From 570a0395421af4e551e78739c0eed069a4b1422e Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Fri, 20 Sep 2024 16:26:19 -0700
Subject: [PATCH] Encode attribute values

---
 src/wp-includes/kses.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php
index 54d3cba80efc3..7ae8cc1a6353b 100644
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@@ -1390,7 +1390,7 @@ function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowe
  */
 function wp_kses_hair( $attr, $allowed_protocols ) {
 	$uri_names = wp_kses_uri_attributes();
-	$processor = new WP_HTML_Tag_Processor( "<my-tag {$attr}>" );
+	$processor = new WP_HTML_Tag_Processor( "<wp-fake-tag {$attr}>" );
 	$processor->next_tag();
 
 	$attribute_names = $processor->get_attribute_names_with_prefix( '' );
@@ -1405,6 +1405,7 @@ function wp_kses_hair( $attr, $allowed_protocols ) {
 
 		if ( ! $is_boolean ) {
 			$value = str_replace( "\x00", "\u{FFFD}", $value );
+			$value = htmlspecialchars( $value, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' );
 		}
 
 		if ( ! $is_boolean && in_array( $attribute_name, $uri_names, true ) ) {
@@ -1413,10 +1414,8 @@ function wp_kses_hair( $attr, $allowed_protocols ) {
 
 		$attributes[ $attribute_name ] = array(
 			'name'  => $attribute_name,
-			'value' => $is_boolean ? '' : $processor->get_attribute( $attribute_name ),
-			'whole' => $is_boolean
-				? $attribute_name
-				: ( "{$attribute_name}=\"" . htmlspecialchars( $value, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' ) . '"' ),
+			'value' => $is_boolean ? '' : $value,
+			'whole' => $is_boolean ? $attribute_name : "{$attribute_name}=\"{$value}\"",
 			'vless' => $is_boolean,
 		);
 	}