From daf593b4841247b4489a22f065ebf43c1bc6114d Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Fri, 20 Feb 2026 13:54:56 -0800 Subject: [PATCH] Update wp.sanitize.stripTags() to return empty string when not passed a string Co-authored-by: Dennis Snell --- src/js/_enqueues/wp/sanitize.js | 2 +- tests/qunit/wp-includes/js/wp-sanitize.js | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/js/_enqueues/wp/sanitize.js b/src/js/_enqueues/wp/sanitize.js index 515c27ce5ab23..c0b6b0bed9494 100644 --- a/src/js/_enqueues/wp/sanitize.js +++ b/src/js/_enqueues/wp/sanitize.js @@ -23,7 +23,7 @@ * @return {string} Stripped text. */ stripTags: function( text ) { - if ( ! text ) { + if ( 'string' !== typeof text ) { return ''; } diff --git a/tests/qunit/wp-includes/js/wp-sanitize.js b/tests/qunit/wp-includes/js/wp-sanitize.js index fe17e45833b77..200193ba89113 100644 --- a/tests/qunit/wp-includes/js/wp-sanitize.js +++ b/tests/qunit/wp-includes/js/wp-sanitize.js @@ -17,9 +17,11 @@ QUnit.test( 'stripTags should strip tags from string', function( assert ) { assert.strictEqual( result, 'Hello World', 'stripTags( "

Hello World

" ) should return "Hello World"' ); } ); -QUnit.test( 'stripTags should convert numbers to strings', function( assert ) { - const result = wp.sanitize.stripTags( 123 ); - assert.strictEqual( result, '123', 'stripTags( 123 ) should return "123"' ); +QUnit.test( 'stripTags should return empty string for truthy non-strings', function( assert ) { + assert.strictEqual( wp.sanitize.stripTags( 123 ), '', 'stripTags( 123 ) should return ""' ); + assert.strictEqual( wp.sanitize.stripTags( true ), '', 'stripTags( true ) should return ""' ); + assert.strictEqual( wp.sanitize.stripTags( [ 6, 7 ] ), '', 'stripTags( [ 6, 7 ] ) should return ""' ); + assert.strictEqual( wp.sanitize.stripTags( { foo: 'bar' } ), '', 'stripTags( ( { foo: \'bar\' } ) should return ""' ); } ); QUnit.test( 'stripTags should return empty string for input 0', function( assert ) {