Handle \r as tag name terminator

Author: sirreal

src/wp-includes/functions.wp-scripts.php

@@ -139,6 +139,11 @@ function wp_add_inline_script( $handle, $data, $position = 'after' ) {
 		(
 			"\t" === $data[7] ||
 			"\n" === $data[7] ||
+			/*
+			 * \r\n and \r are normalized to \n in HTML newline normalization.
+			 * Therefore, \r always behaves like \n and terminates a tag name.
+			 */
+			"\r" === $data[7] ||
 			"\f" === $data[7] ||
 			' ' === $data[7] ||
 			'/' === $data[7] ||

src/wp-includes/html-api/class-wp-html-tag-processor.php

@@ -3745,14 +3745,15 @@ public function set_modifiable_text( string $plaintext_content ): bool {
 				 *     4. One of the following characters:
 				 *        - \t
 				 *        - \n
+				 *        - \r (\r and \r\n newlines are normalized to \n in HTML pre-processing)
 				 *        - \f
 				 *        - " " (U+0020 SPACE)
 				 *        - /
 				 *        - >
 				 *
 				 * @see https://html.spec.whatwg.org/multipage/parsing.html#script-data-double-escaped-state
 				 */
-				if ( preg_match( '~</?script[\t\n\f />]~i', $plaintext_content ) ) {
+				if ( preg_match( '~</?script[\t\r\n\f />]~i', $plaintext_content ) ) {
 					/*
 					 * JavaScript can be safely escaped.
 					 * Non-JavaScript script tags have unknown semantics.
@@ -3761,7 +3762,7 @@ public function set_modifiable_text( string $plaintext_content ): bool {
 					 */
 					if ( $this->is_javascript_script_tag() ) {
 						$plaintext_content = preg_replace_callback(
-							'~<(/?)(s)(cript)([\t\n\f />])~i',
+							'~<(/?)(s)(cript)([\t\r\n\f />])~i',
 							static function ( $matches ) {
 								$escaped_s_char = 's' === $matches[2]
 									? '\u0073'