From a66cb4bb18bbd3d3a96e0ec5f1596705eb1b3a0d Mon Sep 17 00:00:00 2001
From: Peter Wilson <wilson@peterwilson.cc>
Date: Thu, 25 Mar 2021 00:27:06 +0000
Subject: [PATCH] Script Loader: Escape HTML5 boolean attribute names.

Add escaping of boolean attribute names in `wp_sanitize_script_attributes()` for themes supporting HTML5 script elements.

Props tmatsuur, johnbillion, joyously.
Fixes #52894.

Built from https://develop.svn.wordpress.org/trunk@50575


git-svn-id: http://core.svn.wordpress.org/trunk@50188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/script-loader.php | 2 +-
 wp-includes/version.php       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php
index 34728ca5f6..5379dddee0 100644
--- a/wp-includes/script-loader.php
+++ b/wp-includes/script-loader.php
@@ -2353,7 +2353,7 @@ function wp_sanitize_script_attributes( $attributes ) {
 	foreach ( $attributes as $attribute_name => $attribute_value ) {
 		if ( is_bool( $attribute_value ) ) {
 			if ( $attribute_value ) {
-				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
+				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . esc_attr( $attribute_name );
 			}
 		} else {
 			$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index f9f5feadd4..233f6c3d1b 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.8-alpha-50571';
+$wp_version = '5.8-alpha-50575';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.