File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed
Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -4095,6 +4095,17 @@ private function is_json_script_tag(): bool {
40954095 * `regex.test( '<script>' ) === true` in both the unescaped and
40964096 * escaped versions.
40974097 *
4098+ * JavaScript that is relies on behavior affected by this escaping must provide
4099+ * safe script contents in order to avoid this escaping. For example, a raw string
4100+ * may be split up to make its contents safe or avoided altogether:
4101+ *
4102+ * console.log( String.raw`</script>` ); // !!UNSAFE!! Will be escaped.
4103+ * console.log( String.raw`</\u0073cript>` ); // "</\u0073cript>"
4104+ * console.log( String.raw`</scr` + String.raw`ipt>` ); // "</script>"
4105+ * console.log( String.raw`</${"script"}>` ); // "</script>"
4106+ * console.log( "\x3C/script>" ); // "</script>"
4107+ * console.log( "<\/script>" ); // "</script>"
4108+ *
40984109 * @see https://html.spec.whatwg.org/#restrictions-for-contents-of-script-elements
40994110 */
41004111 private function escape_javascript_script_contents ( string $ textstring {
You can’t perform that action at this time.
0 commit comments