Opened 5 years ago
Closed 9 months ago
#49480 closed defect (bug) (duplicate)
Custom HTML with <script> incorrectly encodes '&' character
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description
This was originally reported in the Gutenberg github repo (https://github.com/WordPress/gutenberg/issues/13186), but during a triage session in slack was identified as a core bug (https://wordpress.slack.com/archives/C02QB2JS7/p1579758213000600). #34698 is possibly related.
Describe the bug
If the javascript code in a <script> block contains an &
operator, it will be converted to &
, which browser flags as a syntax error. The script will not work.
I am using WP 5.0.2, Gutenberg updated Jan 3, 2019 (don't know where to find the version), hosted on easyWP.
Example:
<script> const hex = []; for (let i = 0; i < 256; i++) { hex[i] = (i < 16 ? '0' : '') + (i).toString(16); } function generateUUID() { const r = crypto.getRandomValues(new Uint8Array(16)); r[6] = r[6] & 0x0f | 0x40; r[8] = r[8] & 0x3f | 0x80; const h = Array.from(r).map(i => hex[i]); return `${h[0]}${h[1]}${h[2]}${h[3]}-${h[4]}${h[5]}-${h[6]}${h[7]}-${h[8]}${h[9]}-${h[10]}${h[11]}${h[12]}${h[13]}${h[14]}${h[15]}`; } </script>
To Reproduce
Steps to reproduce the behavior:
- Go to a Page
- Click on 'add Custom HTML'
- Paste the above HTML <script> snippet into the block.
- Preview the change
- Open the JavaScript console. You will see a syntax error: "Invalid Character: '#'":
r[6] = r[6] & 0x0f | 0x40; r[8] = r[8] & 0x3f | 0x80;
Expected behavior
I expect no syntax errors. The script should be rendered without any encoding of characters.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: Mac OS X 10.14
- Browser chrome and safari
- Version chrome 71.0.3578.98
This was reported as early as #43785, so I'll close as a duplicate.