Opened 5 years ago
#43785 new defect (bug)
wptexturize fails to skip JavaScript if code contains <
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
As the documentation states: Text enclosed in the tags <pre>, <code>, <kbd>, <style>, <script>, and <tt> will be skipped
If the script tag contains < character inside, then the wptexturize functions fails and starts to encode the codes.
<?php echo wptexturize('<script type="text/javascript">window&&document</script>'); //Result: <script type="text/javascript">if(a>b)window&&document</script> // OK
wptexturize -> preg_split -> $textarr value:
Array ( [0] => <script type="text/javascript"> [1] => if(a>b)window&&document [2] => </script> )
<?php echo wptexturize('<script type="text/javascript">if(a>b)window&&document</script>'); //Result: <script type="text/javascript">window&&document</script> // OK
wptexturize -> preg_split -> $textarr value:
Array ( [0] => <script type="text/javascript"> [1] => window&&document [2] => </script> )
<?php echo wptexturize('<script type="text/javascript">if(a<b)window&&document</script>'); //Result: <script type="text/javascript">if(a<b)window&&document</script> // ERROR
wptexturize -> preg_split -> $textarr value:
Array ( [0] => <script type="text/javascript"> [1] => if(a [2] => <b)window&&document</script> )
&& characters encoded into && which breaks the JavaScript code.
This issue can happen if shortcode inserted into the editor and the editor value rendered with the wptexturize function and the shortcode contains JavaScript code.
More tests which works as expected:
<?php echo wptexturize('<script type="text/javascript">$("<div/>").length&&document</script>'); echo wptexturize('<script type="text/javascript">$("<div></div>").length&&document</script>');
Note: See
TracTickets for help on using
tickets.