Commit 65fdabf9060 for woocommerce
commit 65fdabf906088e3eb79ffdc58050bbebb2c10ac5
Author: Lucio Giannotta <lucio.giannotta@a8c.com>
Date: Wed May 20 22:47:03 2026 +0800
Set product image tooltip aria-label via DOM attribute (#64888)
Escape product image tooltip aria-label translation
The translated `i18n_product_image_tip` string was being interpolated
directly into an HTML attribute via a template literal. A translation
containing a double-quote or markup would have produced broken span
markup.
Run the value through `_.escape()` (bundled with WordPress via
underscore) so it is safe to interpolate, and declare `underscore` as
an explicit dependency of the script.
Fixes #64282.
diff --git a/plugins/woocommerce/changelog/64888-fix-wooplug-6580-tooltip-aria-label b/plugins/woocommerce/changelog/64888-fix-wooplug-6580-tooltip-aria-label
new file mode 100644
index 00000000000..0bfe0ef2618
--- /dev/null
+++ b/plugins/woocommerce/changelog/64888-fix-wooplug-6580-tooltip-aria-label
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Product image tooltip: set aria-label via DOM attribute instead of interpolating the translated string into the HTML template, preventing broken markup when the translation contains characters such as quotes.
\ No newline at end of file
diff --git a/plugins/woocommerce/client/legacy/js/admin/meta-boxes-product.js b/plugins/woocommerce/client/legacy/js/admin/meta-boxes-product.js
index 08fd9d47c38..567210ad918 100644
--- a/plugins/woocommerce/client/legacy/js/admin/meta-boxes-product.js
+++ b/plugins/woocommerce/client/legacy/js/admin/meta-boxes-product.js
@@ -1,4 +1,4 @@
-/*global woocommerce_admin_meta_boxes */
+/*global woocommerce_admin_meta_boxes, _ */
jQuery( function ( $ ) {
let isPageUnloading = false;
@@ -1443,8 +1443,10 @@ jQuery( function ( $ ) {
// add a tooltip to the right of the product image meta box "Set product image" and "Add product gallery images"
const setProductImageLink = $( '#set-post-thumbnail' );
+ // Escape the translated label before interpolating into the attribute so a
+ // translation containing quotes or markup cannot break the rendered span.
const tooltipMarkup = `<span class="woocommerce-help-tip" tabindex="0" aria-label="${
- woocommerce_admin_meta_boxes.i18n_product_image_tip
+ _.escape( woocommerce_admin_meta_boxes.i18n_product_image_tip )
}"></span>`;
const tooltipData = {
attribute: 'data-tip',
diff --git a/plugins/woocommerce/includes/admin/class-wc-admin-assets.php b/plugins/woocommerce/includes/admin/class-wc-admin-assets.php
index c029da935ef..2f073be2a89 100644
--- a/plugins/woocommerce/includes/admin/class-wc-admin-assets.php
+++ b/plugins/woocommerce/includes/admin/class-wc-admin-assets.php
@@ -550,7 +550,7 @@ if ( ! class_exists( 'WC_Admin_Assets', false ) ) :
/* phpcs:disable */
if ( in_array( $screen_id, array( 'product', 'edit-product' ) ) ) {
wp_enqueue_media();
- wp_register_script( 'wc-admin-product-meta-boxes', WC()->plugin_url() . '/assets/js/admin/meta-boxes-product' . $suffix . '.js', array( 'wc-admin-meta-boxes', 'media-models' ), $version );
+ wp_register_script( 'wc-admin-product-meta-boxes', WC()->plugin_url() . '/assets/js/admin/meta-boxes-product' . $suffix . '.js', array( 'wc-admin-meta-boxes', 'media-models', 'underscore' ), $version );
wp_register_script( 'wc-admin-variation-meta-boxes', WC()->plugin_url() . '/assets/js/admin/meta-boxes-product-variation' . $suffix . '.js', array( 'wc-admin-meta-boxes', 'wc-serializejson', 'media-models', 'backbone', 'jquery-ui-sortable', 'wc-backbone-modal', 'wp-data', 'wp-notices' ), $version );
wp_enqueue_script( 'wc-admin-product-meta-boxes' );