wp_sanitize_script_attributes

The timeline below displays how wordpress function wp_sanitize_script_attributes has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.3

/**
 * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
 *
 * Automatically injects type attribute if needed.
 * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
 *
 * @since 5.7.0
 *
 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
 * @return string String made of sanitized `<script>` tag attributes.
 */
function wp_sanitize_script_attributes($attributes)
{
    $html5_script_support = !is_admin() && !current_theme_supports('html5', 'script');
    $attributes_string = '';
    /*
     * If HTML5 script tag is supported, only the attribute name is added
     * to $attributes_string for entries with a boolean value, and that are true.
     */
    foreach ($attributes as $attribute_name => $attribute_value) {
        if (is_bool($attribute_value)) {
            if ($attribute_value) {
                $attributes_string .= $html5_script_support ? sprintf(' %1$s="%2$s"', esc_attr($attribute_name), esc_attr($attribute_name)) : (' ' . esc_attr($attribute_name));
            }
        } else {
            $attributes_string .= sprintf(' %1$s="%2$s"', esc_attr($attribute_name), esc_attr($attribute_value));
        }
    }
    return $attributes_string;
}

WordPress Version: 7.1

/**
 * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
 *
 * Automatically injects type attribute if needed.
 * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
 *
 * @since 5.7.0
 *
 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
 * @return string String made of sanitized `<script>` tag attributes.
 */
function wp_sanitize_script_attributes($attributes)
{
    $html5_script_support = !is_admin() && !current_theme_supports('html5', 'script');
    $attributes_string = '';
    // If HTML5 script tag is supported, only the attribute name is added
    // to $attributes_string for entries with a boolean value, and that are true.
    foreach ($attributes as $attribute_name => $attribute_value) {
        if (is_bool($attribute_value)) {
            if ($attribute_value) {
                $attributes_string .= $html5_script_support ? sprintf(' %1$s="%2$s"', esc_attr($attribute_name), esc_attr($attribute_name)) : (' ' . esc_attr($attribute_name));
            }
        } else {
            $attributes_string .= sprintf(' %1$s="%2$s"', esc_attr($attribute_name), esc_attr($attribute_value));
        }
    }
    return $attributes_string;
}

WordPress Version: 5.7

/**
 * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
 *
 * Automatically injects type attribute if needed.
 * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
 *
 * @since 5.7.0
 *
 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
 * @return string String made of sanitized `<script>` tag attributes.
 */
function wp_sanitize_script_attributes($attributes)
{
    $html5_script_support = !is_admin() && !current_theme_supports('html5', 'script');
    $attributes_string = '';
    // If HTML5 script tag is supported, only the attribute name is added
    // to $attributes_string for entries with a boolean value, and that are true.
    foreach ($attributes as $attribute_name => $attribute_value) {
        if (is_bool($attribute_value)) {
            if ($attribute_value) {
                $attributes_string .= $html5_script_support ? sprintf(' %1$s="%2$s"', esc_attr($attribute_name), esc_attr($attribute_name)) : (' ' . $attribute_name);
            }
        } else {
            $attributes_string .= sprintf(' %1$s="%2$s"', esc_attr($attribute_name), esc_attr($attribute_value));
        }
    }
    return $attributes_string;
}