WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#42730 closed defect (bug) (invalid)

Allow wp_enqueue_scripts() for URLs with parameters

Reported by: MattyRob Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Script Loader Keywords:
Focuses: javascript Cc:
PR Number:

Description (last modified by SergeyBiryukov)

I have noticed that when using wp_register_script() and wp_enqueue_script() functions that the URL of the scripts is escaped before output.

This causes issues if the URL contains parameters, for example https://api.ipify.org?format=jsonp&callback=getip. This gets turned into https://api.ipify.org?format=jsonp#038;callback=getip and results in failure of the script.

I think I've tracked this down to the do_item() function of the wp-includes/class.wp-scripts.php file. In here the script_loader_src is called on 2 occasions, once the returned value is left unescaped and once it is passed through esc_url(). It is the latter application of the filter that escapes the ampersand and breaks the URL to the javascript file.

Should the call to the esc_url() be removed to allow parameters in the URLs or is there another way to enqueue such scripts that I have not yet found (currently I'm just hooking to wp_head and echoing the script).

Change History (5)

#1 @johnbillion
2 years ago

  • Component changed from General to Script Loader
  • Keywords reporter-feedback added
  • Type changed from enhancement to defect (bug)
  • Version trunk deleted

The encoding of the ampersand looks valid to me. Using the following code, the script is enqueued and loaded by the browser correctly.

add_action( 'wp_enqueue_scripts', function() {
	wp_enqueue_script( 'core-42730', 'https://api.ipify.org?format=jsonp&callback=getip' );
} );

Results in a valid script tag:

<script type='text/javascript' src='https://api.ipify.org?format=jsonp&#038;callback=getip&#038;ver=4.9'></script>

@MattyRob What problem are you seeing exactly?

#2 follow-up: @MattyRob
2 years ago

  • Keywords reporter-feedback removed

@johnbillion

The library I'm adding makes it tricky to directly test so I'd tested in the WordPress admin:

Manually encoding the ampersand in t a link on the All Posts page like the following link:
http://localhost/dev/src/wp-admin/edit.php?category_name=uncategorized&#038;mode=list&paged=2

Reloads the page in Safari as follow and page 1 is loaded:
http://localhost/dev/src/wp-admin/edit.php?category_name=uncategorized#038;mode=list&paged=2

From there I'd presumed (incorrectly) that the ampersand encoding was breaking my javascript enqueuing also.

It seems my library is queuing correctly - it just looks weird in the source when you check back to make sure it's queued right.

#3 @MattyRob
2 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#4 @dd32
2 years ago

  • Milestone Awaiting Review deleted

#5 in reply to: ↑ 2 @SergeyBiryukov
2 years ago

  • Description modified (diff)

Replying to MattyRob:

It seems my library is queuing correctly - it just looks weird in the source when you check back to make sure it's queued right.

Right, the encoded ampersand won't work in the address bar, but should work as expected in the page source.

Note: See TracTickets for help on using tickets.