diff --git a/src/js/_enqueues/lib/auth-check.js b/src/js/_enqueues/lib/auth-check.js
index 44ff15a153410..ff64573639a25 100644
--- a/src/js/_enqueues/lib/auth-check.js
+++ b/src/js/_enqueues/lib/auth-check.js
@@ -159,12 +159,23 @@
 			setShowTimeout();
 		});
 	}).on( 'heartbeat-tick.wp-auth-check', function( e, data ) {
-		if ( 'wp-auth-check' in data ) {
+		if ( ! ( 'wp-auth-check' in data ) ) {
+			return;
+		}
+
+		var showOrHide = function () {
 			if ( ! data['wp-auth-check'] && wrap.hasClass( 'hidden' ) && ! tempHidden ) {
 				show();
 			} else if ( data['wp-auth-check'] && ! wrap.hasClass( 'hidden' ) ) {
 				hide();
 			}
+		};
+
+		// This is necessary due to a race condition where the heartbeat-tick event may fire before DOMContentLoaded.
+		if ( wrap ) {
+			showOrHide();
+		} else {
+			$( showOrHide );
 		}
 	});
 
diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php
index 0658662126a59..3627a16d3ecda 100644
--- a/src/wp-admin/includes/file.php
+++ b/src/wp-admin/includes/file.php
@@ -1896,14 +1896,14 @@ function _unzip_file_pclzip( $file, $to, $needed_dirs = array() ) {
 	$uncompressed_size = 0;
 
 	// Determine any children directories needed (From within the archive).
-	foreach ( $archive_files as $file ) {
-		if ( str_starts_with( $file['filename'], '__MACOSX/' ) ) { // Skip the OS X-created __MACOSX directory.
+	foreach ( $archive_files as $archive_file ) {
+		if ( str_starts_with( $archive_file['filename'], '__MACOSX/' ) ) { // Skip the OS X-created __MACOSX directory.
 			continue;
 		}
 
-		$uncompressed_size += $file['size'];
+		$uncompressed_size += $archive_file['size'];
 
-		$needed_dirs[] = $to . untrailingslashit( $file['folder'] ? $file['filename'] : dirname( $file['filename'] ) );
+		$needed_dirs[] = $to . untrailingslashit( $archive_file['folder'] ? $archive_file['filename'] : dirname( $archive_file['filename'] ) );
 	}
 
 	// Enough space to unzip the file and copy its contents, with a 10% buffer.
@@ -1967,22 +1967,22 @@ function _unzip_file_pclzip( $file, $to, $needed_dirs = array() ) {
 	}
 
 	// Extract the files from the zip.
-	foreach ( $archive_files as $file ) {
-		if ( $file['folder'] ) {
+	foreach ( $archive_files as $archive_file ) {
+		if ( $archive_file['folder'] ) {
 			continue;
 		}
 
-		if ( str_starts_with( $file['filename'], '__MACOSX/' ) ) { // Don't extract the OS X-created __MACOSX directory files.
+		if ( str_starts_with( $archive_file['filename'], '__MACOSX/' ) ) { // Don't extract the OS X-created __MACOSX directory files.
 			continue;
 		}
 
 		// Don't extract invalid files:
-		if ( 0 !== validate_file( $file['filename'] ) ) {
+		if ( 0 !== validate_file( $archive_file['filename'] ) ) {
 			continue;
 		}
 
-		if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE ) ) {
-			return new WP_Error( 'copy_failed_pclzip', __( 'Could not copy file.' ), $file['filename'] );
+		if ( ! $wp_filesystem->put_contents( $to . $archive_file['filename'], $archive_file['content'], FS_CHMOD_FILE ) ) {
+			return new WP_Error( 'copy_failed_pclzip', __( 'Could not copy file.' ), $archive_file['filename'] );
 		}
 	}
 
diff --git a/src/wp-admin/includes/media.php b/src/wp-admin/includes/media.php
index 8436bde73b7fa..210539681ad56 100644
--- a/src/wp-admin/includes/media.php
+++ b/src/wp-admin/includes/media.php
@@ -3769,8 +3769,8 @@ function wp_read_audio_metadata( $file ) {
  * @link https://github.com/JamesHeinrich/getID3/blob/master/structure.txt
  *
  * @param array $metadata The metadata returned by getID3::analyze().
- * @return int|false A UNIX timestamp for the media's creation date if available
- *                   or a boolean FALSE if a timestamp could not be determined.
+ * @return int|false A Unix timestamp for the media's creation date if available
+ *                   or a boolean false if the timestamp could not be determined.
  */
 function wp_get_media_creation_timestamp( $metadata ) {
 	$creation_date = false;
diff --git a/src/wp-includes/block-editor.php b/src/wp-includes/block-editor.php
index 6f5720ec21c9d..d2beae38ece76 100644
--- a/src/wp-includes/block-editor.php
+++ b/src/wp-includes/block-editor.php
@@ -774,7 +774,7 @@ function block_editor_rest_api_preload( array $preload_paths, $block_editor_cont
 		'wp-api-fetch',
 		sprintf(
 			'wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( %s ) );',
-			wp_json_encode( $preload_data, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES )
+			wp_json_encode( $preload_data, JSON_UNESCAPED_SLASHES )
 		),
 		'after'
 	);
diff --git a/src/wp-includes/functions.wp-scripts.php b/src/wp-includes/functions.wp-scripts.php
index f86b456d5f69a..fea535a3d12fd 100644
--- a/src/wp-includes/functions.wp-scripts.php
+++ b/src/wp-includes/functions.wp-scripts.php
@@ -130,18 +130,42 @@ function wp_print_scripts( $handles = false ) {
 function wp_add_inline_script( $handle, $data, $position = 'after' ) {
 	_wp_scripts_maybe_doing_it_wrong( __FUNCTION__, $handle );
 
-	if ( false !== stripos( $data, '</script>' ) ) {
-		_doing_it_wrong(
-			__FUNCTION__,
-			sprintf(
-				/* translators: 1: <script>, 2: wp_add_inline_script() */
-				__( 'Do not pass %1$s tags to %2$s.' ),
-				'<code>&lt;script&gt;</code>',
-				'<code>wp_add_inline_script()</code>'
-			),
-			'4.5.0'
-		);
-		$data = trim( preg_replace( '#<script[^>]*>(.*)</script>#is', '$1', $data ) );
+	/*
+	 * Check whether the script data appears to be enclosed in an HTML <script> tag.
+	 */
+	if (
+		strlen( $data ) >= 17 &&
+		0 === substr_compare( $data, '<script', 0, 7, true ) &&
+		(
+			"\t" === $data[7] ||
+			"\n" === $data[7] ||
+			/*
+			 * \r\n and \r are normalized to \n in HTML newline normalization.
+			 * Therefore, \r always behaves like \n and terminates a tag name.
+			 */
+			"\r" === $data[7] ||
+			"\f" === $data[7] ||
+			' ' === $data[7] ||
+			'/' === $data[7] ||
+			'>' === $data[7]
+		)
+	) {
+		// Try to parse and extract the script contents.
+		$processor = new WP_HTML_Tag_Processor( $data );
+		$processor->next_token();
+		if ( $processor->get_tag() === 'SCRIPT' ) {
+			_doing_it_wrong(
+				__FUNCTION__,
+				sprintf(
+					/* translators: 1: <script>, 2: wp_add_inline_script() */
+					__( 'Do not pass %1$s tags to %2$s.' ),
+					'<code>&lt;script&gt;</code>',
+					'<code>wp_add_inline_script()</code>'
+				),
+				'4.5.0'
+			);
+			$data = $processor->get_modifiable_text();
+		}
 	}
 
 	return wp_scripts()->add_inline_script( $handle, $data, $position );
diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 31c4bc8a10654..1f2a4a3dc62ac 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -3811,29 +3811,83 @@ public function set_modifiable_text( string $plaintext_content ): bool {
 
 		switch ( $this->get_tag() ) {
 			case 'SCRIPT':
-				/**
-				 * This is over-protective, but ensures the update doesn't break
-				 * the HTML structure of the SCRIPT element.
+				/*
+				 * SCRIPT tag contents can be dangerous.
+				 *
+				 * The text `</script>` could close the SCRIPT element prematurely.
 				 *
-				 * More thorough analysis could track the HTML tokenizer states
-				 * and to ensure that the SCRIPT element closes at the expected
-				 * SCRIPT close tag as is done in {@see ::skip_script_data()}.
+				 * The text `<script>` could enter the "script data double escaped state", preventing the
+				 * SCRIPT element from closing as expected, for example:
 				 *
-				 * A SCRIPT element could be closed prematurely by contents
-				 * like `</script>`. A SCRIPT element could be prevented from
-				 * closing by contents like `<!--<script>`.
+				 *     <script>
+				 *     // If this "<!--" then "<script>" the closing tag will not be recognized.
+				 *     </script>
+				 *     <h1>This appears inside the preceding SCRIPT element.</h1>
 				 *
-				 * The following strings are essential for dangerous content,
-				 * although they are insufficient on their own. This trade-off
-				 * prevents dangerous scripts from being sent to the browser.
-				 * It is also unlikely to produce HTML that may confuse more
-				 * basic HTML tooling.
+				 * The relevant state transitions happen on text like:
+				 *     1. <
+				 *     2. / (optional)
+				 *     3. script (case-insensitive)
+				 *     4. One of the following characters:
+				 *        - \t
+				 *        - \n
+				 *        - \r (\r and \r\n newlines are normalized to \n in HTML pre-processing)
+				 *        - \f
+				 *        - " " (U+0020 SPACE)
+				 *        - /
+				 *        - >
+				 *
+				 * @see https://html.spec.whatwg.org/multipage/parsing.html#script-data-double-escaped-state
 				 */
 				if (
 					false !== stripos( $plaintext_content, '</script' ) ||
 					false !== stripos( $plaintext_content, '<script' )
 				) {
-					return false;
+					/*
+					 * JavaScript can be safely escaped.
+					 */
+					if ( $this->is_javascript_script_tag() ) {
+						$plaintext_content = preg_replace_callback(
+							/*
+							 * This case-insensitive pattern consists of three groups:
+							 *
+							 * 1: "<" or "</"
+							 * 2: "s"
+							 * 3: "cript" + a trailing character that terminates a tag name.
+							 */
+							'~(</?)(s)(cript[\\t\\r\\n\\f />])~i',
+							static function ( $matches ) {
+								$escaped_s_char = 's' === $matches[2]
+									? '\\u0073'
+									: '\\u0053';
+								return "{$matches[1]}{$escaped_s_char}{$matches[3]}";
+							},
+							$plaintext_content
+						);
+					} elseif ( $this->is_json_script_tag() ) {
+						/**
+						 * JSON can be safely escaped.
+						 *
+						 * The following replacement may appear insuficcient, "<" is replaced
+						 * with its JSON escape sequence "\u003C" without considering whether
+						 * the "<" is preceded by an escaping slash. JSON does not support
+						 * arbitrary character escaping (like JavaScript strings) so "\<"
+						 * is invalid JSON and would have to be preceded by
+						 * an escaped backslash: "\\<".
+						 *
+						 * @see https://www.json.org/json-en.html
+						 */
+
+						$plaintext_content = strtr(
+							$plaintext_content,
+							array( '<' => '\\u003C' )
+						);
+					} else {
+						/*
+						 * Other types of script tags cannot be escaped safely.
+						 */
+						return false;
+					}
 				}
 
 				$this->lexical_updates['modifiable text'] = new WP_HTML_Text_Replacement(
@@ -3891,6 +3945,167 @@ static function ( $tag_match ) {
 		return false;
 	}
 
+	/**
+	 * Indicates if the currently matched tag is a JavaScript script tag.
+	 *
+	 * @see https://html.spec.whatwg.org/multipage/scripting.html#prepare-the-script-element
+	 *
+	 * @since {WP_VERSION}
+	 *
+	 * @return bool True if the script tag will be evaluated as JavaScript.
+	 */
+	public function is_javascript_script_tag(): bool {
+		if ( 'SCRIPT' !== $this->get_tag() || $this->get_namespace() !== 'html' ) {
+			return false;
+		}
+
+		/*
+		 * > If any of the following are true:
+		 * >   - el has a type attribute whose value is the empty string;
+		 * >   - el has no type attribute but it has a language attribute and that attribute's
+		 * >     value is the empty string; or
+		 * >   - el has neither a type attribute nor a language attribute,
+		 * > then let the script block's type string for this script element be "text/javascript".
+		 */
+		$type_attr     = $this->get_attribute( 'type' );
+		$language_attr = $this->get_attribute( 'language' );
+
+		if ( true === $type_attr || '' === $type_attr ) {
+			return true;
+		}
+		if (
+			null === $type_attr && (
+				true === $language_attr ||
+				'' === $language_attr ||
+				null === $language_attr
+			)
+		) {
+			return true;
+		}
+
+		/*
+		 * > Otherwise, if el has a type attribute, then let the script block's type string be
+		 * > the value of that attribute with leading and trailing ASCII whitespace stripped.
+		 * > Otherwise, el has a non-empty language attribute; let the script block's type string
+		 * > be the concatenation of "text/" and the value of el's language attribute.
+		 */
+		$type_string = $type_attr ? trim( $type_attr, " \t\f\r\n" ) : "text/{$language_attr}";
+
+		/*
+		 * > If the script block's type string is a JavaScript MIME type essence match, then
+		 * > set el's type to "classic".
+		 *
+		 * > A string is a JavaScript MIME type essence match if it is an ASCII case-insensitive
+		 * > match for one of the JavaScript MIME type essence strings.
+		 *
+		 * > A JavaScript MIME type is any MIME type whose essence is one of the following:
+		 * >
+		 * > - application/ecmascript
+		 * > - application/javascript
+		 * > - application/x-ecmascript
+		 * > - application/x-javascript
+		 * > - text/ecmascript
+		 * > - text/javascript
+		 * > - text/javascript1.0
+		 * > - text/javascript1.1
+		 * > - text/javascript1.2
+		 * > - text/javascript1.3
+		 * > - text/javascript1.4
+		 * > - text/javascript1.5
+		 * > - text/jscript
+		 * > - text/livescript
+		 * > - text/x-ecmascript
+		 * > - text/x-javascript
+		 *
+		 * @see https://mimesniff.spec.whatwg.org/#javascript-mime-type-essence-match
+		 * @see https://mimesniff.spec.whatwg.org/#javascript-mime-type
+		 */
+		switch ( strtolower( $type_string ) ) {
+			case 'application/ecmascript':
+			case 'application/javascript':
+			case 'application/x-ecmascript':
+			case 'application/x-javascript':
+			case 'text/ecmascript':
+			case 'text/javascript':
+			case 'text/javascript1.0':
+			case 'text/javascript1.1':
+			case 'text/javascript1.2':
+			case 'text/javascript1.3':
+			case 'text/javascript1.4':
+			case 'text/javascript1.5':
+			case 'text/jscript':
+			case 'text/livescript':
+			case 'text/x-ecmascript':
+			case 'text/x-javascript':
+				return true;
+
+			/*
+			 * > Otherwise, if the script block's type string is an ASCII case-insensitive match for
+			 * > the string "module", then set el's type to "module".
+			 *
+			 * A module is evaluated as JavaScript.
+			 */
+			case 'module':
+				return true;
+		}
+
+		/*
+		 * > - Otherwise, if the script block's type string is an ASCII case-insensitive match for
+		 * >   the string "importmap", then set el's type to "importmap".
+		 *
+		 * An importmap is JSON and not evaluated as JavaScript. This case is not handled here.
+		 */
+
+		/*
+		 * > Otherwise, return. (No script is executed, and el's type is left as null.)
+		 */
+		return false;
+	}
+
+	/**
+	 * Indicates if the currently matched tag is a JSON script tag.
+	 *
+	 * @since {WP_VERSION}
+	 *
+	 * @return bool True if the script tag should be treated as JSON.
+	 */
+	public function is_json_script_tag(): bool {
+		if ( 'SCRIPT' !== $this->get_tag() || $this->get_namespace() !== 'html' ) {
+			return false;
+		}
+
+		$type_attr = $this->get_attribute( 'type' );
+
+		if ( empty( $type_attr ) || true === $type_attr ) {
+			return false;
+		}
+
+		$type_string = strtolower( trim( $type_attr, " \t\f\r\n" ) );
+
+		/*
+		 * > …
+		 * > Otherwise, if the script block's type string is an ASCII case-insensitive match for the string "importmap", then set el's type to "importmap".
+		 * > Otherwise, if the script block's type string is an ASCII case-insensitive match for the string "speculationrules", then set el's type to "speculationrules".
+		 * @see https://html.spec.whatwg.org/#script-processing-model
+		 *
+		 * > A JSON MIME type is any MIME type whose subtype ends in "+json" or whose essence
+		 * > is "application/json" or "text/json".
+		 *
+		 * @see https://mimesniff.spec.whatwg.org/#json-mime-type
+		 */
+		if (
+			'application/json' === $type_string
+			|| 'importmap' === $type_string
+			|| 'speculationrules' === $type_string
+			|| 'text/json' === $type_string
+			|| str_ends_with( $type_string, '+json' )
+		) {
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Updates or creates a new attribute on the currently matched tag with the passed value.
 	 *
diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php
index 7dccff9775731..277d78b7e3b2a 100644
--- a/src/wp-includes/script-loader.php
+++ b/src/wp-includes/script-loader.php
@@ -3026,6 +3026,12 @@ function wp_get_inline_script_tag( $data, $attributes = array() ) {
 	 */
 	$attributes = apply_filters( 'wp_inline_script_attributes', $attributes, $data );
 
+	$script_tag = sprintf( '<script%s></script>', wp_sanitize_script_attributes( $attributes ) );
+	$processor  = new WP_HTML_Tag_Processor( $script_tag );
+	if ( $processor->next_tag( 'SCRIPT' ) && $processor->set_modifiable_text( $data ) ) {
+		return $processor->get_updated_html() . "\n";
+	}
+
 	return sprintf( "<script%s>%s</script>\n", wp_sanitize_script_attributes( $attributes ), $data );
 }
 
diff --git a/src/wp-includes/taxonomy.php b/src/wp-includes/taxonomy.php
index 69f3fe7484c24..c314d474e6734 100644
--- a/src/wp-includes/taxonomy.php
+++ b/src/wp-includes/taxonomy.php
@@ -1999,6 +1999,10 @@ function wp_delete_object_term_relationships( $object_id, $taxonomies ) {
 
 	foreach ( (array) $taxonomies as $taxonomy ) {
 		$term_ids = wp_get_object_terms( $object_id, $taxonomy, array( 'fields' => 'ids' ) );
+		if ( ! is_array( $term_ids ) ) {
+			// Skip return value in the case of an error or the 'wp_get_object_terms' filter returning an invalid value.
+			continue;
+		}
 		$term_ids = array_map( 'intval', $term_ids );
 		wp_remove_object_terms( $object_id, $term_ids, $taxonomy );
 	}
diff --git a/tests/phpunit/tests/blocks/editor.php b/tests/phpunit/tests/blocks/editor.php
index 4241161388eb8..2a6b02f5a81db 100644
--- a/tests/phpunit/tests/blocks/editor.php
+++ b/tests/phpunit/tests/blocks/editor.php
@@ -760,7 +760,7 @@ public function test_ensure_preload_data_script_tag_closes() {
 			array(
 				'methods'             => 'GET',
 				'callback'            => function () {
-					return 'Unclosed comment and a script open tag <!--<script>';
+					return '</script>Unclosed comment and a script open tag <!--<script><Script><SCRipt with attributes="yep">';
 				},
 				'permission_callback' => '__return_true',
 			)
@@ -783,7 +783,7 @@ public function test_ensure_preload_data_script_tag_closes() {
 		$expected = <<<HTML
 <script src="{$baseurl}/wp-includes/js/dist/api-fetch.min.js?ver=test" id="wp-api-fetch-js"></script>
 <script id="wp-api-fetch-js-after">
-wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( {"/test/v0/test-62797":{"body":["Unclosed comment and a script open tag \\u003C!--\\u003Cscript\\u003E"],"headers":{"Allow":"GET"}}} ) );
+wp.apiFetch.use( wp.apiFetch.createPreloadingMiddleware( {"/test/v0/test-62797":{"body":["</\\u0073cript>Unclosed comment and a script open tag <!--<\\u0073cript><\\u0053cript><\\u0053CRipt with attributes=\\"yep\\">"],"headers":{"Allow":"GET"}}} ) );
 //# sourceURL=wp-api-fetch-js-after
 </script>
 
diff --git a/tests/phpunit/tests/dependencies/scripts.php b/tests/phpunit/tests/dependencies/scripts.php
index a3c8b92695f4f..f9d8a18aa3376 100644
--- a/tests/phpunit/tests/dependencies/scripts.php
+++ b/tests/phpunit/tests/dependencies/scripts.php
@@ -4122,4 +4122,56 @@ public function test_wp_scripts_doing_it_wrong_for_missing_dependencies() {
 			'Expected _doing_it_wrong() notice to indicate missing dependencies for enqueued script.'
 		);
 	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::wp_add_inline_script
+	 */
+	public function test_gnarly_inline_script_requires_escaping() {
+		$this->add_html5_script_theme_support();
+		wp_enqueue_script( 'test-inline-script-after', 'http://example.org/script.js', array(), null );
+		$javascript = <<<'JS'
+var script;
+0</script/>0;'<!--';console.assert(1<script>=0);
+JS;
+		wp_add_inline_script( 'test-inline-script-after', $javascript, 'after' );
+		$output   = get_echo( 'wp_print_scripts' );
+		$expected = <<<'HTML'
+<script src="http://example.org/script.js" id="test-inline-script-after-js"></script>
+<script id="test-inline-script-after-js-after">
+var script;
+0</\u0073cript/>0;'<!--';console.assert(1<\u0073cript>=0);
+//# sourceURL=test-inline-script-after-js-after
+</script>
+HTML;
+
+		$this->assertEqualHTML( $expected, $output );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::wp_add_inline_script
+	 *
+	 * @expectedIncorrectUsage wp_add_inline_script
+	 */
+	public function test_gnarly_inline_script_requires_escaping_with_wrapper() {
+		$this->add_html5_script_theme_support();
+		wp_enqueue_script( 'test-inline-script-after', 'http://example.org/script.js', array(), null );
+		$javascript = <<<'JS'
+<script>
+// Uh oh:</script>
+</script>
+JS;
+		wp_add_inline_script( 'test-inline-script-after', $javascript, 'after' );
+		$output   = get_echo( 'wp_print_scripts' );
+		$expected = <<<'HTML'
+<script src="http://example.org/script.js" id="test-inline-script-after-js"></script>
+<script id="test-inline-script-after-js-after">
+// Uh oh:
+//# sourceURL=test-inline-script-after-js-after
+</script>
+HTML;
+
+		$this->assertEqualHTML( $expected, $output );
+	}
 }
diff --git a/tests/phpunit/tests/filesystem/unzipFilePclzip.php b/tests/phpunit/tests/filesystem/unzipFilePclzip.php
index a53ce50a0df75..10e4b1082a794 100644
--- a/tests/phpunit/tests/filesystem/unzipFilePclzip.php
+++ b/tests/phpunit/tests/filesystem/unzipFilePclzip.php
@@ -37,7 +37,7 @@ public static function set_up_before_class() {
 	 */
 	public function test_should_apply_pre_unzip_file_filters() {
 		$filter = new MockAction();
-		add_filter( 'pre_unzip_file', array( $filter, 'filter' ) );
+		add_filter( 'pre_unzip_file', array( $filter, 'filter' ), 10, 2 );
 
 		// Prepare test environment.
 		$unzip_destination = self::$test_data_dir . 'archive/';
@@ -53,7 +53,8 @@ public function test_should_apply_pre_unzip_file_filters() {
 		$this->rmdir( $unzip_destination );
 		$this->delete_folders( $unzip_destination );
 
-		$this->assertSame( 1, $filter->get_call_count() );
+		$this->assertSame( 1, $filter->get_call_count(), 'The filter should be called once.' );
+		$this->assertSame( self::$test_data_dir . 'archive.zip', $filter->get_args()[0][1], 'The $file parameter should be correct.' );
 	}
 
 	/**
@@ -63,7 +64,7 @@ public function test_should_apply_pre_unzip_file_filters() {
 	 */
 	public function test_should_apply_unzip_file_filters() {
 		$filter = new MockAction();
-		add_filter( 'unzip_file', array( $filter, 'filter' ) );
+		add_filter( 'unzip_file', array( $filter, 'filter' ), 10, 2 );
 
 		// Prepare test environment.
 		$unzip_destination = self::$test_data_dir . 'archive/';
@@ -79,6 +80,7 @@ public function test_should_apply_unzip_file_filters() {
 		$this->rmdir( $unzip_destination );
 		$this->delete_folders( $unzip_destination );
 
-		$this->assertSame( 1, $filter->get_call_count() );
+		$this->assertSame( 1, $filter->get_call_count(), 'The filter should be called once.' );
+		$this->assertSame( self::$test_data_dir . 'archive.zip', $filter->get_args()[0][1], 'The $file parameter should be correct.' );
 	}
 }
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessorModifiableText.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessorModifiableText.php
index 66f9e67f5c8ed..7f6dc469fa2d9 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessorModifiableText.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessorModifiableText.php
@@ -448,13 +448,14 @@ public static function data_tokens_with_basic_modifiable_text_updates() {
 	 * the structure of the containing element, such as in a script or comment.
 	 *
 	 * @ticket 61617
+	 * @ticket 62797
 	 *
 	 * @dataProvider data_unallowed_modifiable_text_updates
 	 *
 	 * @param string $html_with_nonempty_modifiable_text Will be used to find the test element.
 	 * @param string $invalid_update                     Update containing possibly-compromising text.
 	 */
-	public function test_rejects_updates_with_unallowed_substrings( string $html_with_nonempty_modifiable_text, string $invalid_update ) {
+	public function test_rejects_dangerous_updates( string $html_with_nonempty_modifiable_text, string $invalid_update ) {
 		$processor = new WP_HTML_Tag_Processor( $html_with_nonempty_modifiable_text );
 
 		while ( '' === $processor->get_modifiable_text() && $processor->next_token() ) {
@@ -486,11 +487,147 @@ public function test_rejects_updates_with_unallowed_substrings( string $html_wit
 	 */
 	public static function data_unallowed_modifiable_text_updates() {
 		return array(
-			'Comment with -->'                 => array( '<!-- this is a comment -->', 'Comments end in -->' ),
-			'Comment with --!>'                => array( '<!-- this is a comment -->', 'Invalid but legitimate comments end in --!>' ),
-			'SCRIPT with </script>'            => array( '<script>Replace me</script>', 'Just a </script>' ),
-			'SCRIPT with </script attributes>' => array( '<script>Replace me</script>', 'before</script id=sneak>after' ),
-			'SCRIPT with "<script " opener'    => array( '<script>Replace me</script>', '<!--<script ' ),
+			'Comment with -->'                        => array( '<!-- this is a comment -->', 'Comments end in -->' ),
+			'Comment with --!>'                       => array( '<!-- this is a comment -->', 'Invalid but legitimate comments end in --!>' ),
+			'Non-JS SCRIPT with <script>'             => array( '<script type="text/html">Replace me</script>', '<!-- Just a <script>' ),
+			'Non-JS SCRIPT with </script>'            => array( '<script type="text/html">Replace me</script>', 'Just a </script>' ),
+			'Non-JS SCRIPT with <script attributes>'  => array( '<script language="text">Replace me</script>', '<!-- <script sneaky>after' ),
+			'Non-JS SCRIPT with </script attributes>' => array( '<script language="text">Replace me</script>', 'before</script sneaky>after' ),
+		);
+	}
+
+	/**
+	 * Ensures that JavaScript script tag contents are safely updated.
+	 *
+	 * @ticket 62797
+	 *
+	 * @dataProvider data_script_tag_text_updates
+	 *
+	 * @param string $html     HTML containing a SCRIPT tag to be modified.
+	 * @param string $update   Update containing possibly-compromising text.
+	 * @param string $expected Expected result.
+	 */
+	public function test_safely_updates_script_tag_contents( string $html, string $update, string $expected ) {
+		$processor = new WP_HTML_Tag_Processor( $html );
+		$this->assertTrue( $processor->next_tag( 'SCRIPT' ) );
+		$this->assertTrue( $processor->set_modifiable_text( $update ) );
+		$this->assertSame( $expected, $processor->get_updated_html() );
+	}
+
+	/**
+	 * Data provider.
+	 *
+	 * @return array[]
+	 */
+	public static function data_script_tag_text_updates(): array {
+		return array(
+			'Simple update'                         => array( '<script></script>', '{}', '<script>{}</script>' ),
+			'Needs no replacement'                  => array( '<script></script>', '<!--<scriptish>', '<script><!--<scriptish></script>' ),
+			'var script;1<script>0'                 => array( '<script></script>', 'var script;1<script>0', '<script>var script;1<\u0073cript>0</script>' ),
+			'1</script>/'                           => array( '<script></script>', '1</script>/', '<script>1</\u0073cript>/</script>' ),
+			'var SCRIPT;1<SCRIPT>0'                 => array( '<script></script>', 'var SCRIPT;1<SCRIPT>0', '<script>var SCRIPT;1<\u0053CRIPT>0</script>' ),
+			'1</SCRIPT>/'                           => array( '<script></script>', '1</SCRIPT>/', '<script>1</\u0053CRIPT>/</script>' ),
+			'"</script>"'                           => array( '<script></script>', '"</script>"', '<script>"</\u0073cript>"</script>' ),
+			'"</ScRiPt>"'                           => array( '<script></script>', '"</ScRiPt>"', '<script>"</\u0053cRiPt>"</script>' ),
+			'Tricky script open tag with \r'        => array( '<script></script>', "<!-- <script\r>", "<script><!-- <\\u0073cript\r></script>" ),
+			'Tricky script open tag with \r\n'      => array( '<script></script>', "<!-- <script\r\n>", "<script><!-- <\\u0073cript\r\n></script>" ),
+			'Tricky script close tag with \r'       => array( '<script></script>', "// </script\r>", "<script>// </\\u0073cript\r></script>" ),
+			'Tricky script close tag with \r\n'     => array( '<script></script>', "// </script\r\n>", "<script>// </\\u0073cript\r\n></script>" ),
+			'Module tag'                            => array( '<script type="module"></script>', '"<script>"', '<script type="module">"<\u0073cript>"</script>' ),
+			'Tag with type'                         => array( '<script type="text/javascript"></script>', '"<script>"', '<script type="text/javascript">"<\u0073cript>"</script>' ),
+			'Tag with language'                     => array( '<script language="javascript"></script>', '"<script>"', '<script language="javascript">"<\u0073cript>"</script>' ),
+			'Non-JS script, save HTML-like content' => array( '<script type="text/html"></script>', '<h1>This & that</h1>', '<script type="text/html"><h1>This & that</h1></script>' ),
+		);
+	}
+
+	/**
+	 * @ticket TBD
+	 */
+	public function test_complex_javascript_and_json_auto_escaping() {
+		$processor = new WP_HTML_Tag_Processor( "<script></script>\n<script></script>\n<h1>OK</h1>" );
+		$processor->next_tag( 'SCRIPT' );
+		$processor->set_attribute( 'type', 'importmap' );
+		$importmap_data = array(
+			'imports' => array(
+				'</SCRIPT>\\<!--\\<script>' => "./script",
+			),
+		);
+
+		$importmap = json_encode(
+			$importmap_data,
+			JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS
+		);
+
+		$processor->set_modifiable_text( $importmap );
+		$decoded_importmap = json_decode( $processor->get_modifiable_text(), true, 512, JSON_THROW_ON_ERROR );
+		$this->assertEquals(
+			$importmap_data,
+			$decoded_importmap,
+			'Precondition failed: importmap JSON did not decode/encode as expected: ' . json_last_error_msg()
+		);
+
+		$processor->next_tag( 'SCRIPT' );
+		$processor->set_attribute( 'type', 'module' );
+		$javascript = <<<'JS'
+import '</SCRIPT>\\<!--\\<script>';
+JS;
+		$processor->set_modifiable_text( $javascript );
+
+		$expected = <<<'HTML'
+<script type="importmap">{"imports":{"\u003C/SCRIPT>\\\u003C!--\\\u003Cscript>":"./script"}}</script>
+<script type="module">import '</\u0053CRIPT>\\<!--\\<\u0073cript>';</script>
+<h1>OK</h1>
+HTML;
+		$updated_html = $processor->get_updated_html();
+		$this->assertEqualHTML( $expected, $updated_html );
+
+		// Re-process and verify the JSON is correct.
+		$processor = new WP_HTML_Tag_Processor( $updated_html );
+		$processor->next_tag( 'SCRIPT' );
+		$this->assertSame( 'importmap', $processor->get_attribute( 'type' ) );
+		$importmap_json = $processor->get_modifiable_text();
+		$decoded_importmap = json_decode( $importmap_json, true );
+		$this->assertSame( 'No error', json_last_error_msg() );
+		$this->assertEquals(
+			$importmap_data,
+			$decoded_importmap,
+			'Precondition failed: re-processed importmap JSON did not decode/encode as expected: ' . json_last_error_msg()
+		);
+	}
+
+	/**
+	 * @ticket TBD
+	 */
+	public function test_json_auto_escaping() {
+		// This is not a typical JSON encoding or escaping, but it is valid.
+		$json_text             = '"Escaped BS: \\\\; Escaped BS+LT: \\\\<; Unescaped LT: <; Script closer: </script>"';
+		$expected_decoded_json = 'Escaped BS: \\; Escaped BS+LT: \\<; Unescaped LT: <; Script closer: </script>';
+		$decoded_json          = json_decode( $json_text, false, 512, JSON_THROW_ON_ERROR );
+		$this->assertSame(
+			$expected_decoded_json,
+			$decoded_json,
+			'Precondition failed: test JSON text did not decode as expected.'
+		);
+
+		$processor = new WP_HTML_Tag_Processor( '<script type="application/json"></script>' );
+		$processor->next_tag( 'SCRIPT' );
+
+		$processor->set_modifiable_text( $json_text );
+
+		$expected = <<<'HTML'
+<script type="application/json">"Escaped BS: \\; Escaped BS+LT: \\\u003C; Unescaped LT: \u003C; Script closer: \u003C/script>"</script>
+HTML;
+
+		$updated_html = $processor->get_updated_html();
+		$this->assertEqualHTML( $expected, $updated_html );
+
+		// Reprocess to ensure JSON value survives HTML round trip:
+		$processor = new WP_HTML_Tag_Processor( $expected );
+		$processor->next_tag( 'SCRIPT' );
+		$decoded_json_from_html = json_decode( $processor->get_modifiable_text(), true, 512, JSON_THROW_ON_ERROR );
+		$this->assertEquals(
+			$expected_decoded_json,
+			$decoded_json_from_html,
 		);
 	}
 }
diff --git a/tests/phpunit/tests/rest-api/wpRestAbilitiesV1CategoriesController.php b/tests/phpunit/tests/rest-api/wpRestAbilitiesV1CategoriesController.php
index 2fa665ed320a9..8a93c7a64047d 100644
--- a/tests/phpunit/tests/rest-api/wpRestAbilitiesV1CategoriesController.php
+++ b/tests/phpunit/tests/rest-api/wpRestAbilitiesV1CategoriesController.php
@@ -171,9 +171,9 @@ public function test_get_item(): void {
 		$this->assertEquals( 200, $response->get_status() );
 
 		$data = $response->get_data();
-		$this->assertEquals( 'test-data-retrieval', $data['slug'] );
-		$this->assertEquals( 'Data Retrieval', $data['label'] );
-		$this->assertEquals( 'Abilities that retrieve and return data from the WordPress site.', $data['description'] );
+		$this->assertSame( 'test-data-retrieval', $data['slug'] );
+		$this->assertSame( 'Data Retrieval', $data['label'] );
+		$this->assertSame( 'Abilities that retrieve and return data from the WordPress site.', $data['description'] );
 		$this->assertArrayHasKey( 'meta', $data );
 	}
 
@@ -189,10 +189,10 @@ public function test_get_item_with_meta(): void {
 		$this->assertEquals( 200, $response->get_status() );
 
 		$data = $response->get_data();
-		$this->assertEquals( 'test-communication', $data['slug'] );
+		$this->assertSame( 'test-communication', $data['slug'] );
 		$this->assertArrayHasKey( 'meta', $data );
 		$this->assertIsArray( $data['meta'] );
-		$this->assertEquals( 'high', $data['meta']['priority'] );
+		$this->assertSame( 'high', $data['meta']['priority'] );
 	}
 
 	/**
@@ -212,8 +212,8 @@ public function test_get_item_with_selected_fields(): void {
 
 		$data = $response->get_data();
 		$this->assertCount( 2, $data, 'Response should only contain the requested fields.' );
-		$this->assertEquals( 'test-data-retrieval', $data['slug'] );
-		$this->assertEquals( 'Data Retrieval', $data['label'] );
+		$this->assertSame( 'test-data-retrieval', $data['slug'] );
+		$this->assertSame( 'Data Retrieval', $data['label'] );
 	}
 
 	/**
@@ -230,7 +230,7 @@ public function test_get_item_not_found(): void {
 		$this->assertEquals( 404, $response->get_status() );
 
 		$data = $response->get_data();
-		$this->assertEquals( 'rest_ability_category_not_found', $data['code'] );
+		$this->assertSame( 'rest_ability_category_not_found', $data['code'] );
 	}
 
 	/**
@@ -424,8 +424,8 @@ public function test_get_schema(): void {
 		$this->assertArrayHasKey( 'schema', $data );
 		$schema = $data['schema'];
 
-		$this->assertEquals( 'ability-category', $schema['title'] );
-		$this->assertEquals( 'object', $schema['type'] );
+		$this->assertSame( 'ability-category', $schema['title'] );
+		$this->assertSame( 'object', $schema['type'] );
 		$this->assertArrayHasKey( 'properties', $schema );
 
 		$properties = $schema['properties'];
@@ -438,7 +438,7 @@ public function test_get_schema(): void {
 		$this->assertArrayHasKey( 'meta', $properties );
 
 		$slug_property = $properties['slug'];
-		$this->assertEquals( 'string', $slug_property['type'] );
+		$this->assertSame( 'string', $slug_property['type'] );
 		$this->assertTrue( $slug_property['readonly'] );
 	}
 
diff --git a/tests/phpunit/tests/rest-api/wpRestAbilitiesV1ListController.php b/tests/phpunit/tests/rest-api/wpRestAbilitiesV1ListController.php
index 19e3522f01a9f..e64965242dc98 100644
--- a/tests/phpunit/tests/rest-api/wpRestAbilitiesV1ListController.php
+++ b/tests/phpunit/tests/rest-api/wpRestAbilitiesV1ListController.php
@@ -307,10 +307,10 @@ public function test_get_item(): void {
 
 		$data = $response->get_data();
 		$this->assertCount( 7, $data, 'Response should contain all fields.' );
-		$this->assertEquals( 'test/calculator', $data['name'] );
-		$this->assertEquals( 'Calculator', $data['label'] );
-		$this->assertEquals( 'Performs basic calculations', $data['description'] );
-		$this->assertEquals( 'math', $data['category'] );
+		$this->assertSame( 'test/calculator', $data['name'] );
+		$this->assertSame( 'Calculator', $data['label'] );
+		$this->assertSame( 'Performs basic calculations', $data['description'] );
+		$this->assertSame( 'math', $data['category'] );
 		$this->assertArrayHasKey( 'input_schema', $data );
 		$this->assertArrayHasKey( 'output_schema', $data );
 		$this->assertArrayHasKey( 'meta', $data );
@@ -334,8 +334,8 @@ public function test_get_item_with_selected_fields(): void {
 
 		$data = $response->get_data();
 		$this->assertCount( 2, $data, 'Response should only contain the requested fields.' );
-		$this->assertEquals( 'test/calculator', $data['name'] );
-		$this->assertEquals( 'Calculator', $data['label'] );
+		$this->assertSame( 'test/calculator', $data['name'] );
+		$this->assertSame( 'Calculator', $data['label'] );
 	}
 
 	/**
@@ -355,9 +355,9 @@ public function test_get_item_with_embed_context(): void {
 
 		$data = $response->get_data();
 		$this->assertCount( 3, $data, 'Response should only contain the fields for embed context.' );
-		$this->assertEquals( 'test/calculator', $data['name'] );
-		$this->assertEquals( 'Calculator', $data['label'] );
-		$this->assertEquals( 'math', $data['category'] );
+		$this->assertSame( 'test/calculator', $data['name'] );
+		$this->assertSame( 'Calculator', $data['label'] );
+		$this->assertSame( 'math', $data['category'] );
 	}
 
 	/**
@@ -374,7 +374,7 @@ public function test_get_item_not_found(): void {
 		$this->assertEquals( 404, $response->get_status() );
 
 		$data = $response->get_data();
-		$this->assertEquals( 'rest_ability_not_found', $data['code'] );
+		$this->assertSame( 'rest_ability_not_found', $data['code'] );
 	}
 
 	/**
@@ -389,7 +389,7 @@ public function test_get_item_not_show_in_rest(): void {
 		$this->assertEquals( 404, $response->get_status() );
 
 		$data = $response->get_data();
-		$this->assertEquals( 'rest_ability_not_found', $data['code'] );
+		$this->assertSame( 'rest_ability_not_found', $data['code'] );
 	}
 
 	/**
@@ -581,8 +581,8 @@ public function test_get_schema(): void {
 		$this->assertArrayHasKey( 'schema', $data );
 		$schema = $data['schema'];
 
-		$this->assertEquals( 'ability', $schema['title'] );
-		$this->assertEquals( 'object', $schema['type'] );
+		$this->assertSame( 'ability', $schema['title'] );
+		$this->assertSame( 'object', $schema['type'] );
 		$this->assertArrayHasKey( 'properties', $schema );
 
 		$properties = $schema['properties'];
@@ -745,7 +745,7 @@ public function test_filter_by_category(): void {
 
 		// Should only have math category abilities
 		foreach ( $data as $ability ) {
-			$this->assertEquals( 'math', $ability['category'], 'All abilities should be in math category' );
+			$this->assertSame( 'math', $ability['category'], 'All abilities should be in math category' );
 		}
 
 		// Should at least contain the calculator
diff --git a/tests/phpunit/tests/rest-api/wpRestAbilitiesV1RunController.php b/tests/phpunit/tests/rest-api/wpRestAbilitiesV1RunController.php
index f4340f85fad81..bccc30c2f2e94 100644
--- a/tests/phpunit/tests/rest-api/wpRestAbilitiesV1RunController.php
+++ b/tests/phpunit/tests/rest-api/wpRestAbilitiesV1RunController.php
@@ -472,7 +472,7 @@ public function test_execute_destructive_ability_delete(): void {
 		$response = $this->server->dispatch( $request );
 
 		$this->assertEquals( 200, $response->get_status() );
-		$this->assertEquals( 'User successfully deleted!', $response->get_data() );
+		$this->assertSame( 'User successfully deleted!', $response->get_data() );
 	}
 
 	/**
@@ -630,7 +630,7 @@ public function test_contextual_permission_check(): void {
 
 		$response = $this->server->dispatch( $request );
 		$this->assertEquals( 200, $response->get_status() );
-		$this->assertEquals( 'Success: test data', $response->get_data() );
+		$this->assertSame( 'Success: test data', $response->get_data() );
 	}
 
 	/**
@@ -646,8 +646,8 @@ public function test_do_not_show_in_rest(): void {
 
 		$this->assertEquals( 404, $response->get_status() );
 		$data = $response->get_data();
-		$this->assertEquals( 'rest_ability_not_found', $data['code'] );
-		$this->assertEquals( 'Ability not found.', $data['message'] );
+		$this->assertSame( 'rest_ability_not_found', $data['code'] );
+		$this->assertSame( 'Ability not found.', $data['message'] );
 	}
 
 	/**
@@ -679,8 +679,8 @@ public function test_wp_error_return_handling(): void {
 
 		$this->assertEquals( 500, $response->get_status() );
 		$data = $response->get_data();
-		$this->assertEquals( 'test_error', $data['code'] );
-		$this->assertEquals( 'This is a test error', $data['message'] );
+		$this->assertSame( 'test_error', $data['code'] );
+		$this->assertSame( 'This is a test error', $data['message'] );
 	}
 
 	/**
@@ -698,7 +698,7 @@ public function test_execute_non_existent_ability(): void {
 
 		$this->assertEquals( 404, $response->get_status() );
 		$data = $response->get_data();
-		$this->assertEquals( 'rest_ability_not_found', $data['code'] );
+		$this->assertSame( 'rest_ability_not_found', $data['code'] );
 	}
 
 	/**
@@ -714,8 +714,8 @@ public function test_run_endpoint_schema(): void {
 		$this->assertArrayHasKey( 'schema', $data );
 		$schema = $data['schema'];
 
-		$this->assertEquals( 'ability-execution', $schema['title'] );
-		$this->assertEquals( 'object', $schema['type'] );
+		$this->assertSame( 'ability-execution', $schema['title'] );
+		$this->assertSame( 'object', $schema['type'] );
 		$this->assertArrayHasKey( 'properties', $schema );
 		$this->assertArrayHasKey( 'result', $schema['properties'] );
 	}
@@ -761,7 +761,7 @@ public function test_get_request_with_nested_input_array(): void {
 		$this->assertEquals( 200, $response->get_status() );
 
 		$data = $response->get_data();
-		$this->assertEquals( 'nested', $data['level1']['level2']['value'] );
+		$this->assertSame( 'nested', $data['level1']['level2']['value'] );
 		$this->assertEquals( array( 1, 2, 3 ), $data['array'] );
 	}
 
diff --git a/tests/phpunit/tests/rest-api/wpRestUrlDetailsController.php b/tests/phpunit/tests/rest-api/wpRestUrlDetailsController.php
index 57ecccd7bf42d..7187d1696c05a 100644
--- a/tests/phpunit/tests/rest-api/wpRestUrlDetailsController.php
+++ b/tests/phpunit/tests/rest-api/wpRestUrlDetailsController.php
@@ -43,11 +43,15 @@ class Tests_REST_WpRestUrlDetailsController extends WP_Test_REST_Controller_Test
 	/**
 	 * URL placeholder.
 	 *
+	 * Even though the request is being intercepted with a mocked response, it is not fully bypassing the network. The
+	 * REST API endpoint is validating the `url` parameter with `wp_http_validate_url()` which includes a call to
+	 * `gethostbyname()`. So the domain used in the placeholder URL must be valid to ensure it passes a validity check.
+	 *
 	 * @since 5.9.0
 	 *
 	 * @var string
 	 */
-	const URL_PLACEHOLDER = 'https://placeholder-site.com';
+	const URL_PLACEHOLDER = 'https://example.com';
 
 	/**
 	 * Array of request args.
@@ -129,9 +133,9 @@ public function test_get_items() {
 		$this->assertSame(
 			array(
 				'title'       => 'Example Website — - with encoded content.',
-				'icon'        => 'https://placeholder-site.com/favicon.ico?querystringaddedfortesting',
+				'icon'        => 'https://example.com/favicon.ico?querystringaddedfortesting',
 				'description' => 'Example description text here. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore.',
-				'image'       => 'https://placeholder-site.com/images/home/screen-themes.png?3',
+				'image'       => 'https://example.com/images/home/screen-themes.png?3',
 			),
 			$data
 		);
@@ -444,7 +448,7 @@ static function ( $response, $url ) {
 
 		$this->assertSame( 418, $data['status'], 'Response "status" is not 418' );
 
-		$expected = 'Response for URL https://placeholder-site.com altered via rest_prepare_url_details filter';
+		$expected = 'Response for URL https://example.com altered via rest_prepare_url_details filter';
 		$this->assertSame( $expected, $data['response'], 'Response "response" is not "' . $expected . '"' );
 	}
 
diff --git a/tests/phpunit/tests/term/wpDeleteObjectTermRelationships.php b/tests/phpunit/tests/term/wpDeleteObjectTermRelationships.php
index e4ee55f46d104..bd97b4de3b0e7 100644
--- a/tests/phpunit/tests/term/wpDeleteObjectTermRelationships.php
+++ b/tests/phpunit/tests/term/wpDeleteObjectTermRelationships.php
@@ -53,4 +53,24 @@ public function test_array_of_taxonomies() {
 
 		$this->assertSameSets( array( $t2 ), $terms );
 	}
+
+	/**
+	 * @ticket 64406
+	 */
+	public function test_delete_when_error() {
+		$taxonomy_name = 'wptests_tax';
+		register_taxonomy( $taxonomy_name, 'post' );
+		$term_id   = self::factory()->term->create( array( 'taxonomy' => $taxonomy_name ) );
+		$object_id = 567;
+		wp_set_object_terms( $object_id, array( $term_id ), $taxonomy_name );
+
+		// Confirm the setup.
+		$terms = wp_get_object_terms( $object_id, array( $taxonomy_name ), array( 'fields' => 'ids' ) );
+		$this->assertSame( array( $term_id ), $terms, 'Expected same object terms.' );
+
+		// Try wp_delete_object_term_relationships() when the taxonomy is invalid (no change expected).
+		wp_delete_object_term_relationships( $object_id, 'wptests_taxation' );
+		$terms = wp_get_object_terms( $object_id, array( $taxonomy_name ), array( 'fields' => 'ids' ) );
+		$this->assertSame( array( $term_id ), $terms, 'Expected the object terms to be unchanged.' );
+	}
 }