From abe0925af3ad5716a7d30f465ac205b1fc8ca45b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Zi=C3=B3=C5=82kowski?= <grzegorz@gziolo.pl>
Date: Mon, 24 Jun 2024 13:30:05 +0200
Subject: [PATCH] Template Part: Improve how the tag name attribute is handled
 (#62785)

Only valid tags should be allowed rather than characters that can't be a part of HTML tags.

Co-authored-by: gziolo <gziolo@git.wordpress.org>
Co-authored-by: aaronjorbin <jorbin@git.wordpress.org>
---
 packages/block-library/src/template-part/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/block-library/src/template-part/index.php b/packages/block-library/src/template-part/index.php
index b9cae2d48ed17..be867c4ced166 100644
--- a/packages/block-library/src/template-part/index.php
+++ b/packages/block-library/src/template-part/index.php
@@ -161,7 +161,7 @@ function render_block_core_template_part( $attributes ) {
 	global $wp_embed;
 	$content = $wp_embed->autoembed( $content );
 
-	if ( empty( $attributes['tagName'] ) ) {
+	if ( empty( $attributes['tagName'] ) || tag_escape( $attributes['tagName'] ) !== $attributes['tagName'] ) {
 		$area_tag = 'div';
 		if ( $area_definition && isset( $area_definition['area_tag'] ) ) {
 			$area_tag = $area_definition['area_tag'];