Merge pull request #226 from xwp/fix/html-entities-in-manifest-name-a…

…nd-description

Prevent including HTML entities in web app manifest name and description fields

tests/test-class-wp-web-app-manifest.php

@@ -130,16 +130,18 @@ public function test_get_theme_color() {
 	 */
 	public function test_get_manifest() {
 		$this->mock_site_icon();
-		$blogname = 'PWA Test';
+		$blogname = 'PWA & Test "First" and \'second\' and “third”';
 		update_option( 'blogname', $blogname );
 		$actual_manifest = $this->instance->get_manifest();
 
+		// Verify that there are now entities.
+		$this->assertEquals( 'PWA & Test "First" and 'second' and “third”', get_option( 'blogname' ) );
+
 		$expected_manifest = array(
 			'background_color' => WP_Web_App_Manifest::FALLBACK_THEME_COLOR,
 			'description'      => get_bloginfo( 'description' ),
 			'display'          => 'minimal-ui',
-			'name'             => $blogname,
-			'short_name'       => $blogname,
+			'name'             => $blogname, // No HTML entities should be in the manifest.
 			'lang'             => get_bloginfo( 'language' ),
 			'dir'              => is_rtl() ? 'rtl' : 'ltr',
 			'start_url'        => home_url( '/' ),

wp-includes/class-wp-web-app-manifest.php

@@ -129,7 +129,7 @@ public function get_theme_color() {
 	 */
 	public function get_manifest() {
 		$manifest = array(
-			'name'      => wp_kses_decode_entities( get_bloginfo( 'name' ) ),
+			'name'      => html_entity_decode( get_bloginfo( 'name' ), ENT_QUOTES, 'utf-8' ),
 			'start_url' => home_url( '/' ),
 			'display'   => 'minimal-ui',
 			'dir'       => is_rtl() ? 'rtl' : 'ltr',
@@ -158,7 +158,7 @@ public function get_manifest() {
 			$manifest['theme_color']      = $theme_color;
 		}
 
-		$description = wp_kses_decode_entities( get_bloginfo( 'description' ) );
+		$description = html_entity_decode( get_bloginfo( 'description' ), ENT_QUOTES, 'utf-8' );
 		if ( $description ) {
 			$manifest['description'] = $description;
 		}