[5.2] Fix unescaped slashes break markup in script tag

[janschoenherr]

With the below change, slashes in markup, added as script option, are no longer correctly escaped.

3392240
#41330

Please also see: https://www.w3.org/TR/REC-html40/appendix/notes.html#h-B.3.2

When script or style data is the content of an element (SCRIPT and STYLE), the data begins immediately after the element start tag and ends at the first ETAGO ("</") delimiter followed by a name start character ([a-zA-Z]); note that this may not be the element's end tag. Authors should therefore escape "</" within the content. Escape mechanisms are specific to each scripting or style sheet language.

Summary of Changes

Remove the JSON_UNESCAPED_SLASHES flag.

Testing Instructions

Add the following code to any controller action. e.g. DisplayController::display() in administrator/components/com_content/src/Controller/

\Joomla\CMS\Factory::getApplication()->getDocument()->addScriptOptions('test', '</script>');

Browse to the corresponding page.

Actual result BEFORE applying this Pull Request

It will break the resulting markup, because the slash in </script> is not escaped.

Expected result AFTER applying this Pull Request

The resulting markup correctly escapes the slash in </script>.

Link to documentations

Please select:

• Documentation link for docs.joomla.org:

• No documentation changes for docs.joomla.org needed

• Pull Request link for manual.joomla.org:

• No documentation changes for manual.joomla.org needed