From d95ce1cb5b2139fbda6e3ab8f84b46a07e9725d7 Mon Sep 17 00:00:00 2001
From: Peter Wilson <peterwilsoncc@git.wordpress.org>
Date: Thu, 25 Mar 2021 00:25:37 +0000
Subject: [PATCH] Script Loader: Escape HTML5 boolean attribute names.

Add escaping of boolean attribute names in `wp_sanitize_script_attributes()` for themes supporting HTML5 script elements.

Props tmatsuur, johnbillion, joyously.
Fixes #52894.


git-svn-id: https://develop.svn.wordpress.org/trunk@50575 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/script-loader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php
index 34728ca5f6..5379dddee0 100644
--- a/src/wp-includes/script-loader.php
+++ b/src/wp-includes/script-loader.php
@@ -2353,7 +2353,7 @@ function wp_sanitize_script_attributes( $attributes ) {
 	foreach ( $attributes as $attribute_name => $attribute_value ) {
 		if ( is_bool( $attribute_value ) ) {
 			if ( $attribute_value ) {
-				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
+				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . esc_attr( $attribute_name );
 			}
 		} else {
 			$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );