From 8e7a242ca5e01eecf5893f2fd147352b0ea4cd93 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Mon, 1 Feb 2021 08:25:09 -0700
Subject: [PATCH 1/9] Patch from ticket.

---
 src/wp-includes/functions.php                 | 120 ++++++++++++++++
 .../tests/functions/wpInlineScriptTag.php     | 119 ++++++++++++++++
 .../functions/wpSanitizeScriptAttributes.php  | 130 ++++++++++++++++++
 tests/phpunit/tests/functions/wpScriptTag.php |  94 +++++++++++++
 4 files changed, 463 insertions(+)
 create mode 100644 tests/phpunit/tests/functions/wpInlineScriptTag.php
 create mode 100644 tests/phpunit/tests/functions/wpSanitizeScriptAttributes.php
 create mode 100644 tests/phpunit/tests/functions/wpScriptTag.php

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 536f195b14875..a6c63681f8be2 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7781,3 +7781,123 @@ function is_php_version_compatible( $required ) {
 function wp_fuzzy_number_match( $expected, $actual, $precision = 1 ) {
 	return abs( (float) $expected - (float) $actual ) <= $precision;
 }
+
+/**
+ * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
+ *
+ * Automatically injects type attribute if needed.
+ * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
+ *
+ * @since 5.6.0
+ *
+ * @param array $attributes Key-value pairs representing `<script>` tag attributes.
+ * @return string String made of sanitized `<script>` tag attributes.
+ */
+function wp_sanitize_script_attributes( $attributes ) {
+	$html5_script_support = ! is_admin() && ! current_theme_supports( 'html5', 'script' );
+	$attributes_string    = '';
+
+	// If HTML5 scirpt tag is supported, only the attribute name is added
+	// to $attributes_string for entries with a boolean value, and that are true.
+	foreach ( $attributes as $attribute_name => $attribute_value ) {
+		if ( is_bool( $attribute_value ) ) {
+			if ( $attribute_value ) {
+				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', $attribute_name, esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
+			}
+		} else {
+			$attributes_string .= sprintf( ' %1$s="%2$s"', $attribute_name, esc_attr( $attribute_value ) );
+		}
+	}
+
+	return $attributes_string;
+}
+
+/**
+ * Formats `<script>` loader tags.
+ *
+ * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
+ * Automatically injects type attribute if needed.
+ *
+ * @since 5.6.0
+ *
+ * @param array $attributes Key-value pairs representing `<script>` tag attributes.
+ * @return string String containing `<script>` opening and closing tags.
+ */
+function wp_get_script_tag( $attributes ) {
+	if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) {
+		$attributes['type'] = 'text/javascript';
+	}
+	/**
+	 * Filters attributes to be added to a script tag.
+	 *
+	 * @since 5.6.0
+	 *
+	 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
+	 *                          Only the attribute name is added to the `<script>` tag for
+	 *                          entries with a boolean value, and that are true.
+	 */
+	$attributes = apply_filters( 'wp_script_attributes', $attributes );
+
+	return sprintf( "<script%s></script>\n", wp_sanitize_script_attributes( $attributes ) );
+}
+
+/**
+ * Prints formatted `<script>` loader tag.
+ *
+ * It is possible to inject attributes in the `<script>` tag via the  {@see 'wp_script_attributes'}  filter.
+ * Automatically injects type attribute if needed.
+ *
+ * @since 5.6.0
+ *
+ * @param array $attributes Key-value pairs representing `<script>` tag attributes.
+ */
+function wp_print_script_tag( $attributes ) {
+	echo wp_get_script_tag( $attributes );
+}
+
+/**
+ * Wraps inline JavaScript in `<script>` tag.
+ *
+ * It is possible to inject attributes in the `<script>` tag via the  {@see 'wp_script_attributes'}  filter.
+ * Automatically injects type attribute if needed.
+ *
+ * @since 5.6.0
+ *
+ * @param string $javascript Inline JavaScript code.
+ * @param array  $attributes Optional. Key-value pairs representing `<script>` tag attributes.
+ * @return string String containing inline JavaScript code wrapped around `<script>` tag.
+ */
+function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
+	if ( ! isset( $attributes['type'] ) && ! is_admin() && ! current_theme_supports( 'html5', 'script' ) ) {
+		$attributes['type'] = 'text/javascript';
+	}
+	/**
+	 * Filters attributes to be added to a script tag.
+	 *
+	 * @since 5.6.0
+	 *
+	 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
+	 *                          Only the attribute name is added to the `<script>` tag for
+	 *                          entries with a boolean value, and that are true.
+	 */
+	$attributes = apply_filters( 'wp_script_attributes', $attributes );
+
+	$javascript = "\n" . trim( $javascript, "\n\r " ) . "\n";
+
+	return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $javascript );
+}
+
+/**
+ * Prints inline JavaScript wrapped in `<script>` tag.
+ *
+ * It is possible to inject attributes in the `<script>` tag via the  {@see 'wp_script_attributes'}  filter.
+ * Automatically injects type attribute if needed.
+ *
+ * @since 5.6.0
+ *
+ * @param string $javascript Inline JavaScript code.
+ * @param array  $attributes Optional. Key-value pairs representing `<script>` tag attributes.
+ */
+function wp_print_inline_script_tag( $javascript, $attributes = array() ) {
+	echo wp_get_inline_script_tag( $javascript, $attributes );
+}
diff --git a/tests/phpunit/tests/functions/wpInlineScriptTag.php b/tests/phpunit/tests/functions/wpInlineScriptTag.php
new file mode 100644
index 0000000000000..3cfd9d1af0ebe
--- /dev/null
+++ b/tests/phpunit/tests/functions/wpInlineScriptTag.php
@@ -0,0 +1,119 @@
+<?php
+
+/**
+ * Test wp_get_inline_script_tag() and wp_print_inline_script_tag().
+ *
+ * @group functions.php
+ */
+class Tests_Functions_wpInlineScriptTag extends WP_UnitTestCase {
+
+	private $event_handler = <<<'JS'
+document.addEventListener( 'DOMContentLoaded', function () {
+	document.getElementById( 'elementID' )
+			.addEventListener( 'click', function( event ) { 
+				event.preventDefault();
+			});
+});
+JS;
+
+	function get_inline_script_tag_type_set() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			'<script type="application/javascript" nomodule>' . "\n{$this->event_handler}\n</script>\n",
+			wp_get_inline_script_tag(
+				$this->event_handler,
+				array(
+					'type'     => 'application/javascript',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+
+		$this->assertSame(
+			'<script type="application/javascript" nomodule>' . "\n{$this->event_handler}\n</script>\n",
+			wp_get_inline_script_tag(
+				$this->event_handler,
+				array(
+					'type'     => 'application/javascript',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+	}
+
+	function test_get_inline_script_tag_type_not_set() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			"<script nomodule>\n{$this->event_handler}\n</script>\n",
+			wp_get_inline_script_tag(
+				$this->event_handler,
+				array(
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+	function test_get_inline_script_tag_unescaped_src() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			"<script>\n{$this->event_handler}\n</script>\n",
+			wp_get_inline_script_tag( $this->event_handler )
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+	function test_print_script_tag_prints_get_inline_script_tag() {
+		add_filter(
+			'wp_script_attributes',
+			function ( $attributes ) {
+				if ( isset( $attributes['id'] ) && 'utils-js-extra' === $attributes['id'] ) {
+					$attributes['async'] = true;
+				}
+				return $attributes;
+			}
+		);
+
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$attributes = array(
+			'id'       => 'utils-js-before',
+			'nomodule' => true,
+		);
+
+		$this->assertSame(
+			wp_get_inline_script_tag( $this->event_handler, $attributes ),
+			get_echo(
+				'wp_print_inline_script_tag',
+				array(
+					$this->event_handler,
+					$attributes,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+
+		$this->assertSame(
+			wp_get_inline_script_tag( $this->event_handler, $attributes ),
+			get_echo(
+				'wp_print_inline_script_tag',
+				array(
+					$this->event_handler,
+					$attributes,
+				)
+			)
+		);
+	}
+}
diff --git a/tests/phpunit/tests/functions/wpSanitizeScriptAttributes.php b/tests/phpunit/tests/functions/wpSanitizeScriptAttributes.php
new file mode 100644
index 0000000000000..dd060ebd5daf4
--- /dev/null
+++ b/tests/phpunit/tests/functions/wpSanitizeScriptAttributes.php
@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * Test wp_sanitize_script_attributes().
+ *
+ * @group functions.php
+ */
+class Tests_Functions_wpSanitizeScriptAttributes extends WP_UnitTestCase {
+
+	function test_sanitize_script_attributes_type_set() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			' type="application/javascript" src="https://DOMAIN.TLD/PATH/FILE.js" nomodule',
+			wp_sanitize_script_attributes(
+				array(
+					'type'     => 'application/javascript',
+					'src'      => 'https://DOMAIN.TLD/PATH/FILE.js',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+
+		$this->assertSame(
+			' src="https://DOMAIN.TLD/PATH/FILE.js" type="application/javascript" nomodule="nomodule"',
+			wp_sanitize_script_attributes(
+				array(
+					'src'      => 'https://DOMAIN.TLD/PATH/FILE.js',
+					'type'     => 'application/javascript',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+	}
+
+	function test_sanitize_script_attributes_type_not_set() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			' src="https://DOMAIN.TLD/PATH/FILE.js" nomodule',
+			wp_sanitize_script_attributes(
+				array(
+					'src'      => 'https://DOMAIN.TLD/PATH/FILE.js',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+
+		$this->assertSame(
+			' src="https://DOMAIN.TLD/PATH/FILE.js" nomodule="nomodule"',
+			wp_sanitize_script_attributes(
+				array(
+					'src'      => 'https://DOMAIN.TLD/PATH/FILE.js',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+	}
+
+
+	function test_sanitize_script_attributes_no_attributes() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			'',
+			wp_sanitize_script_attributes( array() )
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+	function test_sanitize_script_attributes_relative_src() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			' src="PATH/FILE.js" nomodule',
+			wp_sanitize_script_attributes(
+				array(
+					'src'      => 'PATH/FILE.js',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+
+	function test_sanitize_script_attributes_only_false_boolean_attributes() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			'',
+			wp_sanitize_script_attributes(
+				array(
+					'async'    => false,
+					'nomodule' => false,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+	function test_sanitize_script_attributes_only_true_boolean_attributes() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			' async nomodule',
+			wp_sanitize_script_attributes(
+				array(
+					'async'    => true,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+}
diff --git a/tests/phpunit/tests/functions/wpScriptTag.php b/tests/phpunit/tests/functions/wpScriptTag.php
new file mode 100644
index 0000000000000..3c451f5359cad
--- /dev/null
+++ b/tests/phpunit/tests/functions/wpScriptTag.php
@@ -0,0 +1,94 @@
+<?php
+
+/**
+ * Test wp_get_script_tag() and wp_print_script_tag().
+ *
+ * @group functions.php
+ */
+class Tests_Functions_wpScriptTag extends WP_UnitTestCase {
+
+	function get_script_tag_type_set() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			'<script src="https://localhost/PATH/FILE.js" type="application/javascript" nomodule></script>' . "\n",
+			wp_get_script_tag(
+				array(
+					'type'     => 'application/javascript',
+					'src'      => 'https://localhost/PATH/FILE.js',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+
+		$this->assertSame(
+			'<script src="https://localhost/PATH/FILE.js" type="application/javascript" nomodule></script>' . "\n",
+			wp_get_script_tag(
+				array(
+					'src'      => 'https://localhost/PATH/FILE.js',
+					'type'     => 'application/javascript',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+	}
+
+	function test_get_script_tag_type_not_set() {
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$this->assertSame(
+			'<script src="https://localhost/PATH/FILE.js" nomodule></script>' . "\n",
+			wp_get_script_tag(
+				array(
+					'src'      => 'https://localhost/PATH/FILE.js',
+					'async'    => false,
+					'nomodule' => true,
+				)
+			)
+		);
+
+		remove_theme_support( 'html5' );
+	}
+
+	function test_print_script_tag_prints_get_script_tag() {
+		add_filter(
+			'wp_script_attributes',
+			function ( $attributes ) {
+				if ( isset( $attributes['id'] ) && 'utils-js-extra' === $attributes['id'] ) {
+					$attributes['async'] = true;
+				}
+				return $attributes;
+			}
+		);
+
+		add_theme_support( 'html5', array( 'script' ) );
+
+		$attributes = array(
+			'src'      => 'https://localhost/PATH/FILE.js',
+			'id'       => 'utils-js-extra',
+			'nomodule' => true,
+		);
+
+		$this->assertSame(
+			wp_get_script_tag( $attributes ),
+			get_echo(
+				'wp_print_script_tag',
+				array( $attributes )
+			)
+		);
+
+		remove_theme_support( 'html5' );
+
+		$this->assertSame(
+			wp_get_script_tag( $attributes ),
+			get_echo(
+				'wp_print_script_tag',
+				array( $attributes )
+			)
+		);
+	}
+}

From 76c2fc93ea11d8c9c030f74dc06917c5a3f872e9 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Mon, 1 Feb 2021 08:38:59 -0700
Subject: [PATCH 2/9] Cleanup; docblocks.

---
 src/wp-includes/functions.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index a6c63681f8be2..c32d8c3227e58 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7788,7 +7788,7 @@ function wp_fuzzy_number_match( $expected, $actual, $precision = 1 ) {
  * Automatically injects type attribute if needed.
  * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
  *
- * @since 5.6.0
+ * @since 5.7.0
  *
  * @param array $attributes Key-value pairs representing `<script>` tag attributes.
  * @return string String made of sanitized `<script>` tag attributes.
@@ -7818,7 +7818,7 @@ function wp_sanitize_script_attributes( $attributes ) {
  * It is possible to inject attributes in the `<script>` tag via the {@see 'wp_script_attributes'} filter.
  * Automatically injects type attribute if needed.
  *
- * @since 5.6.0
+ * @since 5.7.0
  *
  * @param array $attributes Key-value pairs representing `<script>` tag attributes.
  * @return string String containing `<script>` opening and closing tags.
@@ -7830,7 +7830,7 @@ function wp_get_script_tag( $attributes ) {
 	/**
 	 * Filters attributes to be added to a script tag.
 	 *
-	 * @since 5.6.0
+	 * @since 5.7.0
 	 *
 	 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
 	 *                          Only the attribute name is added to the `<script>` tag for
@@ -7847,7 +7847,7 @@ function wp_get_script_tag( $attributes ) {
  * It is possible to inject attributes in the `<script>` tag via the  {@see 'wp_script_attributes'}  filter.
  * Automatically injects type attribute if needed.
  *
- * @since 5.6.0
+ * @since 5.7.0
  *
  * @param array $attributes Key-value pairs representing `<script>` tag attributes.
  */
@@ -7861,10 +7861,10 @@ function wp_print_script_tag( $attributes ) {
  * It is possible to inject attributes in the `<script>` tag via the  {@see 'wp_script_attributes'}  filter.
  * Automatically injects type attribute if needed.
  *
- * @since 5.6.0
+ * @since 5.7.0
  *
  * @param string $javascript Inline JavaScript code.
- * @param array  $attributes Optional. Key-value pairs representing `<script>` tag attributes.
+ * @param array  $attributes Key-value pairs representing `<script>` tag attributes. Optional.
  * @return string String containing inline JavaScript code wrapped around `<script>` tag.
  */
 function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
@@ -7874,7 +7874,7 @@ function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
 	/**
 	 * Filters attributes to be added to a script tag.
 	 *
-	 * @since 5.6.0
+	 * @since 5.7.0
 	 *
 	 * @param array $attributes Key-value pairs representing `<script>` tag attributes.
 	 *                          Only the attribute name is added to the `<script>` tag for
@@ -7893,7 +7893,7 @@ function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
  * It is possible to inject attributes in the `<script>` tag via the  {@see 'wp_script_attributes'}  filter.
  * Automatically injects type attribute if needed.
  *
- * @since 5.6.0
+ * @since 5.7.0
  *
  * @param string $javascript Inline JavaScript code.
  * @param array  $attributes Optional. Key-value pairs representing `<script>` tag attributes.

From 2e09d67c51478221b61d5e2af674ec941a389b8f Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamsilverstein@earthboundhosting.com>
Date: Tue, 2 Feb 2021 08:26:48 -0700
Subject: [PATCH 3/9] Update src/wp-includes/functions.php

Co-authored-by: Dominik Schilling <dominikschilling+git@gmail.com>
---
 src/wp-includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index c32d8c3227e58..b70d3a6d78332 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7797,7 +7797,7 @@ function wp_sanitize_script_attributes( $attributes ) {
 	$html5_script_support = ! is_admin() && ! current_theme_supports( 'html5', 'script' );
 	$attributes_string    = '';
 
-	// If HTML5 scirpt tag is supported, only the attribute name is added
+	// If HTML5 script tag is supported, only the attribute name is added
 	// to $attributes_string for entries with a boolean value, and that are true.
 	foreach ( $attributes as $attribute_name => $attribute_value ) {
 		if ( is_bool( $attribute_value ) ) {

From 85ea009bd8005ad399fc636fbf89eb77d1956137 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamsilverstein@earthboundhosting.com>
Date: Tue, 2 Feb 2021 08:36:06 -0700
Subject: [PATCH 4/9] Update src/wp-includes/functions.php

Co-authored-by: Dominik Schilling <dominikschilling+git@gmail.com>
---
 src/wp-includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index b70d3a6d78332..9a326d36b2e7f 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7864,7 +7864,7 @@ function wp_print_script_tag( $attributes ) {
  * @since 5.7.0
  *
  * @param string $javascript Inline JavaScript code.
- * @param array  $attributes Key-value pairs representing `<script>` tag attributes. Optional.
+ * @param array  $attributes  Optional. Key-value pairs representing `<script>` tag attributes.
  * @return string String containing inline JavaScript code wrapped around `<script>` tag.
  */
 function wp_get_inline_script_tag( $javascript, $attributes = array() ) {

From f43af7d93239ea0e69f2f78597b6e28acda30d64 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Tue, 2 Feb 2021 08:37:20 -0700
Subject: [PATCH 5/9] Cleanup per feedback.

---
 src/wp-includes/functions.php                       |  7 ++-----
 tests/phpunit/tests/functions/wpInlineScriptTag.php | 10 +++++-----
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index b70d3a6d78332..61a5067aa6419 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7785,9 +7785,6 @@ function wp_fuzzy_number_match( $expected, $actual, $precision = 1 ) {
 /**
  * Sanitizes an attributes array into an attributes string to be placed inside a `<script>` tag.
  *
- * Automatically injects type attribute if needed.
- * Used by {@see wp_get_script_tag()} and {@see wp_get_inline_script_tag()}.
- *
  * @since 5.7.0
  *
  * @param array $attributes Key-value pairs representing `<script>` tag attributes.
@@ -7802,7 +7799,7 @@ function wp_sanitize_script_attributes( $attributes ) {
 	foreach ( $attributes as $attribute_name => $attribute_value ) {
 		if ( is_bool( $attribute_value ) ) {
 			if ( $attribute_value ) {
-				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', $attribute_name, esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
+				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
 			}
 		} else {
 			$attributes_string .= sprintf( ' %1$s="%2$s"', $attribute_name, esc_attr( $attribute_value ) );
@@ -7880,7 +7877,7 @@ function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
 	 *                          Only the attribute name is added to the `<script>` tag for
 	 *                          entries with a boolean value, and that are true.
 	 */
-	$attributes = apply_filters( 'wp_script_attributes', $attributes );
+	$attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $javascript );
 
 	$javascript = "\n" . trim( $javascript, "\n\r " ) . "\n";
 
diff --git a/tests/phpunit/tests/functions/wpInlineScriptTag.php b/tests/phpunit/tests/functions/wpInlineScriptTag.php
index 3cfd9d1af0ebe..d4ece1caa93a7 100644
--- a/tests/phpunit/tests/functions/wpInlineScriptTag.php
+++ b/tests/phpunit/tests/functions/wpInlineScriptTag.php
@@ -10,13 +10,13 @@ class Tests_Functions_wpInlineScriptTag extends WP_UnitTestCase {
 	private $event_handler = <<<'JS'
 document.addEventListener( 'DOMContentLoaded', function () {
 	document.getElementById( 'elementID' )
-			.addEventListener( 'click', function( event ) { 
+			.addEventListener( 'click', function( event ) {
 				event.preventDefault();
 			});
 });
 JS;
 
-	function get_inline_script_tag_type_set() {
+	public function get_inline_script_tag_type_set() {
 		add_theme_support( 'html5', array( 'script' ) );
 
 		$this->assertSame(
@@ -46,7 +46,7 @@ function get_inline_script_tag_type_set() {
 		);
 	}
 
-	function test_get_inline_script_tag_type_not_set() {
+	public function test_get_inline_script_tag_type_not_set() {
 		add_theme_support( 'html5', array( 'script' ) );
 
 		$this->assertSame(
@@ -63,7 +63,7 @@ function test_get_inline_script_tag_type_not_set() {
 		remove_theme_support( 'html5' );
 	}
 
-	function test_get_inline_script_tag_unescaped_src() {
+	public function test_get_inline_script_tag_unescaped_src() {
 		add_theme_support( 'html5', array( 'script' ) );
 
 		$this->assertSame(
@@ -74,7 +74,7 @@ function test_get_inline_script_tag_unescaped_src() {
 		remove_theme_support( 'html5' );
 	}
 
-	function test_print_script_tag_prints_get_inline_script_tag() {
+	public function test_print_script_tag_prints_get_inline_script_tag() {
 		add_filter(
 			'wp_script_attributes',
 			function ( $attributes ) {

From 68b3bf554bea739e6f6a8fea3d9adc95c28e37d8 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Tue, 2 Feb 2021 08:58:00 -0700
Subject: [PATCH 6/9] add newline

---
 src/wp-includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 82450e24f77e8..9ed5408d9aed1 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7985,4 +7985,4 @@ function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
  */
 function wp_print_inline_script_tag( $javascript, $attributes = array() ) {
 	echo wp_get_inline_script_tag( $javascript, $attributes );
-}
\ No newline at end of file
+}

From d803fab1ec20955805ff32cb6a87265fc9a11050 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Tue, 2 Feb 2021 12:46:02 -0700
Subject: [PATCH 7/9] Change second filter to wp_inline_script_attributes and
 add javascript context.

---
 src/wp-includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 9ed5408d9aed1..e2480512190d9 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7965,7 +7965,7 @@ function wp_get_inline_script_tag( $javascript, $attributes = array() ) {
 	 *                          Only the attribute name is added to the `<script>` tag for
 	 *                          entries with a boolean value, and that are true.
 	 */
-	$attributes = apply_filters( 'wp_script_attributes', $attributes );
+	$attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $javascript );
 
 	$javascript = "\n" . trim( $javascript, "\n\r " ) . "\n";
 

From cb6d661eb20c205c880be354ef6ff577b7942fb2 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Tue, 2 Feb 2021 12:49:27 -0700
Subject: [PATCH 8/9] Adjust test filter.

---
 tests/phpunit/tests/functions/wpInlineScriptTag.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/phpunit/tests/functions/wpInlineScriptTag.php b/tests/phpunit/tests/functions/wpInlineScriptTag.php
index d4ece1caa93a7..a6dcc83e2c2ae 100644
--- a/tests/phpunit/tests/functions/wpInlineScriptTag.php
+++ b/tests/phpunit/tests/functions/wpInlineScriptTag.php
@@ -76,7 +76,7 @@ public function test_get_inline_script_tag_unescaped_src() {
 
 	public function test_print_script_tag_prints_get_inline_script_tag() {
 		add_filter(
-			'wp_script_attributes',
+			'wp_inline_script_attributes',
 			function ( $attributes ) {
 				if ( isset( $attributes['id'] ) && 'utils-js-extra' === $attributes['id'] ) {
 					$attributes['async'] = true;

From f36dece4c3192441cab525f7c7dee7c7eaf3db44 Mon Sep 17 00:00:00 2001
From: Adam Silverstein <adamjs@google.com>
Date: Tue, 2 Feb 2021 12:53:49 -0700
Subject: [PATCH 9/9] Sanitize attribute names.

---
 src/wp-includes/functions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index e2480512190d9..b68db7f6fcb5b 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -7887,10 +7887,10 @@ function wp_sanitize_script_attributes( $attributes ) {
 	foreach ( $attributes as $attribute_name => $attribute_value ) {
 		if ( is_bool( $attribute_value ) ) {
 			if ( $attribute_value ) {
-				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', $attribute_name, esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
+				$attributes_string .= $html5_script_support ? sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_name ) ) : ' ' . $attribute_name;
 			}
 		} else {
-			$attributes_string .= sprintf( ' %1$s="%2$s"', $attribute_name, esc_attr( $attribute_value ) );
+			$attributes_string .= sprintf( ' %1$s="%2$s"', esc_attr( $attribute_name ), esc_attr( $attribute_value ) );
 		}
 	}