WordPress.org

Make WordPress Core

Opened 21 months ago

Closed 21 months ago

Last modified 21 months ago

#42730 closed defect (bug) (invalid)

Allow wp_enqueue_scripts() for URLs with parameters

Reported by: MattyRob Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Script Loader Keywords:
Focuses: javascript Cc:

Description (last modified by SergeyBiryukov)

I have noticed that when using wp_register_script() and wp_enqueue_script() functions that the URL of the scripts is escaped before output.

This causes issues if the URL contains parameters, for example https://api.ipify.org?format=jsonp&callback=getip. This gets turned into https://api.ipify.org?format=jsonp#038;callback=getip and results in failure of the script.

I think I've tracked this down to the do_item() function of the wp-includes/class.wp-scripts.php file. In here the script_loader_src is called on 2 occasions, once the returned value is left unescaped and once it is passed through esc_url(). It is the latter application of the filter that escapes the ampersand and breaks the URL to the javascript file.

Should the call to the esc_url() be removed to allow parameters in the URLs or is there another way to enqueue such scripts that I have not yet found (currently I'm just hooking to wp_head and echoing the script).

Change History (5)

#1 @johnbillion
21 months ago

  • Component changed from General to Script Loader
  • Keywords reporter-feedback added
  • Type changed from enhancement to defect (bug)
  • Version trunk deleted

The encoding of the ampersand looks valid to me. Using the following code, the script is enqueued and loaded by the browser correctly.

add_action( 'wp_enqueue_scripts', function() {
	wp_enqueue_script( 'core-42730', 'https://api.ipify.org?format=jsonp&callback=getip' );
} );

Results in a valid script tag:

<script type='text/javascript' src='https://api.ipify.org?format=jsonp&#038;callback=getip&#038;ver=4.9'></script>

@MattyRob What problem are you seeing exactly?

#2 follow-up: @MattyRob
21 months ago

  • Keywords reporter-feedback removed

@johnbillion

The library I'm adding makes it tricky to directly test so I'd tested in the WordPress admin:

Manually encoding the ampersand in t a link on the All Posts page like the following link:
http://localhost/dev/src/wp-admin/edit.php?category_name=uncategorized&#038;mode=list&paged=2

Reloads the page in Safari as follow and page 1 is loaded:
http://localhost/dev/src/wp-admin/edit.php?category_name=uncategorized#038;mode=list&paged=2

From there I'd presumed (incorrectly) that the ampersand encoding was breaking my javascript enqueuing also.

It seems my library is queuing correctly - it just looks weird in the source when you check back to make sure it's queued right.

#3 @MattyRob
21 months ago

  • Resolution set to invalid
  • Status changed from new to closed

#4 @dd32
21 months ago

  • Milestone Awaiting Review deleted

#5 in reply to: ↑ 2 @SergeyBiryukov
21 months ago

  • Description modified (diff)

Replying to MattyRob:

It seems my library is queuing correctly - it just looks weird in the source when you check back to make sure it's queued right.

Right, the encoded ampersand won't work in the address bar, but should work as expected in the page source.

Note: See TracTickets for help on using tickets.