From 321fef26d27cc4e7d25fa359e6d92495e270ecc9 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Mon, 11 Aug 2025 12:24:34 +0530 Subject: [PATCH 01/24] Update Inline script tags with wp_inline_script_tag and added the function definition for backward compatibility --- .../themes/twentyfifteen/functions.php | 114 +++++++++++++- .../themes/twentynineteen/functions.php | 123 ++++++++++++++- .../themes/twentyseventeen/functions.php | 114 +++++++++++++- .../themes/twentysixteen/functions.php | 114 +++++++++++++- .../themes/twentytwenty/functions.php | 118 ++++++++++++++- .../themes/twentytwenty/inc/template-tags.php | 4 +- .../class-twenty-twenty-one-dark-mode.php | 9 +- .../themes/twentytwentyone/functions.php | 143 ++++++++++++++++-- .../inc/template-functions.php | 2 +- 9 files changed, 706 insertions(+), 35 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index 71b42e6c6e151..46d26db28950e 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -412,7 +412,7 @@ function twentyfifteen_fonts_url() { * @since Twenty Fifteen 1.1 */ function twentyfifteen_javascript_detection() { - echo "\n"; + wp_print_inline_script_tag( "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);" ); } add_action( 'wp_head', 'twentyfifteen_javascript_detection', 0 ); @@ -666,3 +666,115 @@ function twentyfifteen_register_block_patterns() { } add_action( 'init', 'twentyfifteen_register_block_patterns' ); + +if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { + /** + * Constructs an inline script tag. + * + * It is possible to inject attributes in the ` + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ + if ( + ! $is_html5 && + ( + ! isset( $attributes['type'] ) || + 'module' === $attributes['type'] || + str_contains( $attributes['type'], 'javascript' ) || + str_contains( $attributes['type'], 'ecmascript' ) || + str_contains( $attributes['type'], 'jscript' ) || + str_contains( $attributes['type'], 'livescript' ) + ) + ) { + /* + * If the string `]]>` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); + + // Wrap the entire escaped script inside a CDATA section. + $data = sprintf( "/* */", $data ); + } + + $data = "\n" . trim( $data, "\n\r " ) . "\n"; + + /** + * Filters attributes to be added to a script tag. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); + } +} + +if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { + /** + * Prints an inline script tag. + * + * It is possible to inject attributes in the ` - ` tag via the {@see 'wp_inline_script_attributes'} filter. + * Automatically injects type attribute if needed. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. + * @param array $attributes Optional. Key-value pairs representing ` + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ + if ( + ! $is_html5 && + ( + ! isset( $attributes['type'] ) || + 'module' === $attributes['type'] || + str_contains( $attributes['type'], 'javascript' ) || + str_contains( $attributes['type'], 'ecmascript' ) || + str_contains( $attributes['type'], 'jscript' ) || + str_contains( $attributes['type'], 'livescript' ) + ) + ) { + /* + * If the string `]]>` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); + + // Wrap the entire escaped script inside a CDATA section. + $data = sprintf( "/* */", $data ); + } + + $data = "\n" . trim( $data, "\n\r " ) . "\n"; + + /** + * Filters attributes to be added to a script tag. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); + } +} + +if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { + /** + * Prints an inline script tag. + * + * It is possible to inject attributes in the `\n"; + wp_print_inline_script_tag( "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);" ); } add_action( 'wp_head', 'twentyseventeen_javascript_detection', 0 ); @@ -758,3 +758,115 @@ function twentyseventeen_register_block_patterns() { } add_action( 'init', 'twentyseventeen_register_block_patterns' ); + +if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { + /** + * Constructs an inline script tag. + * + * It is possible to inject attributes in the ` + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ + if ( + ! $is_html5 && + ( + ! isset( $attributes['type'] ) || + 'module' === $attributes['type'] || + str_contains( $attributes['type'], 'javascript' ) || + str_contains( $attributes['type'], 'ecmascript' ) || + str_contains( $attributes['type'], 'jscript' ) || + str_contains( $attributes['type'], 'livescript' ) + ) + ) { + /* + * If the string `]]>` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); + + // Wrap the entire escaped script inside a CDATA section. + $data = sprintf( "/* */", $data ); + } + + $data = "\n" . trim( $data, "\n\r " ) . "\n"; + + /** + * Filters attributes to be added to a script tag. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); + } +} + +if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { + /** + * Prints an inline script tag. + * + * It is possible to inject attributes in the `\n"; + wp_print_inline_script_tag( "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);" ); } add_action( 'wp_head', 'twentysixteen_javascript_detection', 0 ); @@ -622,3 +622,115 @@ function twentysixteen_widget_tag_cloud_args( $args ) { return $args; } add_filter( 'widget_tag_cloud_args', 'twentysixteen_widget_tag_cloud_args' ); + +if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { + /** + * Constructs an inline script tag. + * + * It is possible to inject attributes in the ` + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ + if ( + ! $is_html5 && + ( + ! isset( $attributes['type'] ) || + 'module' === $attributes['type'] || + str_contains( $attributes['type'], 'javascript' ) || + str_contains( $attributes['type'], 'ecmascript' ) || + str_contains( $attributes['type'], 'jscript' ) || + str_contains( $attributes['type'], 'livescript' ) + ) + ) { + /* + * If the string `]]>` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); + + // Wrap the entire escaped script inside a CDATA section. + $data = sprintf( "/* */", $data ); + } + + $data = "\n" . trim( $data, "\n\r " ) . "\n"; + + /** + * Filters attributes to be added to a script tag. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); + } +} + +if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { + /** + * Prints an inline script tag. + * + * It is possible to inject attributes in the ` - ` tag via the {@see 'wp_inline_script_attributes'} filter. + * Automatically injects type attribute if needed. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. + * @param array $attributes Optional. Key-value pairs representing ` + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ + if ( + ! $is_html5 && + ( + ! isset( $attributes['type'] ) || + 'module' === $attributes['type'] || + str_contains( $attributes['type'], 'javascript' ) || + str_contains( $attributes['type'], 'ecmascript' ) || + str_contains( $attributes['type'], 'jscript' ) || + str_contains( $attributes['type'], 'livescript' ) + ) + ) { + /* + * If the string `]]>` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); + + // Wrap the entire escaped script inside a CDATA section. + $data = sprintf( "/* */", $data ); + } + + $data = "\n" . trim( $data, "\n\r " ) . "\n"; + + /** + * Filters attributes to be added to a script tag. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); + } +} + +if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { + /** + * Prints an inline script tag. + * + * It is possible to inject attributes in the ` - '; - include get_template_directory() . '/assets/js/dark-mode-toggler.js'; // phpcs:ignore WPThemeReview.CoreFunctionality.FileInclude - echo ''; + $js_path = get_template_directory() . '/assets/js/dark-mode-toggler.js'; + + if ( file_exists( $js_path ) ) { + $script = file_get_contents( $js_path ); + wp_print_inline_script_tag( $script ); + } } /** diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index f163e394df734..82164b381f75b 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -493,19 +493,20 @@ function twentytwentyone_block_editor_script() { * @link https://git.io/vWdr2 */ function twenty_twenty_one_skip_link_focus_fix() { + $script = ''; // If SCRIPT_DEBUG is defined and true, print the unminified file. if ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) { - echo ''; + $js_path = get_template_directory() . '/assets/js/skip-link-focus-fix.js'; + if ( file_exists( $js_path ) ) { + $script = file_get_contents( $js_path ); + } } else { // The following is minified via `npx terser --compress --mangle -- assets/js/skip-link-focus-fix.js`. - ?> - - - - ` tag via the {@see 'wp_inline_script_attributes'} filter. + * Automatically injects type attribute if needed. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param string $data Data for script tag: JavaScript, importmap, speculationrules, etc. + * @param array $attributes Optional. Key-value pairs representing ` + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ + if ( + ! $is_html5 && + ( + ! isset( $attributes['type'] ) || + 'module' === $attributes['type'] || + str_contains( $attributes['type'], 'javascript' ) || + str_contains( $attributes['type'], 'ecmascript' ) || + str_contains( $attributes['type'], 'jscript' ) || + str_contains( $attributes['type'], 'livescript' ) + ) + ) { + /* + * If the string `]]>` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); + + // Wrap the entire escaped script inside a CDATA section. + $data = sprintf( "/* */", $data ); + } + + $data = "\n" . trim( $data, "\n\r " ) . "\n"; + + /** + * Filters attributes to be added to a script tag. + * + * Added for backward compatibility to support pre-5.7.0 WordPress versions. + * + * @since 5.7.0 + * + * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); + } +} + +if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { + /** + * Prints an inline script tag. + * + * It is possible to inject attributes in the `'; + wp_print_inline_script_tag( "document.body.classList.remove('no-js');" ); } add_action( 'wp_footer', 'twenty_twenty_one_supports_js' ); From 0d33936225a79cfefd595d1741b906f8c9edcd19 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Mon, 11 Aug 2025 12:32:43 +0530 Subject: [PATCH 02/24] Add Newline at EOF --- src/wp-content/themes/twentyfifteen/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index 46d26db28950e..614954b258862 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -777,4 +777,4 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { function wp_print_inline_script_tag( $data, $attributes = array() ) { echo wp_get_inline_script_tag( $data, $attributes ); } -} \ No newline at end of file +} From 2caffa5afd1e28eea42d411413d1ff48de695588 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Thu, 28 Aug 2025 18:52:58 +0530 Subject: [PATCH 03/24] Address PR feedback --- .../themes/twentyfifteen/functions.php | 109 +++++++++++------- .../themes/twentynineteen/functions.php | 109 +++++++++++------- .../themes/twentyseventeen/functions.php | 109 +++++++++++------- .../themes/twentysixteen/functions.php | 109 +++++++++++------- .../themes/twentytwenty/functions.php | 109 +++++++++++------- .../themes/twentytwentyone/functions.php | 109 +++++++++++------- 6 files changed, 396 insertions(+), 258 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index 614954b258862..fd5c696f36916 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -667,6 +667,40 @@ function twentyfifteen_register_block_patterns() { add_action( 'init', 'twentyfifteen_register_block_patterns' ); +if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { + /** + * Sanitizes an attributes array into an attributes string to be placed inside a ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ + * XHTML extracts the contents of the SCRIPT element and then the XML parser + * decodes character references and other syntax elements. This can lead to + * misinterpretation of the script contents or invalid XHTML documents. + * + * Wrapping the contents in a CDATA section instructs the XML parser not to + * transform the contents of the SCRIPT element before passing them to the + * JavaScript engine. + * + * Example: + * + * + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ if ( ! $is_html5 && ( @@ -728,14 +762,14 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { ) ) { /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); // Wrap the entire escaped script inside a CDATA section. @@ -744,18 +778,7 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { $data = "\n" . trim( $data, "\n\r " ) . "\n"; - /** - * Filters attributes to be added to a script tag. - * - * Added for backward compatibility to support pre-5.7.0 WordPress versions. - * - * @since 5.7.0 - * - * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); diff --git a/src/wp-content/themes/twentynineteen/functions.php b/src/wp-content/themes/twentynineteen/functions.php index a5f3cfb40901b..252b613303743 100644 --- a/src/wp-content/themes/twentynineteen/functions.php +++ b/src/wp-content/themes/twentynineteen/functions.php @@ -397,6 +397,40 @@ function twentynineteen_register_block_patterns() { add_action( 'init', 'twentynineteen_register_block_patterns' ); +if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { + /** + * Sanitizes an attributes array into an attributes string to be placed inside a ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ + * XHTML extracts the contents of the SCRIPT element and then the XML parser + * decodes character references and other syntax elements. This can lead to + * misinterpretation of the script contents or invalid XHTML documents. + * + * Wrapping the contents in a CDATA section instructs the XML parser not to + * transform the contents of the SCRIPT element before passing them to the + * JavaScript engine. + * + * Example: + * + * + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ if ( ! $is_html5 && ( @@ -458,14 +492,14 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { ) ) { /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); // Wrap the entire escaped script inside a CDATA section. @@ -474,18 +508,7 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { $data = "\n" . trim( $data, "\n\r " ) . "\n"; - /** - * Filters attributes to be added to a script tag. - * - * Added for backward compatibility to support pre-5.7.0 WordPress versions. - * - * @since 5.7.0 - * - * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); diff --git a/src/wp-content/themes/twentyseventeen/functions.php b/src/wp-content/themes/twentyseventeen/functions.php index a1d3fb0af6e8d..7993c6d72963b 100644 --- a/src/wp-content/themes/twentyseventeen/functions.php +++ b/src/wp-content/themes/twentyseventeen/functions.php @@ -759,6 +759,40 @@ function twentyseventeen_register_block_patterns() { add_action( 'init', 'twentyseventeen_register_block_patterns' ); +if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { + /** + * Sanitizes an attributes array into an attributes string to be placed inside a ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ + * XHTML extracts the contents of the SCRIPT element and then the XML parser + * decodes character references and other syntax elements. This can lead to + * misinterpretation of the script contents or invalid XHTML documents. + * + * Wrapping the contents in a CDATA section instructs the XML parser not to + * transform the contents of the SCRIPT element before passing them to the + * JavaScript engine. + * + * Example: + * + * + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ if ( ! $is_html5 && ( @@ -820,14 +854,14 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { ) ) { /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); // Wrap the entire escaped script inside a CDATA section. @@ -836,18 +870,7 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { $data = "\n" . trim( $data, "\n\r " ) . "\n"; - /** - * Filters attributes to be added to a script tag. - * - * Added for backward compatibility to support pre-5.7.0 WordPress versions. - * - * @since 5.7.0 - * - * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); diff --git a/src/wp-content/themes/twentysixteen/functions.php b/src/wp-content/themes/twentysixteen/functions.php index 20fc112d6b694..c64277e538ed7 100644 --- a/src/wp-content/themes/twentysixteen/functions.php +++ b/src/wp-content/themes/twentysixteen/functions.php @@ -623,6 +623,40 @@ function twentysixteen_widget_tag_cloud_args( $args ) { } add_filter( 'widget_tag_cloud_args', 'twentysixteen_widget_tag_cloud_args' ); +if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { + /** + * Sanitizes an attributes array into an attributes string to be placed inside a ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ + * XHTML extracts the contents of the SCRIPT element and then the XML parser + * decodes character references and other syntax elements. This can lead to + * misinterpretation of the script contents or invalid XHTML documents. + * + * Wrapping the contents in a CDATA section instructs the XML parser not to + * transform the contents of the SCRIPT element before passing them to the + * JavaScript engine. + * + * Example: + * + * + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ if ( ! $is_html5 && ( @@ -684,14 +718,14 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { ) ) { /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); // Wrap the entire escaped script inside a CDATA section. @@ -700,18 +734,7 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { $data = "\n" . trim( $data, "\n\r " ) . "\n"; - /** - * Filters attributes to be added to a script tag. - * - * Added for backward compatibility to support pre-5.7.0 WordPress versions. - * - * @since 5.7.0 - * - * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); diff --git a/src/wp-content/themes/twentytwenty/functions.php b/src/wp-content/themes/twentytwenty/functions.php index 8857dd7dc4807..fb0c8f72e03d2 100644 --- a/src/wp-content/themes/twentytwenty/functions.php +++ b/src/wp-content/themes/twentytwenty/functions.php @@ -820,6 +820,40 @@ function twentytwenty_get_elements_array() { return apply_filters( 'twentytwenty_get_elements_array', $elements ); } +if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { + /** + * Sanitizes an attributes array into an attributes string to be placed inside a ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ + * XHTML extracts the contents of the SCRIPT element and then the XML parser + * decodes character references and other syntax elements. This can lead to + * misinterpretation of the script contents or invalid XHTML documents. + * + * Wrapping the contents in a CDATA section instructs the XML parser not to + * transform the contents of the SCRIPT element before passing them to the + * JavaScript engine. + * + * Example: + * + * + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ if ( ! $is_html5 && ( @@ -881,14 +915,14 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { ) ) { /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); // Wrap the entire escaped script inside a CDATA section. @@ -897,18 +931,7 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { $data = "\n" . trim( $data, "\n\r " ) . "\n"; - /** - * Filters attributes to be added to a script tag. - * - * Added for backward compatibility to support pre-5.7.0 WordPress versions. - * - * @since 5.7.0 - * - * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index 82164b381f75b..0418722caf6f8 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -655,6 +655,40 @@ function wp_get_list_item_separator() { } endif; +if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { + /** + * Sanitizes an attributes array into an attributes string to be placed inside a ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ + * XHTML extracts the contents of the SCRIPT element and then the XML parser + * decodes character references and other syntax elements. This can lead to + * misinterpretation of the script contents or invalid XHTML documents. + * + * Wrapping the contents in a CDATA section instructs the XML parser not to + * transform the contents of the SCRIPT element before passing them to the + * JavaScript engine. + * + * Example: + * + * + * + * In an HTML document this would print "…" to the console, + * but in an XHTML document it would print "…" to the console. + * + * + * + * In an HTML document this would print "An image is in HTML", + * but it's an invalid XHTML document because it interprets the `` + * as an empty tag missing its closing `/`. + * + * @see https://www.w3.org/TR/xhtml1/#h-4.8 + */ if ( ! $is_html5 && ( @@ -716,14 +750,14 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { ) ) { /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `` exists within the JavaScript it would break + * out of any wrapping CDATA section added here, so to start, it's + * necessary to escape that sequence which requires splitting the + * content into two CDATA sections wherever it's found. + * + * Note: it's only necessary to escape the closing `]]>` because + * an additional `', ']]]]>', $data ); // Wrap the entire escaped script inside a CDATA section. @@ -732,18 +766,7 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) { $data = "\n" . trim( $data, "\n\r " ) . "\n"; - /** - * Filters attributes to be added to a script tag. - * - * Added for backward compatibility to support pre-5.7.0 WordPress versions. - * - * @since 5.7.0 - * - * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data ); From bbcf99bd04e2b7d3d4d0e97aa8c0b7877b5a04a2 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 01:12:43 +0530 Subject: [PATCH 04/24] Remove Polyfills and Add SourceURL comment --- .../themes/twentyfifteen/functions.php | 109 +--------------- .../themes/twentynineteen/functions.php | 113 ++-------------- .../themes/twentyseventeen/functions.php | 109 +--------------- .../themes/twentysixteen/functions.php | 109 +--------------- .../themes/twentytwenty/functions.php | 109 +--------------- .../themes/twentytwenty/inc/template-tags.php | 8 +- .../class-twenty-twenty-one-dark-mode.php | 12 +- .../themes/twentytwentyone/functions.php | 121 +++--------------- .../inc/template-functions.php | 8 +- 9 files changed, 78 insertions(+), 620 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index fd5c696f36916..8925d38a30b9d 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -412,7 +412,13 @@ function twentyfifteen_fonts_url() { * @since Twenty Fifteen 1.1 */ function twentyfifteen_javascript_detection() { - wp_print_inline_script_tag( "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);" ); + $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + + if ( function_exists( 'wp_print_inline_script_tag' ) ) { + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $js ); + } } add_action( 'wp_head', 'twentyfifteen_javascript_detection', 0 ); @@ -700,104 +706,3 @@ function wp_sanitize_script_attributes( $attributes ) { return $attributes_string; } } - -if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { - /** - * Constructs an inline script tag. - * - * It is possible to inject attributes in the ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ - if ( - ! $is_html5 && - ( - ! isset( $attributes['type'] ) || - 'module' === $attributes['type'] || - str_contains( $attributes['type'], 'javascript' ) || - str_contains( $attributes['type'], 'ecmascript' ) || - str_contains( $attributes['type'], 'jscript' ) || - str_contains( $attributes['type'], 'livescript' ) - ) - ) { - /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `', ']]]]>', $data ); - - // Wrap the entire escaped script inside a CDATA section. - $data = sprintf( "/* */", $data ); - } - - $data = "\n" . trim( $data, "\n\r " ) . "\n"; - - /** This filter is documented in wp-includes/script-loader.php */ - $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); - - return sprintf( "%s\n", wp_sanitize_script_attributes( $attributes ), $data ); - } -} - -if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { - /** - * Prints an inline script tag. - * - * It is possible to inject attributes in the `\n", $js ); + } } /** @@ -430,104 +434,3 @@ function wp_sanitize_script_attributes( $attributes ) { return $attributes_string; } } - -if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { - /** - * Constructs an inline script tag. - * - * It is possible to inject attributes in the ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ - if ( - ! $is_html5 && - ( - ! isset( $attributes['type'] ) || - 'module' === $attributes['type'] || - str_contains( $attributes['type'], 'javascript' ) || - str_contains( $attributes['type'], 'ecmascript' ) || - str_contains( $attributes['type'], 'jscript' ) || - str_contains( $attributes['type'], 'livescript' ) - ) - ) { - /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `', ']]]]>', $data ); - - // Wrap the entire escaped script inside a CDATA section. - $data = sprintf( "/* */", $data ); - } - - $data = "\n" . trim( $data, "\n\r " ) . "\n"; - - /** This filter is documented in wp-includes/script-loader.php */ - $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); - - return sprintf( "%s\n", wp_sanitize_script_attributes( $attributes ), $data ); - } -} - -if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { - /** - * Prints an inline script tag. - * - * It is possible to inject attributes in the `\n", $js ); + } } add_action( 'wp_head', 'twentyseventeen_javascript_detection', 0 ); @@ -792,104 +798,3 @@ function wp_sanitize_script_attributes( $attributes ) { return $attributes_string; } } - -if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { - /** - * Constructs an inline script tag. - * - * It is possible to inject attributes in the ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ - if ( - ! $is_html5 && - ( - ! isset( $attributes['type'] ) || - 'module' === $attributes['type'] || - str_contains( $attributes['type'], 'javascript' ) || - str_contains( $attributes['type'], 'ecmascript' ) || - str_contains( $attributes['type'], 'jscript' ) || - str_contains( $attributes['type'], 'livescript' ) - ) - ) { - /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `', ']]]]>', $data ); - - // Wrap the entire escaped script inside a CDATA section. - $data = sprintf( "/* */", $data ); - } - - $data = "\n" . trim( $data, "\n\r " ) . "\n"; - - /** This filter is documented in wp-includes/script-loader.php */ - $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); - - return sprintf( "%s\n", wp_sanitize_script_attributes( $attributes ), $data ); - } -} - -if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { - /** - * Prints an inline script tag. - * - * It is possible to inject attributes in the `\n", $js ); + } } add_action( 'wp_head', 'twentysixteen_javascript_detection', 0 ); @@ -656,104 +662,3 @@ function wp_sanitize_script_attributes( $attributes ) { return $attributes_string; } } - -if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { - /** - * Constructs an inline script tag. - * - * It is possible to inject attributes in the ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ - if ( - ! $is_html5 && - ( - ! isset( $attributes['type'] ) || - 'module' === $attributes['type'] || - str_contains( $attributes['type'], 'javascript' ) || - str_contains( $attributes['type'], 'ecmascript' ) || - str_contains( $attributes['type'], 'jscript' ) || - str_contains( $attributes['type'], 'livescript' ) - ) - ) { - /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `', ']]]]>', $data ); - - // Wrap the entire escaped script inside a CDATA section. - $data = sprintf( "/* */", $data ); - } - - $data = "\n" . trim( $data, "\n\r " ) . "\n"; - - /** This filter is documented in wp-includes/script-loader.php */ - $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); - - return sprintf( "%s\n", wp_sanitize_script_attributes( $attributes ), $data ); - } -} - -if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { - /** - * Prints an inline script tag. - * - * It is possible to inject attributes in the `\n", $js ); + } } /** @@ -853,104 +859,3 @@ function wp_sanitize_script_attributes( $attributes ) { return $attributes_string; } } - -if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { - /** - * Constructs an inline script tag. - * - * It is possible to inject attributes in the ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ - if ( - ! $is_html5 && - ( - ! isset( $attributes['type'] ) || - 'module' === $attributes['type'] || - str_contains( $attributes['type'], 'javascript' ) || - str_contains( $attributes['type'], 'ecmascript' ) || - str_contains( $attributes['type'], 'jscript' ) || - str_contains( $attributes['type'], 'livescript' ) - ) - ) { - /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `', ']]]]>', $data ); - - // Wrap the entire escaped script inside a CDATA section. - $data = sprintf( "/* */", $data ); - } - - $data = "\n" . trim( $data, "\n\r " ) . "\n"; - - /** This filter is documented in wp-includes/script-loader.php */ - $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); - - return sprintf( "%s\n", wp_sanitize_script_attributes( $attributes ), $data ); - } -} - -if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { - /** - * Prints an inline script tag. - * - * It is possible to inject attributes in the `\n", $js ); + } } add_action( 'wp_head', 'twentytwenty_no_js_class' ); diff --git a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php index 9d26eef80f3fe..ee56f538c40be 100644 --- a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php +++ b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php @@ -363,11 +363,19 @@ public function the_html( $attrs = array() ) { * @return void */ public function the_script() { + $js_path = get_template_directory() . '/assets/js/dark-mode-toggler.js'; if ( file_exists( $js_path ) ) { - $script = file_get_contents( $js_path ); - wp_print_inline_script_tag( $script ); + + if ( function_exists( 'wp_print_inline_script_tag' ) ) { + wp_print_inline_script_tag( + file_get_contents( $js_path ) . + "\n//# sourceURL=" . trailingslashit( get_template_directory_uri() ) . 'assets/js/dark-mode-toggler.js' + ); + } else { + printf( "\n", file_get_contents( $js_path ) ); + } } } diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index 0418722caf6f8..755d276c15584 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -495,18 +495,30 @@ function twentytwentyone_block_editor_script() { function twenty_twenty_one_skip_link_focus_fix() { $script = ''; + $source_url_comment = ''; + // If SCRIPT_DEBUG is defined and true, print the unminified file. if ( defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ) { $js_path = get_template_directory() . '/assets/js/skip-link-focus-fix.js'; + if ( file_exists( $js_path ) ) { $script = file_get_contents( $js_path ); } + + $source_url_comment = "\n//# sourceURL=" . trailingslashit( get_template_directory() ) . '/assets/js/skip-link-focus-fix.js'; } else { // The following is minified via `npx terser --compress --mangle -- assets/js/skip-link-focus-fix.js`. $script = '/(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",(function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())}),!1);'; + + $source_url_comment = "\n//# sourceURL=" . __FUNCTION__; } + if ( $script ) { - wp_print_inline_script_tag( $script ); + if ( function_exists( 'wp_print_inline_script_tag' ) ) { + wp_print_inline_script_tag( $script . $source_url_comment ) ; + } else { + printf( "\n", $script ); + } } } @@ -637,7 +649,11 @@ function twentytwentyone_add_ie_class() { } "; - wp_print_inline_script_tag( $script ); + if ( function_exists( 'wp_print_inline_script_tag' ) ) { + wp_print_inline_script_tag( $script . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $script ); + } } add_action( 'wp_footer', 'twentytwentyone_add_ie_class' ); @@ -688,104 +704,3 @@ function wp_sanitize_script_attributes( $attributes ) { return $attributes_string; } } - -if ( ! function_exists( 'wp_get_inline_script_tag' ) ) { - /** - * Constructs an inline script tag. - * - * It is possible to inject attributes in the ` - * - * In an HTML document this would print "…" to the console, - * but in an XHTML document it would print "…" to the console. - * - * - * - * In an HTML document this would print "An image is in HTML", - * but it's an invalid XHTML document because it interprets the `` - * as an empty tag missing its closing `/`. - * - * @see https://www.w3.org/TR/xhtml1/#h-4.8 - */ - if ( - ! $is_html5 && - ( - ! isset( $attributes['type'] ) || - 'module' === $attributes['type'] || - str_contains( $attributes['type'], 'javascript' ) || - str_contains( $attributes['type'], 'ecmascript' ) || - str_contains( $attributes['type'], 'jscript' ) || - str_contains( $attributes['type'], 'livescript' ) - ) - ) { - /* - * If the string `]]>` exists within the JavaScript it would break - * out of any wrapping CDATA section added here, so to start, it's - * necessary to escape that sequence which requires splitting the - * content into two CDATA sections wherever it's found. - * - * Note: it's only necessary to escape the closing `]]>` because - * an additional `', ']]]]>', $data ); - - // Wrap the entire escaped script inside a CDATA section. - $data = sprintf( "/* */", $data ); - } - - $data = "\n" . trim( $data, "\n\r " ) . "\n"; - - /** This filter is documented in wp-includes/script-loader.php */ - $attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data ); - - return sprintf( "%s\n", wp_sanitize_script_attributes( $attributes ), $data ); - } -} - -if ( ! function_exists( 'wp_print_inline_script_tag' ) ) { - /** - * Prints an inline script tag. - * - * It is possible to inject attributes in the `\n", $js ); + } } add_action( 'wp_footer', 'twenty_twenty_one_supports_js' ); From c5caa7b602c079749cb2fb7045845d5832e1fe5c Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 01:19:43 +0530 Subject: [PATCH 05/24] Update the customizer color_scheme_css_template function --- .../themes/twentyfifteen/inc/customizer.php | 44 +++++++++++-------- .../themes/twentysixteen/inc/customizer.php | 18 +++++--- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index d2e6358022556..d2224baecebab 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -772,30 +772,38 @@ function twentyfifteen_get_color_scheme_css( $colors ) { /** * Outputs an Underscore template for generating CSS for the color scheme. * - * The template generates the css dynamically for instant display in the Customizer + * The template generates the CSS dynamically for instant display in the Customizer * preview. * * @since Twenty Fifteen 1.0 + * @since Twenty Fifteen 4.1 Added `wp_print_inline_script_tag()` support. */ function twentyfifteen_color_scheme_css_template() { $colors = array( - 'background_color' => '{{ data.background_color }}', - 'header_background_color' => '{{ data.header_background_color }}', - 'box_background_color' => '{{ data.box_background_color }}', - 'textcolor' => '{{ data.textcolor }}', - 'secondary_textcolor' => '{{ data.secondary_textcolor }}', - 'border_color' => '{{ data.border_color }}', - 'border_focus_color' => '{{ data.border_focus_color }}', - 'sidebar_textcolor' => '{{ data.sidebar_textcolor }}', - 'sidebar_border_color' => '{{ data.sidebar_border_color }}', - 'sidebar_border_focus_color' => '{{ data.sidebar_border_focus_color }}', - 'secondary_sidebar_textcolor' => '{{ data.secondary_sidebar_textcolor }}', - 'meta_box_background_color' => '{{ data.meta_box_background_color }}', + 'background_color' => '{{ data.background_color }}', + 'header_background_color' => '{{ data.header_background_color }}', + 'box_background_color' => '{{ data.box_background_color }}', + 'textcolor' => '{{ data.textcolor }}', + 'secondary_textcolor' => '{{ data.secondary_textcolor }}', + 'border_color' => '{{ data.border_color }}', + 'border_focus_color' => '{{ data.border_focus_color }}', + 'sidebar_textcolor' => '{{ data.sidebar_textcolor }}', + 'sidebar_border_color' => '{{ data.sidebar_border_color }}', + 'sidebar_border_focus_color' => '{{ data.sidebar_border_focus_color }}', + 'secondary_sidebar_textcolor' => '{{ data.secondary_sidebar_textcolor }}', + 'meta_box_background_color' => '{{ data.meta_box_background_color }}', ); - ?> - - 'text/html', 'id' => 'tmpl-twentyfifteen-color-scheme' ) ); + } else { + printf( + "\n", + 'type="text/html" id="tmpl-twentyfifteen-color-scheme"', + $css + ); + } } add_action( 'customize_controls_print_footer_scripts', 'twentyfifteen_color_scheme_css_template' ); diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 43a43f8c9e9b6..14a7119abb12d 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -838,6 +838,7 @@ function twentysixteen_get_color_scheme_css( $colors ) { * Customizer preview. * * @since Twenty Sixteen 1.0 + * @since Twenty Sixteen 4.1 Added `wp_print_inline_script_tag()` support. */ function twentysixteen_color_scheme_css_template() { $colors = array( @@ -848,11 +849,18 @@ function twentysixteen_color_scheme_css_template() { 'secondary_text_color' => '{{ data.secondary_text_color }}', 'border_color' => '{{ data.border_color }}', ); - ?> - - 'text/html', 'id' => 'tmpl-twentysixteen-color-scheme' ) ); + } else { + printf( + "\n", + 'type="text/html" id="tmpl-twentysixteen-color-scheme"', + $css + ); + } } add_action( 'customize_controls_print_footer_scripts', 'twentysixteen_color_scheme_css_template' ); From 87f5519d7a288b6b3c3abda43c2d957a348ecd64 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 01:22:34 +0530 Subject: [PATCH 06/24] Revert back the deprecated functions --- .../themes/twentynineteen/functions.php | 15 ++++------ .../themes/twentytwenty/functions.php | 12 ++++---- .../themes/twentytwentyone/functions.php | 29 +++++-------------- 3 files changed, 18 insertions(+), 38 deletions(-) diff --git a/src/wp-content/themes/twentynineteen/functions.php b/src/wp-content/themes/twentynineteen/functions.php index 996c5916f787f..0c48be3adab96 100644 --- a/src/wp-content/themes/twentynineteen/functions.php +++ b/src/wp-content/themes/twentynineteen/functions.php @@ -303,16 +303,11 @@ function twentynineteen_scripts() { */ function twentynineteen_skip_link_focus_fix() { // The following is minified via `terser --compress --mangle -- js/skip-link-focus-fix.js`. - $js = '/(trident|msie)/i.test(navigator.userAgent) && document.getElementById && window.addEventListener && window.addEventListener("hashchange", function() { - var t, e = location.hash.substring(1); - /^[A-z0-9_-]+$/.test(e) && (t = document.getElementById(e)) && (/^(?:a|select|input|button|textarea)$/i.test(t.tagName) || (t.tabIndex = -1), t.focus()); - }, false);'; - - if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $js ); - } + ?> + + %s\n", $js ); - } + ?> + + '; + include get_template_directory() . '/assets/js/skip-link-focus-fix.js'; + echo ''; } else { // The following is minified via `npx terser --compress --mangle -- assets/js/skip-link-focus-fix.js`. - $script = '/(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",(function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())}),!1);'; - - $source_url_comment = "\n//# sourceURL=" . __FUNCTION__; - } - - if ( $script ) { - if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $script . $source_url_comment ) ; - } else { - printf( "\n", $script ); - } + ?> + + Date: Wed, 24 Sep 2025 01:26:09 +0530 Subject: [PATCH 07/24] Fix PHPCS errors --- .../themes/twentyfifteen/inc/customizer.php | 32 +++++++++---------- .../themes/twentysixteen/inc/customizer.php | 8 ++--- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index d2224baecebab..49f4c411163e0 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -780,29 +780,29 @@ function twentyfifteen_get_color_scheme_css( $colors ) { */ function twentyfifteen_color_scheme_css_template() { $colors = array( - 'background_color' => '{{ data.background_color }}', - 'header_background_color' => '{{ data.header_background_color }}', - 'box_background_color' => '{{ data.box_background_color }}', - 'textcolor' => '{{ data.textcolor }}', - 'secondary_textcolor' => '{{ data.secondary_textcolor }}', - 'border_color' => '{{ data.border_color }}', - 'border_focus_color' => '{{ data.border_focus_color }}', - 'sidebar_textcolor' => '{{ data.sidebar_textcolor }}', - 'sidebar_border_color' => '{{ data.sidebar_border_color }}', - 'sidebar_border_focus_color' => '{{ data.sidebar_border_focus_color }}', - 'secondary_sidebar_textcolor' => '{{ data.secondary_sidebar_textcolor }}', - 'meta_box_background_color' => '{{ data.meta_box_background_color }}', + 'background_color' => '{{ data.background_color }}', + 'header_background_color' => '{{ data.header_background_color }}', + 'box_background_color' => '{{ data.box_background_color }}', + 'textcolor' => '{{ data.textcolor }}', + 'secondary_textcolor' => '{{ data.secondary_textcolor }}', + 'border_color' => '{{ data.border_color }}', + 'border_focus_color' => '{{ data.border_focus_color }}', + 'sidebar_textcolor' => '{{ data.sidebar_textcolor }}', + 'sidebar_border_color' => '{{ data.sidebar_border_color }}', + 'sidebar_border_focus_color' => '{{ data.sidebar_border_focus_color }}', + 'secondary_sidebar_textcolor' => '{{ data.secondary_sidebar_textcolor }}', + 'meta_box_background_color' => '{{ data.meta_box_background_color }}', ); $css = twentyfifteen_get_color_scheme_css( $colors ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', 'id' => 'tmpl-twentyfifteen-color-scheme' ) ); + wp_print_inline_script_tag( $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', 'id' => 'tmpl-twentyfifteen-color-scheme' ) ); } else { printf( - "\n", - 'type="text/html" id="tmpl-twentyfifteen-color-scheme"', - $css + "\n", + 'type="text/html" id="tmpl-twentyfifteen-color-scheme"', + $css ); } } diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 14a7119abb12d..8e2cf3fba92e6 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -853,12 +853,12 @@ function twentysixteen_color_scheme_css_template() { $css = twentysixteen_get_color_scheme_css( $colors ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', 'id' => 'tmpl-twentysixteen-color-scheme' ) ); + wp_print_inline_script_tag( $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', 'id' => 'tmpl-twentysixteen-color-scheme' ) ); } else { printf( - "\n", - 'type="text/html" id="tmpl-twentysixteen-color-scheme"', - $css + "\n", + 'type="text/html" id="tmpl-twentysixteen-color-scheme"', + $css ); } } From 0faa697adae06fec8fd188dec108f798572014c6 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 01:29:09 +0530 Subject: [PATCH 08/24] Remove Polyfills --- .../themes/twentyfifteen/functions.php | 34 ------------------- .../themes/twentynineteen/functions.php | 34 ------------------- .../themes/twentyseventeen/functions.php | 34 ------------------- .../themes/twentysixteen/functions.php | 34 ------------------- .../themes/twentytwenty/functions.php | 34 ------------------- .../themes/twentytwentyone/functions.php | 34 ------------------- 6 files changed, 204 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index 8925d38a30b9d..c526d4dd96b69 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -672,37 +672,3 @@ function twentyfifteen_register_block_patterns() { } add_action( 'init', 'twentyfifteen_register_block_patterns' ); - -if ( ! function_exists( 'wp_sanitize_script_attributes' ) ) { - /** - * Sanitizes an attributes array into an attributes string to be placed inside a `\n", diff --git a/src/wp-content/themes/twentyseventeen/functions.php b/src/wp-content/themes/twentyseventeen/functions.php index f422cddd133de..fce1235beba4d 100644 --- a/src/wp-content/themes/twentyseventeen/functions.php +++ b/src/wp-content/themes/twentyseventeen/functions.php @@ -409,10 +409,10 @@ function twentyseventeen_javascript_detection() { $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $js ); - } + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $js ); + } } add_action( 'wp_head', 'twentyseventeen_javascript_detection', 0 ); diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 8e2cf3fba92e6..1e0de1aae3240 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -853,7 +853,13 @@ function twentysixteen_color_scheme_css_template() { $css = twentysixteen_get_color_scheme_css( $colors ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', 'id' => 'tmpl-twentysixteen-color-scheme' ) ); + wp_print_inline_script_tag( + $css . "\n//# sourceURL=" . __FUNCTION__, + array( + 'type' => 'text/html', + 'id' => 'tmpl-twentysixteen-color-scheme' + ) + ); } else { printf( "\n", diff --git a/src/wp-content/themes/twentytwenty/inc/template-tags.php b/src/wp-content/themes/twentytwenty/inc/template-tags.php index 4208aded5ed95..11b6cab656019 100644 --- a/src/wp-content/themes/twentytwenty/inc/template-tags.php +++ b/src/wp-content/themes/twentytwenty/inc/template-tags.php @@ -664,10 +664,10 @@ function twentytwenty_no_js_class() { $js = "document.documentElement.className = document.documentElement.className.replace( 'no-js', 'js' );"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $js ); - } + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $js ); + } } add_action( 'wp_head', 'twentytwenty_no_js_class' ); From 53884277226c50e30b9551d2365a3240a09fb787 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 01:41:59 +0530 Subject: [PATCH 10/24] Fix --- src/wp-content/themes/twentyfifteen/functions.php | 8 ++++---- src/wp-content/themes/twentyfifteen/inc/customizer.php | 2 +- src/wp-content/themes/twentysixteen/inc/customizer.php | 4 ++-- .../themes/twentytwentyone/inc/template-functions.php | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index c526d4dd96b69..1b9d6a9826eb0 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -415,10 +415,10 @@ function twentyfifteen_javascript_detection() { $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $js ); - } + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $js ); + } } add_action( 'wp_head', 'twentyfifteen_javascript_detection', 0 ); diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index cd95939e5bd38..aa03ed7908a2d 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -801,7 +801,7 @@ function twentyfifteen_color_scheme_css_template() { $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', - 'id' => 'tmpl-twentyfifteen-color-scheme' + 'id' => 'tmpl-twentyfifteen-color-scheme', ) ); } else { diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 1e0de1aae3240..749fc35fa5d10 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -857,8 +857,8 @@ function twentysixteen_color_scheme_css_template() { $css . "\n//# sourceURL=" . __FUNCTION__, array( 'type' => 'text/html', - 'id' => 'tmpl-twentysixteen-color-scheme' - ) + 'id' => 'tmpl-twentysixteen-color-scheme', + ) ); } else { printf( diff --git a/src/wp-content/themes/twentytwentyone/inc/template-functions.php b/src/wp-content/themes/twentytwentyone/inc/template-functions.php index 4e6b5205d3655..77fc0f6140bfb 100644 --- a/src/wp-content/themes/twentytwentyone/inc/template-functions.php +++ b/src/wp-content/themes/twentytwentyone/inc/template-functions.php @@ -77,10 +77,10 @@ function twenty_twenty_one_supports_js() { $js = "document.body.classList.remove('no-js');"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $js ); - } + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $js ); + } } add_action( 'wp_footer', 'twenty_twenty_one_supports_js' ); From 253cb833cf1a439b25fd9ce8419d163c76bbab24 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 11:25:50 +0530 Subject: [PATCH 11/24] Fix twentydixteen functions.php --- src/wp-content/themes/twentysixteen/functions.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wp-content/themes/twentysixteen/functions.php b/src/wp-content/themes/twentysixteen/functions.php index 391d060676c86..ed5d88756e88e 100644 --- a/src/wp-content/themes/twentysixteen/functions.php +++ b/src/wp-content/themes/twentysixteen/functions.php @@ -376,10 +376,10 @@ function twentysixteen_javascript_detection() { $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $js ); - } + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $js ); + } } add_action( 'wp_head', 'twentysixteen_javascript_detection', 0 ); From d9c441d91f40470013e6aabd32c4a16e6c7517db Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Wed, 24 Sep 2025 11:36:05 +0530 Subject: [PATCH 12/24] Fix TwentyTwentyOne Functions errors --- src/wp-content/themes/twentytwentyone/functions.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index a412f71c86df3..6dae84a02e3b1 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -637,10 +637,10 @@ function twentytwentyone_add_ie_class() { "; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $script . "\n//# sourceURL=" . __FUNCTION__ ); - } else { - printf( "\n", $script ); - } + wp_print_inline_script_tag( $script . "\n//# sourceURL=" . __FUNCTION__ ); + } else { + printf( "\n", $script ); + } } add_action( 'wp_footer', 'twentytwentyone_add_ie_class' ); From 1d5ecbc62cc9a8dee8bd47891a5ff2a846bdad5d Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Tue, 7 Oct 2025 10:39:04 +0530 Subject: [PATCH 13/24] Use echo instead of printf --- src/wp-content/themes/twentyfifteen/functions.php | 4 ++-- src/wp-content/themes/twentyfifteen/inc/customizer.php | 2 +- src/wp-content/themes/twentyseventeen/functions.php | 4 ++-- src/wp-content/themes/twentysixteen/functions.php | 4 ++-- src/wp-content/themes/twentysixteen/inc/customizer.php | 2 +- src/wp-content/themes/twentytwenty/inc/template-tags.php | 4 ++-- src/wp-content/themes/twentytwentyone/functions.php | 4 ++-- .../themes/twentytwentyone/inc/template-functions.php | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index 1b9d6a9826eb0..17f37dbb8e0eb 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -415,9 +415,9 @@ function twentyfifteen_javascript_detection() { $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } else { - printf( "\n", $js ); + echo "\n"; } } add_action( 'wp_head', 'twentyfifteen_javascript_detection', 0 ); diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index aa03ed7908a2d..8fecc00e2033f 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -798,7 +798,7 @@ function twentyfifteen_color_scheme_css_template() { if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( - $css . "\n//# sourceURL=" . __FUNCTION__, + $css . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ), array( 'type' => 'text/html', 'id' => 'tmpl-twentyfifteen-color-scheme', diff --git a/src/wp-content/themes/twentyseventeen/functions.php b/src/wp-content/themes/twentyseventeen/functions.php index fce1235beba4d..914e4c2369d99 100644 --- a/src/wp-content/themes/twentyseventeen/functions.php +++ b/src/wp-content/themes/twentyseventeen/functions.php @@ -409,9 +409,9 @@ function twentyseventeen_javascript_detection() { $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } else { - printf( "\n", $js ); + echo "\n"; } } add_action( 'wp_head', 'twentyseventeen_javascript_detection', 0 ); diff --git a/src/wp-content/themes/twentysixteen/functions.php b/src/wp-content/themes/twentysixteen/functions.php index ed5d88756e88e..ed77362ef9546 100644 --- a/src/wp-content/themes/twentysixteen/functions.php +++ b/src/wp-content/themes/twentysixteen/functions.php @@ -376,9 +376,9 @@ function twentysixteen_javascript_detection() { $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } else { - printf( "\n", $js ); + echo "\n"; } } add_action( 'wp_head', 'twentysixteen_javascript_detection', 0 ); diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 749fc35fa5d10..ecea22e8c6edd 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -854,7 +854,7 @@ function twentysixteen_color_scheme_css_template() { if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( - $css . "\n//# sourceURL=" . __FUNCTION__, + $css . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ), array( 'type' => 'text/html', 'id' => 'tmpl-twentysixteen-color-scheme', diff --git a/src/wp-content/themes/twentytwenty/inc/template-tags.php b/src/wp-content/themes/twentytwenty/inc/template-tags.php index 11b6cab656019..a8453cb93195f 100644 --- a/src/wp-content/themes/twentytwenty/inc/template-tags.php +++ b/src/wp-content/themes/twentytwenty/inc/template-tags.php @@ -664,9 +664,9 @@ function twentytwenty_no_js_class() { $js = "document.documentElement.className = document.documentElement.className.replace( 'no-js', 'js' );"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } else { - printf( "\n", $js ); + echo "\n"; } } diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index 6dae84a02e3b1..a7a8e9b174454 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -637,9 +637,9 @@ function twentytwentyone_add_ie_class() { "; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $script . "\n//# sourceURL=" . __FUNCTION__ ); + wp_print_inline_script_tag( $script . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } else { - printf( "\n", $script ); + echo "\n"; } } add_action( 'wp_footer', 'twentytwentyone_add_ie_class' ); diff --git a/src/wp-content/themes/twentytwentyone/inc/template-functions.php b/src/wp-content/themes/twentytwentyone/inc/template-functions.php index 77fc0f6140bfb..dc32b383c678f 100644 --- a/src/wp-content/themes/twentytwentyone/inc/template-functions.php +++ b/src/wp-content/themes/twentytwentyone/inc/template-functions.php @@ -77,9 +77,9 @@ function twenty_twenty_one_supports_js() { $js = "document.body.classList.remove('no-js');"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . __FUNCTION__ ); + wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); } else { - printf( "\n", $js ); + echo "\n"; } } add_action( 'wp_footer', 'twenty_twenty_one_supports_js' ); From ca2e7da12f4663c01bfcdc1c9f0f998f9cfa4910 Mon Sep 17 00:00:00 2001 From: Debarghya Banerjee Date: Tue, 7 Oct 2025 10:53:41 +0530 Subject: [PATCH 14/24] Update the customizer --- src/wp-content/themes/twentyfifteen/inc/customizer.php | 6 +----- src/wp-content/themes/twentysixteen/inc/customizer.php | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index 8fecc00e2033f..708a68869f5b5 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -805,11 +805,7 @@ function twentyfifteen_color_scheme_css_template() { ) ); } else { - printf( - "\n", - 'type="text/html" id="tmpl-twentyfifteen-color-scheme"', - $css - ); + echo ''; } } add_action( 'customize_controls_print_footer_scripts', 'twentyfifteen_color_scheme_css_template' ); diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index ecea22e8c6edd..5fc52df57cdc2 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -861,11 +861,7 @@ function twentysixteen_color_scheme_css_template() { ) ); } else { - printf( - "\n", - 'type="text/html" id="tmpl-twentysixteen-color-scheme"', - $css - ); + echo ''; } } add_action( 'customize_controls_print_footer_scripts', 'twentysixteen_color_scheme_css_template' ); From 186e54307dbd9636321c715975a900c77e2b52f3 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 13:28:32 -0700 Subject: [PATCH 15/24] Remove sourceURL comments from HTML templates --- .../themes/twentyfifteen/inc/customizer.php | 20 +++++-------------- .../themes/twentysixteen/inc/customizer.php | 20 +++++-------------- 2 files changed, 10 insertions(+), 30 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index 708a68869f5b5..16415a496e4dc 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -776,7 +776,6 @@ function twentyfifteen_get_color_scheme_css( $colors ) { * preview. * * @since Twenty Fifteen 1.0 - * @since Twenty Fifteen 4.1 Added `wp_print_inline_script_tag()` support. */ function twentyfifteen_color_scheme_css_template() { $colors = array( @@ -793,19 +792,10 @@ function twentyfifteen_color_scheme_css_template() { 'secondary_sidebar_textcolor' => '{{ data.secondary_sidebar_textcolor }}', 'meta_box_background_color' => '{{ data.meta_box_background_color }}', ); - - $css = twentyfifteen_get_color_scheme_css( $colors ); - - if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( - $css . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ), - array( - 'type' => 'text/html', - 'id' => 'tmpl-twentyfifteen-color-scheme', - ) - ); - } else { - echo ''; - } + ?> + + '{{ data.secondary_text_color }}', 'border_color' => '{{ data.border_color }}', ); - - $css = twentysixteen_get_color_scheme_css( $colors ); - - if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( - $css . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ), - array( - 'type' => 'text/html', - 'id' => 'tmpl-twentysixteen-color-scheme', - ) - ); - } else { - echo ''; - } + ?> + + Date: Tue, 7 Oct 2025 13:31:59 -0700 Subject: [PATCH 16/24] Remove file_exists() check since not in original --- .../themes/twentytwenty/inc/template-tags.php | 1 - .../class-twenty-twenty-one-dark-mode.php | 18 +++++++----------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/src/wp-content/themes/twentytwenty/inc/template-tags.php b/src/wp-content/themes/twentytwenty/inc/template-tags.php index a8453cb93195f..3fd4eaec56969 100644 --- a/src/wp-content/themes/twentytwenty/inc/template-tags.php +++ b/src/wp-content/themes/twentytwenty/inc/template-tags.php @@ -660,7 +660,6 @@ function twentytwenty_nav_menu_social_icons( $item_output, $item, $depth, $args * @since Twenty Twenty 1.0 */ function twentytwenty_no_js_class() { - $js = "document.documentElement.className = document.documentElement.className.replace( 'no-js', 'js' );"; if ( function_exists( 'wp_print_inline_script_tag' ) ) { diff --git a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php index ee56f538c40be..83a117f1b41e5 100644 --- a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php +++ b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php @@ -363,19 +363,15 @@ public function the_html( $attrs = array() ) { * @return void */ public function the_script() { - $js_path = get_template_directory() . '/assets/js/dark-mode-toggler.js'; - if ( file_exists( $js_path ) ) { - - if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( - file_get_contents( $js_path ) . - "\n//# sourceURL=" . trailingslashit( get_template_directory_uri() ) . 'assets/js/dark-mode-toggler.js' - ); - } else { - printf( "\n", file_get_contents( $js_path ) ); - } + if ( function_exists( 'wp_print_inline_script_tag' ) ) { + wp_print_inline_script_tag( + file_get_contents( $js_path ) . + "\n//# sourceURL=" . trailingslashit( get_template_directory_uri() ) . 'assets/js/dark-mode-toggler.js' + ); + } else { + printf( "\n", file_get_contents( $js_path ) ); } } From c8c8038a61823fd2d16408e75af5248e741d1f5d Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 13:42:48 -0700 Subject: [PATCH 17/24] Reuse relative path --- .../classes/class-twenty-twenty-one-dark-mode.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php index 83a117f1b41e5..58d18bdf8e372 100644 --- a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php +++ b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php @@ -363,15 +363,17 @@ public function the_html( $attrs = array() ) { * @return void */ public function the_script() { - $js_path = get_template_directory() . '/assets/js/dark-mode-toggler.js'; + $rel_path = 'assets/js/dark-mode-toggler.js'; + $path = trailingslashit( get_template_directory() ) . $rel_path; if ( function_exists( 'wp_print_inline_script_tag' ) ) { + $url = trailingslashit( get_template_directory_uri() ) . $rel_path; wp_print_inline_script_tag( - file_get_contents( $js_path ) . - "\n//# sourceURL=" . trailingslashit( get_template_directory_uri() ) . 'assets/js/dark-mode-toggler.js' + file_get_contents( $path ) . + "\n//# sourceURL=" . $url ); } else { - printf( "\n", file_get_contents( $js_path ) ); + printf( "\n", file_get_contents( $path ) ); } } From 7ebe75c86e6a94f6c1936e350bb027674aad6460 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 13:49:10 -0700 Subject: [PATCH 18/24] Use the same JS regardless of whether wp_print_inline_script_tag() exists --- src/wp-content/themes/twentyfifteen/functions.php | 5 +++-- .../themes/twentyseventeen/functions.php | 5 +++-- src/wp-content/themes/twentysixteen/functions.php | 5 +++-- .../themes/twentytwenty/inc/template-tags.php | 5 +++-- .../classes/class-twenty-twenty-one-dark-mode.php | 14 +++++--------- .../themes/twentytwentyone/functions.php | 5 +++-- .../twentytwentyone/inc/template-functions.php | 5 +++-- 7 files changed, 23 insertions(+), 21 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/functions.php b/src/wp-content/themes/twentyfifteen/functions.php index 17f37dbb8e0eb..837929fad310f 100644 --- a/src/wp-content/themes/twentyfifteen/functions.php +++ b/src/wp-content/themes/twentyfifteen/functions.php @@ -412,10 +412,11 @@ function twentyfifteen_fonts_url() { * @since Twenty Fifteen 1.1 */ function twentyfifteen_javascript_detection() { - $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + $js .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); + wp_print_inline_script_tag( $js ); } else { echo "\n"; } diff --git a/src/wp-content/themes/twentyseventeen/functions.php b/src/wp-content/themes/twentyseventeen/functions.php index 914e4c2369d99..138bfd33d1cce 100644 --- a/src/wp-content/themes/twentyseventeen/functions.php +++ b/src/wp-content/themes/twentyseventeen/functions.php @@ -406,10 +406,11 @@ function twentyseventeen_excerpt_more( $link ) { * @since Twenty Seventeen 1.0 */ function twentyseventeen_javascript_detection() { - $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + $js .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); + wp_print_inline_script_tag( $js ); } else { echo "\n"; } diff --git a/src/wp-content/themes/twentysixteen/functions.php b/src/wp-content/themes/twentysixteen/functions.php index ed77362ef9546..0cf65cd55ca96 100644 --- a/src/wp-content/themes/twentysixteen/functions.php +++ b/src/wp-content/themes/twentysixteen/functions.php @@ -373,10 +373,11 @@ function twentysixteen_fonts_url() { * @since Twenty Sixteen 1.0 */ function twentysixteen_javascript_detection() { - $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + $js = "(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);"; + $js .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); + wp_print_inline_script_tag( $js ); } else { echo "\n"; } diff --git a/src/wp-content/themes/twentytwenty/inc/template-tags.php b/src/wp-content/themes/twentytwenty/inc/template-tags.php index 3fd4eaec56969..23f30df80272a 100644 --- a/src/wp-content/themes/twentytwenty/inc/template-tags.php +++ b/src/wp-content/themes/twentytwenty/inc/template-tags.php @@ -660,10 +660,11 @@ function twentytwenty_nav_menu_social_icons( $item_output, $item, $depth, $args * @since Twenty Twenty 1.0 */ function twentytwenty_no_js_class() { - $js = "document.documentElement.className = document.documentElement.className.replace( 'no-js', 'js' );"; + $js = "document.documentElement.className = document.documentElement.className.replace( 'no-js', 'js' );"; + $js .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); + wp_print_inline_script_tag( $js ); } else { echo "\n"; } diff --git a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php index 58d18bdf8e372..8857e8a74261c 100644 --- a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php +++ b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php @@ -363,17 +363,13 @@ public function the_html( $attrs = array() ) { * @return void */ public function the_script() { - $rel_path = 'assets/js/dark-mode-toggler.js'; - $path = trailingslashit( get_template_directory() ) . $rel_path; - + $path = 'assets/js/dark-mode-toggler.js'; + $js = rtrim( trailingslashit( get_template_directory() ) . $path ); + $js .= "\n//# sourceURL=" . trailingslashit( get_template_directory_uri() ) . $path; if ( function_exists( 'wp_print_inline_script_tag' ) ) { - $url = trailingslashit( get_template_directory_uri() ) . $rel_path; - wp_print_inline_script_tag( - file_get_contents( $path ) . - "\n//# sourceURL=" . $url - ); + wp_print_inline_script_tag( $js ); } else { - printf( "\n", file_get_contents( $path ) ); + printf( "\n", $js ); } } diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index a7a8e9b174454..956138869b585 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -630,14 +630,15 @@ function twentytwentyone_the_html_classes() { * @return void */ function twentytwentyone_add_ie_class() { - $script = " + $script = " if ( -1 !== navigator.userAgent.indexOf('MSIE') || -1 !== navigator.appVersion.indexOf('Trident/') ) { document.body.classList.add('is-IE'); } "; + $script .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $script . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); + wp_print_inline_script_tag( $script ); } else { echo "\n"; } diff --git a/src/wp-content/themes/twentytwentyone/inc/template-functions.php b/src/wp-content/themes/twentytwentyone/inc/template-functions.php index dc32b383c678f..d7284de961ed1 100644 --- a/src/wp-content/themes/twentytwentyone/inc/template-functions.php +++ b/src/wp-content/themes/twentytwentyone/inc/template-functions.php @@ -74,10 +74,11 @@ function twenty_twenty_one_pingback_header() { * @return void */ function twenty_twenty_one_supports_js() { - $js = "document.body.classList.remove('no-js');"; + $js = "document.body.classList.remove('no-js');"; + $js .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { - wp_print_inline_script_tag( $js . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ) ); + wp_print_inline_script_tag( $js ); } else { echo "\n"; } From 3ce69ca599f6127a1bae0346c6906c61bd0658ff Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 13:52:19 -0700 Subject: [PATCH 19/24] Add esc_url_raw() around URLs for good measure --- .../classes/class-twenty-twenty-one-dark-mode.php | 2 +- src/wp-includes/embed.php | 4 ++-- src/wp-includes/formatting.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php index 8857e8a74261c..1a95452f71bd8 100644 --- a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php +++ b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php @@ -365,7 +365,7 @@ public function the_html( $attrs = array() ) { public function the_script() { $path = 'assets/js/dark-mode-toggler.js'; $js = rtrim( trailingslashit( get_template_directory() ) . $path ); - $js .= "\n//# sourceURL=" . trailingslashit( get_template_directory_uri() ) . $path; + $js .= "\n//# sourceURL=" . esc_url_raw( trailingslashit( get_template_directory_uri() ) . $path ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( $js ); } else { diff --git a/src/wp-includes/embed.php b/src/wp-includes/embed.php index 47d10cb453286..8cde1ebb99594 100644 --- a/src/wp-includes/embed.php +++ b/src/wp-includes/embed.php @@ -520,7 +520,7 @@ function get_post_embed_html( $width, $height, $post = null ) { */ $js_path = '/js/wp-embed' . wp_scripts_get_suffix() . '.js'; $output .= wp_get_inline_script_tag( - trim( file_get_contents( ABSPATH . WPINC . $js_path ) ) . "\n//# sourceURL=" . includes_url( $js_path ) + trim( file_get_contents( ABSPATH . WPINC . $js_path ) ) . "\n//# sourceURL=" . esc_url_raw( includes_url( $js_path ) ) ); /** @@ -1093,7 +1093,7 @@ function wp_enqueue_embed_styles() { function print_embed_scripts() { $js_path = '/js/wp-embed-template' . wp_scripts_get_suffix() . '.js'; wp_print_inline_script_tag( - trim( file_get_contents( ABSPATH . WPINC . $js_path ) ) . "\n//# sourceURL=" . includes_url( $js_path ) + trim( file_get_contents( ABSPATH . WPINC . $js_path ) ) . "\n//# sourceURL=" . esc_url_raw( includes_url( $js_path ) ) ); } diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php index 141b245548053..2f22ec25f8738 100644 --- a/src/wp-includes/formatting.php +++ b/src/wp-includes/formatting.php @@ -5992,7 +5992,7 @@ function _print_emoji_detection_script() { $emoji_loader_script_path = '/js/wp-emoji-loader' . wp_scripts_get_suffix() . '.js'; wp_print_inline_script_tag( rtrim( file_get_contents( ABSPATH . WPINC . $emoji_loader_script_path ) ) . "\n" . - '//# sourceURL=' . includes_url( $emoji_loader_script_path ), + '//# sourceURL=' . esc_url_raw( includes_url( $emoji_loader_script_path ) ), array( 'type' => 'module', ) From fd0763a62253e58f41e1f72d425043a7e0ba530b Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 14:24:59 -0700 Subject: [PATCH 20/24] Revert "Remove sourceURL comments from HTML templates" This reverts commit 186e54307dbd9636321c715975a900c77e2b52f3. --- .../themes/twentyfifteen/inc/customizer.php | 20 ++++++++++++++----- .../themes/twentysixteen/inc/customizer.php | 20 ++++++++++++++----- 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index 16415a496e4dc..708a68869f5b5 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -776,6 +776,7 @@ function twentyfifteen_get_color_scheme_css( $colors ) { * preview. * * @since Twenty Fifteen 1.0 + * @since Twenty Fifteen 4.1 Added `wp_print_inline_script_tag()` support. */ function twentyfifteen_color_scheme_css_template() { $colors = array( @@ -792,10 +793,19 @@ function twentyfifteen_color_scheme_css_template() { 'secondary_sidebar_textcolor' => '{{ data.secondary_sidebar_textcolor }}', 'meta_box_background_color' => '{{ data.meta_box_background_color }}', ); - ?> - - 'text/html', + 'id' => 'tmpl-twentyfifteen-color-scheme', + ) + ); + } else { + echo ''; + } } add_action( 'customize_controls_print_footer_scripts', 'twentyfifteen_color_scheme_css_template' ); diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 43a43f8c9e9b6..5fc52df57cdc2 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -838,6 +838,7 @@ function twentysixteen_get_color_scheme_css( $colors ) { * Customizer preview. * * @since Twenty Sixteen 1.0 + * @since Twenty Sixteen 4.1 Added `wp_print_inline_script_tag()` support. */ function twentysixteen_color_scheme_css_template() { $colors = array( @@ -848,11 +849,20 @@ function twentysixteen_color_scheme_css_template() { 'secondary_text_color' => '{{ data.secondary_text_color }}', 'border_color' => '{{ data.border_color }}', ); - ?> - - 'text/html', + 'id' => 'tmpl-twentysixteen-color-scheme', + ) + ); + } else { + echo ''; + } } add_action( 'customize_controls_print_footer_scripts', 'twentysixteen_color_scheme_css_template' ); From 6a1f5c18cb38d7a2d353370cc8f92826cf922470 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 14:29:33 -0700 Subject: [PATCH 21/24] Re-add use of wp_print_inline_script_tag() in CSS template scripts --- src/wp-content/themes/twentyfifteen/inc/customizer.php | 6 +++--- src/wp-content/themes/twentysixteen/inc/customizer.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index 708a68869f5b5..c3220ba70f698 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -794,18 +794,18 @@ function twentyfifteen_color_scheme_css_template() { 'meta_box_background_color' => '{{ data.meta_box_background_color }}', ); - $css = twentyfifteen_get_color_scheme_css( $colors ); + $css_template = twentyfifteen_get_color_scheme_css( $colors ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( - $css . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ), + $css_template, array( 'type' => 'text/html', 'id' => 'tmpl-twentyfifteen-color-scheme', ) ); } else { - echo ''; + echo ''; } } add_action( 'customize_controls_print_footer_scripts', 'twentyfifteen_color_scheme_css_template' ); diff --git a/src/wp-content/themes/twentysixteen/inc/customizer.php b/src/wp-content/themes/twentysixteen/inc/customizer.php index 5fc52df57cdc2..dac588120daaf 100644 --- a/src/wp-content/themes/twentysixteen/inc/customizer.php +++ b/src/wp-content/themes/twentysixteen/inc/customizer.php @@ -850,18 +850,18 @@ function twentysixteen_color_scheme_css_template() { 'border_color' => '{{ data.border_color }}', ); - $css = twentysixteen_get_color_scheme_css( $colors ); + $css_template = twentysixteen_get_color_scheme_css( $colors ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( - $css . "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ), + $css_template, array( 'type' => 'text/html', 'id' => 'tmpl-twentysixteen-color-scheme', ) ); } else { - echo ''; + echo ''; } } add_action( 'customize_controls_print_footer_scripts', 'twentysixteen_color_scheme_css_template' ); From 33151aa0e774ec5bea3d6cb97793fca63d2ae5d3 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 14:30:51 -0700 Subject: [PATCH 22/24] Remove unnecessary backslashes --- src/wp-content/themes/twentyfifteen/inc/customizer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-content/themes/twentyfifteen/inc/customizer.php b/src/wp-content/themes/twentyfifteen/inc/customizer.php index c3220ba70f698..30d883a5d30f0 100644 --- a/src/wp-content/themes/twentyfifteen/inc/customizer.php +++ b/src/wp-content/themes/twentyfifteen/inc/customizer.php @@ -805,7 +805,7 @@ function twentyfifteen_color_scheme_css_template() { ) ); } else { - echo ''; + echo ''; } } add_action( 'customize_controls_print_footer_scripts', 'twentyfifteen_color_scheme_css_template' ); From 35d16d83797a042e928d1fbefa48b3fcde92ba42 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 14:34:06 -0700 Subject: [PATCH 23/24] Add missing file_get_contents() --- .../classes/class-twenty-twenty-one-dark-mode.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php index 1a95452f71bd8..f302f85426202 100644 --- a/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php +++ b/src/wp-content/themes/twentytwentyone/classes/class-twenty-twenty-one-dark-mode.php @@ -364,7 +364,7 @@ public function the_html( $attrs = array() ) { */ public function the_script() { $path = 'assets/js/dark-mode-toggler.js'; - $js = rtrim( trailingslashit( get_template_directory() ) . $path ); + $js = rtrim( file_get_contents( trailingslashit( get_template_directory() ) . $path ) ); $js .= "\n//# sourceURL=" . esc_url_raw( trailingslashit( get_template_directory_uri() ) . $path ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( $js ); From 72f535edf799e6c70d643cdd3056cd4eb2e0936c Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Tue, 7 Oct 2025 15:17:03 -0700 Subject: [PATCH 24/24] Remove extra line break in twentytwentyone_add_ie_class() --- src/wp-content/themes/twentytwentyone/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-content/themes/twentytwentyone/functions.php b/src/wp-content/themes/twentytwentyone/functions.php index 956138869b585..993025f272a01 100644 --- a/src/wp-content/themes/twentytwentyone/functions.php +++ b/src/wp-content/themes/twentytwentyone/functions.php @@ -635,7 +635,7 @@ function twentytwentyone_add_ie_class() { document.body.classList.add('is-IE'); } "; - $script .= "\n//# sourceURL=" . rawurlencode( __FUNCTION__ ); + $script .= '//# sourceURL=' . rawurlencode( __FUNCTION__ ); if ( function_exists( 'wp_print_inline_script_tag' ) ) { wp_print_inline_script_tag( $script );