diff --git a/projects/plugins/jetpack/changelog/add-like-block-attributes-escape b/projects/plugins/jetpack/changelog/add-like-block-attributes-escape new file mode 100644 index 0000000000000..d957b696cee3b --- /dev/null +++ b/projects/plugins/jetpack/changelog/add-like-block-attributes-escape @@ -0,0 +1,4 @@ +Significance: patch +Type: other + +Like block (beta): Escape block output attributes diff --git a/projects/plugins/jetpack/extensions/blocks/like/like.php b/projects/plugins/jetpack/extensions/blocks/like/like.php index 141054343177f..f4860336c1e0b 100644 --- a/projects/plugins/jetpack/extensions/blocks/like/like.php +++ b/projects/plugins/jetpack/extensions/blocks/like/like.php @@ -89,11 +89,11 @@ function render_block( $attr, $content, $block ) { $name = sprintf( 'like-post-frame-%1$d-%2$d-%3$s', $blog_id, $post_id, $uniqid ); $wrapper = sprintf( 'like-post-wrapper-%1$d-%2$d-%3$s', $blog_id, $post_id, $uniqid ); - $html = "
"; - $html .= $headline; - $html .= "
" . esc_html__( 'Like', 'jetpack' ) . ' ' . esc_html__( 'Loading...', 'jetpack' ) . '
'; - $html .= ""; - $html .= '
'; + $html = "
" + . $headline + . "
" . esc_html__( 'Like', 'jetpack' ) . " " . esc_html__( 'Loading...', 'jetpack' ) . '
' + . "" + . '
'; return sprintf( '
%2$s
',