wp_sanitize_script_attributes()
Sanitizes an attributes array into an attributes string to be placed inside a <script> tag.
Automatically injects type attribute if needed. Used by wp_get_script_tag() and wp_get_inline_script_tag().
No Hooks.
Returns
String. String made of sanitized <script> tag attributes.
Usage
wp_sanitize_script_attributes( $attributes );
- $attributes(array) (required)
- Key-value pairs representing
<script>tag attributes.
Changelog
| Since 5.7.0 | Introduced. |
wp_sanitize_script_attributes() wp sanitize script attributes code WP 6.9.1
function wp_sanitize_script_attributes( $attributes ) {
$html5_script_support = is_admin() || current_theme_supports( 'html5', 'script' );
$attributes_string = '';
/*
* If HTML5 script tag is supported, only the attribute name is added
* to $attributes_string for entries with a boolean value, and that are true.
*/
foreach ( $attributes as $attribute_name => $attribute_value ) {
if ( is_bool( $attribute_value ) ) {
if ( $attribute_value ) {
$attributes_string .= $html5_script_support ? ' ' . esc_attr( $attribute_name ) : sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) );
}
} else {
$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );
}
}
return $attributes_string;
}