean() ) );
    16311631        }
    16321632
Note: See TracChangeset for help on using the changeset viewer.