HTML API: Preserve XMP raw text serialization

Gruntfile.js

@@ -2154,6 +2154,14 @@ module.exports = function(grunt) {
 				];
 			} )
 		) );
+
+		grunt.log.writeln(
+			'Found ' + routeNames.length + ' route' + ( routeNames.length === 1 ? '' : 's' ) +
+			' registered in ' + registryPath + ':'
+		);
+		routeNames.forEach( function( name ) {
+			grunt.log.writeln( '  - ' + name );
+		} );
 	} );
 
 	grunt.registerTask( 'build:gutenberg', [

src/wp-includes/html-api/class-wp-html-processor.php

@@ -1505,6 +1505,7 @@ public function serialize_token(): string {
 
 				case 'SCRIPT':
 				case 'STYLE':
+				case 'XMP':
 					break;
 
 				default:

src/wp-includes/html-api/class-wp-html-tag-processor.php

@@ -1619,7 +1619,6 @@ private function skip_script_data(): bool {
 				( 'p' === $html[ $at + 4 ] || 'P' === $html[ $at + 4 ] ) &&
 				( 't' === $html[ $at + 5 ] || 'T' === $html[ $at + 5 ] )
 			) ) {
-				++$at;
 				continue;
 			}
 

tests/phpunit/tests/html-api/wpHtmlProcessor-serialize.php

@@ -257,6 +257,22 @@ public function test_style_contents_are_not_escaped() {
 		);
 	}
 
+	/**
+	 * XMP contents are parsed using the generic raw text element parsing algorithm.
+	 * Their contents should not be escaped with HTML character references on normalization.
+	 *
+	 * @ticket 65372
+	 */
+	public function test_xmp_contents_are_not_escaped() {
+		$normalized = WP_HTML_Processor::normalize( "<xmp> < > & \" ' \x00 </xmp>" );
+
+		$this->assertSame(
+			"<xmp> < > & \" ' \u{FFFD} </xmp>",
+			$normalized,
+			'Should have preserved text inside an XMP element, except for replacing NULL bytes.'
+		);
+	}
+
 	public function test_unexpected_closing_tags_are_removed() {
 		$this->assertSame(
 			WP_HTML_Processor::normalize( 'one</div>two</span>three' ),
@@ -404,6 +420,7 @@ public static function data_tokens_with_null_bytes() {
 			'Foreign content text' => array( "<svg>one\x00two</svg>", "<svg>one\u{FFFD}two</svg>" ),
 			'SCRIPT content'       => array( "<script>alert(\x00)</script>", "<script>alert(\u{FFFD})</script>" ),
 			'STYLE content'        => array( "<style>\x00 {}</style>", "<style>\u{FFFD} {}</style>" ),
+			'XMP content'          => array( "<xmp>a\x00b</xmp>", "<xmp>a\u{FFFD}b</xmp>" ),
 			'Comment text'         => array( "<!-- \x00 -->", "<!-- \u{FFFD} -->" ),
 		);
 	}
@@ -629,6 +646,7 @@ public static function data_provider_normalized_fuzzer_cases_that_should_be_idem
 			'Duplicate ALT boundary'                    => array( '<r alt=\'\'d alt=""=>' ),
 			'NULL byte in SVG child tag'                => array( "<svg><l\x00 '>" ),
 			'NULL byte before slash in SVG child tag'   => array( "<svg><l\x00/r>" ),
+			'XMP generic raw text'                      => array( "<xmp> < > & \" ' \x00 </xmp>" ),
 		);
 	}
 

tests/phpunit/tests/html-api/wpHtmlTagProcessor.php

@@ -2116,6 +2116,8 @@ public static function data_script_tag(): Generator {
 			yield 'Script tag with </script\f> close'             => array( "<script></script\f>", true );
 			yield 'Script tag with </script\r> close'             => array( "<script></script\r>", true );
 			yield 'Script with type attribute'                    => array( '<script type="text/javascript"></script>', true );
+			yield 'Script text less-than'                         => array( '<script><</script>', true );
+			yield 'Script text less-than solidus'                 => array( '<script></</script>', true );
 			yield 'Script data escaped'                           => array( '<script><!--</script>', true );
 			yield 'Script data double-escaped exit (comment)'     => array( '<script><!--<script>--></script>', true );
 			yield 'Script data double-escaped exit (closed ">")'  => array( '<script><!--<script></script></script>', true );