diff --git a/lib/compat/wordpress-6.5/class-wp-script-modules.php b/lib/compat/wordpress-6.5/class-wp-script-modules.php
index d7eaff177823c..205b50cd53259 100644
--- a/lib/compat/wordpress-6.5/class-wp-script-modules.php
+++ b/lib/compat/wordpress-6.5/class-wp-script-modules.php
@@ -231,7 +231,7 @@ public function print_import_map() {
'1.8.2',
true
);
- wp_print_inline_script_tag(
+ gutenberg_print_inline_script_tag(
wp_get_script_polyfill(
$wp_scripts,
array(
@@ -243,7 +243,7 @@ public function print_import_map() {
)
);
}
- wp_print_inline_script_tag(
+ gutenberg_print_inline_script_tag(
wp_json_encode( $import_map, JSON_HEX_TAG | JSON_HEX_AMP ),
array(
'type' => 'importmap',
diff --git a/lib/compat/wordpress-6.5/script-loader.php b/lib/compat/wordpress-6.5/script-loader.php
index d6acab264b3a1..a77134d9182f9 100644
--- a/lib/compat/wordpress-6.5/script-loader.php
+++ b/lib/compat/wordpress-6.5/script-loader.php
@@ -100,3 +100,108 @@ function gutenberg_update_wp_date_settings( $scripts ) {
}
add_action( 'wp_default_scripts', 'gutenberg_update_wp_date_settings' );
+
+/**
+ * Prints inline JavaScript wrapped in `
+ *
+ * In an HTML document this would print "…" to the console,
+ * but in an XHTML document it would print "…" to the console.
+ *
+ *
+ *
+ * In an HTML document this would print "An image is in HTML",
+ * but it's an invalid XHTML document because it interprets the ``
+ * as an empty tag missing its closing `/`.
+ *
+ * @see https://www.w3.org/TR/xhtml1/#h-4.8
+ */
+ if (
+ ! $is_html5 &&
+ (
+ ! isset( $attributes['type'] ) ||
+ 'module' === $attributes['type'] ||
+ str_contains( $attributes['type'], 'javascript' ) ||
+ str_contains( $attributes['type'], 'ecmascript' ) ||
+ str_contains( $attributes['type'], 'jscript' ) ||
+ str_contains( $attributes['type'], 'livescript' )
+ )
+ ) {
+ /*
+ * If the string `]]>` exists within the JavaScript it would break
+ * out of any wrapping CDATA section added here, so to start, it's
+ * necessary to escape that sequence which requires splitting the
+ * content into two CDATA sections wherever it's found.
+ *
+ * Note: it's only necessary to escape the closing `]]>` because
+ * an additional `', ']]]]>', $data );
+
+ // Wrap the entire escaped script inside a CDATA section.
+ $data = sprintf( "/* */", $data );
+ }
+
+ $data = "\n" . trim( $data, "\n\r " ) . "\n";
+
+ /**
+ * Filters attributes to be added to a script tag.
+ *
+ * @since 5.7.0
+ *
+ * @param array $attributes Key-value pairs representing `\n", wp_sanitize_script_attributes( $attributes ), $data );
+}