Template Part: Improve how the tag name attribute is handled (#62785)

Only valid tags should be allowed rather than characters that can't be a part of HTML tags. Co-authored-by: gziolo <gziolo@git.wordpress.org> Co-authored-by: aaronjorbin <jorbin@git.wordpress.org>
WordPress · Jun 24, 2024 · f14e12a · f14e12a
1 parent 4229ffb
commit f14e12a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/block-library/src/template-part/index.php b/packages/block-library/src/template-part/index.php
@@ -141,7 +141,7 @@ function render_block_core_template_part( $attributes ) {
 	global $wp_embed;
 	$content = $wp_embed->autoembed( $content );
 
-	if ( empty( $attributes['tagName'] ) ) {
+	if ( empty( $attributes['tagName'] ) || tag_escape( $attributes['tagName'] ) !== $attributes['tagName'] ) {
 		$defined_areas = get_allowed_block_template_part_areas();
 		$area_tag      = 'div';
 		foreach ( $defined_areas as $defined_area ) {