Closed westonruter closed 1 year ago
Given this existing code:
button.innerText = '<?php esc_html_e( 'Preview', 'preview-revisions' ); ?>';
It could be that a translation string incorporates an apostrophe, either because the language uses apostrophes:
Which would result in a syntax error here:
button.innerText = 'mua'i va'aiga'; // --------------------^
Or it could be that someone is maliciously adding apostrophes to attempt a translation string injection attack.
This is addressed by using wp_json_encode() when rendering text inside of script tag.
wp_json_encode()
script
Issue - #2
Thanks, @westonruter, for the patch. Seems good to me. I would create an issue for this, and then we can safely merge this.
This is tested successfully, hence merging and closing the issue mentioned.
Given this existing code:
It could be that a translation string incorporates an apostrophe, either because the language uses apostrophes:
Which would result in a syntax error here:
Or it could be that someone is maliciously adding apostrophes to attempt a translation string injection attack.
This is addressed by using
wp_json_encode()
when rendering text inside ofscript
tag.Issue - #2