mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-04-05 04:33:18 +02:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Script Loader: Escape HTML5 boolean attribute names.

Browse Source 
Add escaping of boolean attribute names in `wp_sanitize_script_attributes()` for themes supporting HTML5 script elements.

Props tmatsuur, johnbillion, joyously.
Fixes #52894.


git-svn-id: https://develop.svn.wordpress.org/trunk@50575 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Wilson 2021-03-25 00:25:37 +00:00
parent 26fd2405f6
commit d95ce1cb5b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/script-loader.php
View File

@ -2353,7 +2353,7 @@ function wp_sanitize_script_attributes( $attributes ) {
foreach ( $attributes as $attribute_name => $attribute_value ) {
if ( is_bool( $attribute_value ) ) {
if ( $attribute_value ) {
$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . esc_attr( $attribute_name );
}
} else {
$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );