Improve script tag test and sanitization

Author: sirreal

src/wp-includes/html-api/class-wp-html-tag-processor.php

@@ -3752,10 +3752,7 @@ public function set_modifiable_text( string $plaintext_content ): bool {
 				 *
 				 * @see https://html.spec.whatwg.org/multipage/parsing.html#script-data-double-escaped-state
 				 */
-				if (
-					false !== stripos( $plaintext_content, '</script' ) ||
-					false !== stripos( $plaintext_content, '<script' )
-				) {
+				if ( preg_match( '~</?script[\t\n\f />]~i', $plaintext_content ) ) {
 					/*
 					 * JavaScript can be safely escaped.
 					 * Non-JavaScript script tags have unknown semantics.
@@ -3764,12 +3761,12 @@ public function set_modifiable_text( string $plaintext_content ): bool {
 					 */
 					if ( $this->is_javascript_script_tag() ) {
 						$plaintext_content = preg_replace_callback(
-							'~<(/?)(s)(cript)~i',
+							'~<(/?)(s)(cript)([\t\n\f />])~i',
 							static function ( $matches ) {
 								$escaped_s_char = 's' === $matches[2]
 									? '\u0073'
 									: '\u0053';
-								return "<{$matches[1]}{$escaped_s_char}{$matches[3]}";
+								return "<{$matches[1]}{$escaped_s_char}{$matches[3]}{$matches[4]}";
 							},
 							$plaintext_content
 						);