Make WordPress Core

Opened 15 years ago

Closed 15 years ago

Last modified 11 years ago

#9243 closed defect (bug) (invalid)

wp_enqueue_script shouldn't convert source URL ampersands to character entities

Reported by: filosofo's profile filosofo Owned by: ryan's profile ryan
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: wp_enqueue_script clean_url has-patch
Focuses: Cc:


As Mike Schinkel pointed out, when a script source URL has ampersands in it, they get converted to their character entities.

Instead, clean_url() should not use the default "display" argument.

Attachments (1)

dont_encode_script_ampersands.9243.diff (1003 bytes) - added by filosofo 15 years ago.

Download all attachments as: .zip

Change History (5)

#1 @sivel
15 years ago

I do not think this should be done. Not encoding the ampersands will break xhtml validation and I have tested that it does indeed works as expected while encoded.

From my email to wp-hackers:

Okay, I put together a quick plugin to prove to myself that either the
use of & does work or does not work. In short I found that it
*does* work.

I'll even provide my plugin code so that anyone else who wants can test it.

The code can be found at

Save this as a .php file and place in your plugins directory. Once
activated navigate to your blog and you should see a javascript alert
that either says 'IT WORKED!' or 'IT DIDN'T WORK!" followed by some
extra data. It won't do the alert in the admin as I figured it might
be annoying to try to deal with the alert while activating and

#2 @sivel
15 years ago

  • Cc matt@… added

#3 @filosofo
15 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version 2.8 deleted

sivel is right. His proof plugin shows that it works correctly, and it is invalid xhtml

I apologize for not verifying this myself.

#4 @SergeyBiryukov
11 years ago

#23502 was marked as a duplicate.

Note: See TracTickets for help on using tickets.