From 661399edae6f53eb131fde4fe8d4d30e1cc01a89 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:11:05 +0000
Subject: [PATCH 01/12] Initial plan


From 2c0960c87d4bd85d86d17f6e7972239a7acabb64 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:15:52 +0000
Subject: [PATCH 02/12] Add script_data_{$handle} filter for classic scripts

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php         |  17 +++
 tests/phpunit/tests/dependencies/scripts.php | 135 +++++++++++++++++++
 2 files changed, 152 insertions(+)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index a30b09249fd52..1bbd6d66ca012 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -634,6 +634,23 @@ public function localize( $handle, $object_name, $l10n ) {
 			}
 		}
 
+		/**
+		 * Filters data associated with a given script.
+		 *
+		 * The dynamic portion of the hook name, `$handle`, refers to the script handle.
+		 *
+		 * This filter allows developers to modify the data passed to a script via
+		 * wp_localize_script() before it is output. This is analogous to the
+		 * `script_module_data_{$module_id}` filter for script modules.
+		 *
+		 * @since 6.8.0
+		 *
+		 * @param array|string $l10n        The data to be localized.
+		 * @param string       $object_name The JavaScript object name.
+		 * @param string       $handle      The script handle.
+		 */
+		$l10n = apply_filters( "script_data_{$handle}", $l10n, $object_name, $handle );
+
 		$script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';';
 
 		if ( ! empty( $after ) ) {
diff --git a/tests/phpunit/tests/dependencies/scripts.php b/tests/phpunit/tests/dependencies/scripts.php
index a3c8b92695f4f..55d1b5d7d0129 100644
--- a/tests/phpunit/tests/dependencies/scripts.php
+++ b/tests/phpunit/tests/dependencies/scripts.php
@@ -4122,4 +4122,139 @@ public function test_wp_scripts_doing_it_wrong_for_missing_dependencies() {
 			'Expected _doing_it_wrong() notice to indicate missing dependencies for enqueued script.'
 		);
 	}
+
+	/**
+	 * Tests that the script_data_{$handle} filter allows modifying localized script data.
+	 *
+	 * @ticket TBD
+	 * @covers WP_Scripts::localize
+	 */
+	public function test_script_data_filter_modifies_localized_data() {
+		wp_enqueue_script( 'test-script', '/test.js', array(), null );
+		wp_localize_script( 'test-script', 'testData', array( 'foo' => 'bar' ) );
+
+		add_filter(
+			'script_data_test-script',
+			function ( $l10n, $object_name, $handle ) {
+				$this->assertSame( 'testData', $object_name );
+				$this->assertSame( 'test-script', $handle );
+				$this->assertIsArray( $l10n );
+				$this->assertSame( 'bar', $l10n['foo'] );
+				$l10n['baz'] = 'qux';
+				return $l10n;
+			},
+			10,
+			3
+		);
+
+		$output = get_echo( 'wp_print_scripts' );
+
+		$this->assertStringContainsString( '"foo":"bar"', $output );
+		$this->assertStringContainsString( '"baz":"qux"', $output );
+	}
+
+	/**
+	 * Tests that the script_data_{$handle} filter receives correct parameters.
+	 *
+	 * @ticket TBD
+	 * @covers WP_Scripts::localize
+	 */
+	public function test_script_data_filter_receives_correct_parameters() {
+		wp_enqueue_script( 'test-handle', '/test.js', array(), null );
+		wp_localize_script( 'test-handle', 'myObject', array( 'key' => 'value' ) );
+
+		$filter_called = false;
+		add_filter(
+			'script_data_test-handle',
+			function ( $l10n, $object_name, $handle ) use ( &$filter_called ) {
+				$filter_called = true;
+				$this->assertSame( array( 'key' => 'value' ), $l10n );
+				$this->assertSame( 'myObject', $object_name );
+				$this->assertSame( 'test-handle', $handle );
+				return $l10n;
+			},
+			10,
+			3
+		);
+
+		get_echo( 'wp_print_scripts' );
+
+		$this->assertTrue( $filter_called, 'Filter should have been called' );
+	}
+
+	/**
+	 * Tests that the script_data_{$handle} filter works with multiple localizations.
+	 *
+	 * @ticket TBD
+	 * @covers WP_Scripts::localize
+	 */
+	public function test_script_data_filter_with_multiple_localizations() {
+		wp_enqueue_script( 'test-script', '/test.js', array(), null );
+		wp_localize_script( 'test-script', 'data1', array( 'a' => '1' ) );
+		wp_localize_script( 'test-script', 'data2', array( 'b' => '2' ) );
+
+		$filter_call_count = 0;
+		add_filter(
+			'script_data_test-script',
+			function ( $l10n ) use ( &$filter_call_count ) {
+				$filter_call_count++;
+				$l10n['modified'] = 'yes';
+				return $l10n;
+			}
+		);
+
+		$output = get_echo( 'wp_print_scripts' );
+
+		$this->assertSame( 2, $filter_call_count, 'Filter should be called twice for two localizations' );
+		$this->assertStringContainsString( '"modified":"yes"', $output );
+	}
+
+	/**
+	 * Tests that the script_data_{$handle} filter can return the data unmodified.
+	 *
+	 * @ticket TBD
+	 * @covers WP_Scripts::localize
+	 */
+	public function test_script_data_filter_returns_data_unmodified() {
+		wp_enqueue_script( 'test-script', '/test.js', array(), null );
+		wp_localize_script( 'test-script', 'testData', array( 'foo' => 'bar' ) );
+
+		add_filter(
+			'script_data_test-script',
+			function ( $l10n ) {
+				// Return data unmodified.
+				return $l10n;
+			}
+		);
+
+		$output = get_echo( 'wp_print_scripts' );
+
+		$this->assertStringContainsString( 'var testData = {"foo":"bar"};', $output );
+	}
+
+	/**
+	 * Tests that the script_data_{$handle} filter works correctly with jquery handle remapping.
+	 *
+	 * @ticket TBD
+	 * @covers WP_Scripts::localize
+	 */
+	public function test_script_data_filter_with_jquery_handle() {
+		wp_enqueue_script( 'jquery' );
+		wp_localize_script( 'jquery', 'jqueryData', array( 'test' => 'value' ) );
+
+		$filter_called = false;
+		add_filter(
+			'script_data_jquery-core',
+			function ( $l10n ) use ( &$filter_called ) {
+				$filter_called = true;
+				$l10n['filtered'] = 'true';
+				return $l10n;
+			}
+		);
+
+		$output = get_echo( 'wp_print_scripts' );
+
+		$this->assertTrue( $filter_called, 'Filter should be called for jquery-core handle' );
+		$this->assertStringContainsString( '"filtered":"true"', $output );
+	}
 }

From f4afe132d99b799e435498ef5d9507a0f3e51c49 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:20:44 +0000
Subject: [PATCH 03/12] Fix test docblocks - remove TBD ticket annotations

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 tests/phpunit/tests/dependencies/scripts.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/tests/phpunit/tests/dependencies/scripts.php b/tests/phpunit/tests/dependencies/scripts.php
index 55d1b5d7d0129..afdac92106b72 100644
--- a/tests/phpunit/tests/dependencies/scripts.php
+++ b/tests/phpunit/tests/dependencies/scripts.php
@@ -4126,7 +4126,6 @@ public function test_wp_scripts_doing_it_wrong_for_missing_dependencies() {
 	/**
 	 * Tests that the script_data_{$handle} filter allows modifying localized script data.
 	 *
-	 * @ticket TBD
 	 * @covers WP_Scripts::localize
 	 */
 	public function test_script_data_filter_modifies_localized_data() {
@@ -4156,7 +4155,6 @@ function ( $l10n, $object_name, $handle ) {
 	/**
 	 * Tests that the script_data_{$handle} filter receives correct parameters.
 	 *
-	 * @ticket TBD
 	 * @covers WP_Scripts::localize
 	 */
 	public function test_script_data_filter_receives_correct_parameters() {
@@ -4185,7 +4183,6 @@ function ( $l10n, $object_name, $handle ) use ( &$filter_called ) {
 	/**
 	 * Tests that the script_data_{$handle} filter works with multiple localizations.
 	 *
-	 * @ticket TBD
 	 * @covers WP_Scripts::localize
 	 */
 	public function test_script_data_filter_with_multiple_localizations() {
@@ -4212,7 +4209,6 @@ function ( $l10n ) use ( &$filter_call_count ) {
 	/**
 	 * Tests that the script_data_{$handle} filter can return the data unmodified.
 	 *
-	 * @ticket TBD
 	 * @covers WP_Scripts::localize
 	 */
 	public function test_script_data_filter_returns_data_unmodified() {
@@ -4235,7 +4231,6 @@ function ( $l10n ) {
 	/**
 	 * Tests that the script_data_{$handle} filter works correctly with jquery handle remapping.
 	 *
-	 * @ticket TBD
 	 * @covers WP_Scripts::localize
 	 */
 	public function test_script_data_filter_with_jquery_handle() {

From d3cd233401d1c9dd531fc5e020b079dcc376c02c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:29:28 +0000
Subject: [PATCH 04/12] Implement script_data_{$handle} filter correctly -
 outputs JSON script tags separate from wp_localize_script

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-admin/includes/admin-filters.php      |   1 +
 src/wp-includes/class-wp-scripts.php         | 133 ++++++++++++--
 src/wp-includes/default-filters.php          |   1 +
 src/wp-includes/functions.wp-scripts.php     |  17 ++
 tests/phpunit/tests/dependencies/scripts.php | 177 +++++++++++--------
 5 files changed, 243 insertions(+), 86 deletions(-)

diff --git a/src/wp-admin/includes/admin-filters.php b/src/wp-admin/includes/admin-filters.php
index 6776f5898ad58..e48cac473ef4d 100644
--- a/src/wp-admin/includes/admin-filters.php
+++ b/src/wp-admin/includes/admin-filters.php
@@ -59,6 +59,7 @@
 add_action( 'admin_print_scripts', 'print_emoji_detection_script' );
 add_action( 'admin_print_scripts', 'print_head_scripts', 20 );
 add_action( 'admin_print_footer_scripts', '_wp_footer_scripts' );
+add_action( 'admin_print_footer_scripts', 'wp_print_script_data', 21 );
 add_action( 'admin_enqueue_scripts', 'wp_enqueue_emoji_styles' );
 add_action( 'admin_print_styles', 'print_emoji_styles' ); // Retained for backwards-compatibility. Unhooked by wp_enqueue_emoji_styles().
 add_action( 'admin_print_styles', 'print_admin_styles', 20 );
diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index 1bbd6d66ca012..e710b371ae5e6 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -634,23 +634,6 @@ public function localize( $handle, $object_name, $l10n ) {
 			}
 		}
 
-		/**
-		 * Filters data associated with a given script.
-		 *
-		 * The dynamic portion of the hook name, `$handle`, refers to the script handle.
-		 *
-		 * This filter allows developers to modify the data passed to a script via
-		 * wp_localize_script() before it is output. This is analogous to the
-		 * `script_module_data_{$module_id}` filter for script modules.
-		 *
-		 * @since 6.8.0
-		 *
-		 * @param array|string $l10n        The data to be localized.
-		 * @param string       $object_name The JavaScript object name.
-		 * @param string       $handle      The script handle.
-		 */
-		$l10n = apply_filters( "script_data_{$handle}", $l10n, $object_name, $handle );
-
 		$script = "var $object_name = " . wp_json_encode( $l10n, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) . ';';
 
 		if ( ! empty( $after ) ) {
@@ -1199,4 +1182,120 @@ protected function get_dependency_warning_message( $handle, $missing_dependency_
 			implode( ', ', $missing_dependency_handles )
 		);
 	}
+
+	/**
+	 * Prints data associated with scripts.
+	 *
+	 * The data will be embedded in the page HTML and can be read by scripts on page load.
+	 *
+	 * Data can be associated with a script via the {@see "script_data_{$handle}"} filter.
+	 *
+	 * The data for a script will be serialized as JSON in a script tag with an ID of the
+	 * form `wp-script-data-{$handle}`.
+	 *
+	 * @since 6.8.0
+	 */
+	public function print_script_data() {
+		$scripts = array();
+
+		// Collect all enqueued scripts and their dependencies.
+		foreach ( array_unique( $this->queue ) as $handle ) {
+			$scripts[ $handle ] = true;
+		}
+
+		foreach ( array_keys( $scripts ) as $handle ) {
+			/**
+			 * Filters data associated with a given script.
+			 *
+			 * The dynamic portion of the hook name, `$handle`, refers to the script handle.
+			 *
+			 * Scripts may require data that is required for initialization or is essential
+			 * to have immediately available on page load. These are suitable use cases for
+			 * this data.
+			 *
+			 * This is best suited to pass essential data that must be available to the script for
+			 * initialization or immediately on page load. It does not replace the REST API or
+			 * fetching data from the client.
+			 *
+			 * Example:
+			 *
+			 *     add_filter(
+			 *         'script_data_my-script-handle',
+			 *         function ( array $data ): array {
+			 *             $data['myData'] = array(
+			 *                 'option' => get_option( 'my_option' ),
+			 *             );
+			 *             return $data;
+			 *         }
+			 *     );
+			 *
+			 * If the filter returns no data (an empty array), nothing will be embedded in the page.
+			 *
+			 * The data for a given script, if provided, will be JSON serialized in a script
+			 * tag with an ID of the form `wp-script-data-{$handle}`.
+			 *
+			 * The data can be read on the client with a pattern like this:
+			 *
+			 * Example:
+			 *
+			 *     const dataContainer = document.getElementById( 'wp-script-data-my-script-handle' );
+			 *     let data = {};
+			 *     if ( dataContainer ) {
+			 *         try {
+			 *             data = JSON.parse( dataContainer.textContent );
+			 *         } catch {}
+			 *     }
+			 *     initMyScriptWithData( data );
+			 *
+			 * @since 6.8.0
+			 *
+			 * @param array $data The data associated with the script.
+			 */
+			$data = apply_filters( "script_data_{$handle}", array() );
+
+			if ( is_array( $data ) && array() !== $data ) {
+				/*
+				 * This data will be printed as JSON inside a script tag like this:
+				 *   <script type="application/json"></script>
+				 *
+				 * A script tag must be closed by a sequence beginning with `</`. It's impossible to
+				 * close a script tag without using `<`. We ensure that `<` is escaped and `/` can
+				 * remain unescaped, so `</script>` will be printed as `\u003C/script>`.
+				 *
+				 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
+				 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
+				 *
+				 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
+				 *
+				 *   - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
+				 *   - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
+				 *     JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
+				 *     before PHP 7.1 without this constant. Available as of PHP 7.1.0.
+				 *
+				 * The JSON specification requires encoding in UTF-8, so if the generated HTML page
+				 * is not encoded in UTF-8 then it's not safe to include those literals. They must
+				 * be escaped to avoid encoding issues.
+				 *
+				 * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
+				 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
+				 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
+				 */
+				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
+				if ( ! is_utf8_charset() ) {
+					$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
+				}
+
+				wp_print_inline_script_tag(
+					(string) wp_json_encode(
+						$data,
+						$json_encode_flags
+					),
+					array(
+						'type' => 'application/json',
+						'id'   => "wp-script-data-{$handle}",
+					)
+				);
+			}
+		}
+	}
 }
diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
index 68dccd979f2fe..0eac638ddcce7 100644
--- a/src/wp-includes/default-filters.php
+++ b/src/wp-includes/default-filters.php
@@ -361,6 +361,7 @@
 add_action( 'wp_head', 'wp_site_icon', 99 );
 add_action( 'wp_footer', 'wp_print_speculation_rules' );
 add_action( 'wp_footer', 'wp_print_footer_scripts', 20 );
+add_action( 'wp_footer', 'wp_print_script_data', 21 );
 add_action( 'template_redirect', 'wp_shortlink_header', 11, 0 );
 add_action( 'wp_print_footer_scripts', '_wp_footer_scripts' );
 add_action( 'init', '_register_core_block_patterns_and_categories' );
diff --git a/src/wp-includes/functions.wp-scripts.php b/src/wp-includes/functions.wp-scripts.php
index f86b456d5f69a..c34b8bca92df4 100644
--- a/src/wp-includes/functions.wp-scripts.php
+++ b/src/wp-includes/functions.wp-scripts.php
@@ -450,3 +450,20 @@ function wp_script_is( $handle, $status = 'enqueued' ) {
 function wp_script_add_data( $handle, $key, $value ) {
 	return wp_scripts()->add_data( $handle, $key, $value );
 }
+
+/**
+ * Prints data associated with enqueued scripts.
+ *
+ * @since 6.8.0
+ *
+ * @see WP_Scripts::print_script_data()
+ */
+function wp_print_script_data() {
+	global $wp_scripts;
+
+	if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
+		return;
+	}
+
+	$wp_scripts->print_script_data();
+}
diff --git a/tests/phpunit/tests/dependencies/scripts.php b/tests/phpunit/tests/dependencies/scripts.php
index afdac92106b72..3e7be7234baf0 100644
--- a/tests/phpunit/tests/dependencies/scripts.php
+++ b/tests/phpunit/tests/dependencies/scripts.php
@@ -4124,132 +4124,171 @@ public function test_wp_scripts_doing_it_wrong_for_missing_dependencies() {
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter allows modifying localized script data.
+	 * Tests that the script_data_{$handle} filter outputs JSON script tags.
 	 *
-	 * @covers WP_Scripts::localize
+	 * @covers WP_Scripts::print_script_data
 	 */
-	public function test_script_data_filter_modifies_localized_data() {
+	public function test_script_data_filter_outputs_json_script_tag() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
-		wp_localize_script( 'test-script', 'testData', array( 'foo' => 'bar' ) );
 
 		add_filter(
 			'script_data_test-script',
-			function ( $l10n, $object_name, $handle ) {
-				$this->assertSame( 'testData', $object_name );
-				$this->assertSame( 'test-script', $handle );
-				$this->assertIsArray( $l10n );
-				$this->assertSame( 'bar', $l10n['foo'] );
-				$l10n['baz'] = 'qux';
-				return $l10n;
-			},
-			10,
-			3
+			function ( $data ) {
+				$data['foo'] = 'bar';
+				return $data;
+			}
 		);
 
-		$output = get_echo( 'wp_print_scripts' );
+		$output = get_echo( 'wp_print_script_data' );
 
+		$this->assertStringContainsString( '<script type="application/json" id="wp-script-data-test-script">', $output );
 		$this->assertStringContainsString( '"foo":"bar"', $output );
-		$this->assertStringContainsString( '"baz":"qux"', $output );
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter receives correct parameters.
+	 * Tests that the script_data_{$handle} filter receives an empty array by default.
 	 *
-	 * @covers WP_Scripts::localize
+	 * @covers WP_Scripts::print_script_data
 	 */
-	public function test_script_data_filter_receives_correct_parameters() {
-		wp_enqueue_script( 'test-handle', '/test.js', array(), null );
-		wp_localize_script( 'test-handle', 'myObject', array( 'key' => 'value' ) );
+	public function test_script_data_filter_receives_empty_array() {
+		wp_enqueue_script( 'test-script', '/test.js', array(), null );
 
 		$filter_called = false;
 		add_filter(
-			'script_data_test-handle',
-			function ( $l10n, $object_name, $handle ) use ( &$filter_called ) {
+			'script_data_test-script',
+			function ( $data ) use ( &$filter_called ) {
 				$filter_called = true;
-				$this->assertSame( array( 'key' => 'value' ), $l10n );
-				$this->assertSame( 'myObject', $object_name );
-				$this->assertSame( 'test-handle', $handle );
-				return $l10n;
-			},
-			10,
-			3
+				$this->assertSame( array(), $data );
+				return $data;
+			}
 		);
 
-		get_echo( 'wp_print_scripts' );
+		get_echo( 'wp_print_script_data' );
 
 		$this->assertTrue( $filter_called, 'Filter should have been called' );
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter works with multiple localizations.
+	 * Tests that the script_data_{$handle} filter doesn't output anything for empty data.
 	 *
-	 * @covers WP_Scripts::localize
+	 * @covers WP_Scripts::print_script_data
 	 */
-	public function test_script_data_filter_with_multiple_localizations() {
+	public function test_script_data_filter_no_output_for_empty_data() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
-		wp_localize_script( 'test-script', 'data1', array( 'a' => '1' ) );
-		wp_localize_script( 'test-script', 'data2', array( 'b' => '2' ) );
 
-		$filter_call_count = 0;
 		add_filter(
 			'script_data_test-script',
-			function ( $l10n ) use ( &$filter_call_count ) {
-				$filter_call_count++;
-				$l10n['modified'] = 'yes';
-				return $l10n;
+			function ( $data ) {
+				// Return empty array.
+				return $data;
 			}
 		);
 
-		$output = get_echo( 'wp_print_scripts' );
+		$output = get_echo( 'wp_print_script_data' );
 
-		$this->assertSame( 2, $filter_call_count, 'Filter should be called twice for two localizations' );
-		$this->assertStringContainsString( '"modified":"yes"', $output );
+		$this->assertSame( '', $output );
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter can return the data unmodified.
+	 * Tests that the script_data_{$handle} filter is called for each enqueued script.
 	 *
-	 * @covers WP_Scripts::localize
+	 * @covers WP_Scripts::print_script_data
 	 */
-	public function test_script_data_filter_returns_data_unmodified() {
-		wp_enqueue_script( 'test-script', '/test.js', array(), null );
-		wp_localize_script( 'test-script', 'testData', array( 'foo' => 'bar' ) );
+	public function test_script_data_filter_called_for_each_enqueued_script() {
+		wp_enqueue_script( 'script-1', '/script-1.js', array(), null );
+		wp_enqueue_script( 'script-2', '/script-2.js', array(), null );
 
+		$filter_calls = array();
 		add_filter(
-			'script_data_test-script',
-			function ( $l10n ) {
-				// Return data unmodified.
-				return $l10n;
+			'script_data_script-1',
+			function ( $data ) use ( &$filter_calls ) {
+				$filter_calls[] = 'script-1';
+				$data['script'] = '1';
+				return $data;
 			}
 		);
 
-		$output = get_echo( 'wp_print_scripts' );
+		add_filter(
+			'script_data_script-2',
+			function ( $data ) use ( &$filter_calls ) {
+				$filter_calls[] = 'script-2';
+				$data['script'] = '2';
+				return $data;
+			}
+		);
+
+		$output = get_echo( 'wp_print_script_data' );
 
-		$this->assertStringContainsString( 'var testData = {"foo":"bar"};', $output );
+		$this->assertSame( array( 'script-1', 'script-2' ), $filter_calls );
+		$this->assertStringContainsString( 'wp-script-data-script-1', $output );
+		$this->assertStringContainsString( 'wp-script-data-script-2', $output );
+		$this->assertStringContainsString( '"script":"1"', $output );
+		$this->assertStringContainsString( '"script":"2"', $output );
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter works correctly with jquery handle remapping.
+	 * Tests that the script_data_{$handle} filter is only called for enqueued scripts.
 	 *
-	 * @covers WP_Scripts::localize
+	 * @covers WP_Scripts::print_script_data
 	 */
-	public function test_script_data_filter_with_jquery_handle() {
-		wp_enqueue_script( 'jquery' );
-		wp_localize_script( 'jquery', 'jqueryData', array( 'test' => 'value' ) );
+	public function test_script_data_filter_only_called_for_enqueued_scripts() {
+		wp_register_script( 'registered-only', '/registered-only.js', array(), null );
+		wp_enqueue_script( 'enqueued', '/enqueued.js', array(), null );
 
-		$filter_called = false;
+		$filter_calls = array();
 		add_filter(
-			'script_data_jquery-core',
-			function ( $l10n ) use ( &$filter_called ) {
-				$filter_called = true;
-				$l10n['filtered'] = 'true';
-				return $l10n;
+			'script_data_registered-only',
+			function ( $data ) use ( &$filter_calls ) {
+				$filter_calls[] = 'registered-only';
+				return $data;
 			}
 		);
 
-		$output = get_echo( 'wp_print_scripts' );
+		add_filter(
+			'script_data_enqueued',
+			function ( $data ) use ( &$filter_calls ) {
+				$filter_calls[] = 'enqueued';
+				$data['test'] = 'value';
+				return $data;
+			}
+		);
+
+		$output = get_echo( 'wp_print_script_data' );
+
+		$this->assertSame( array( 'enqueued' ), $filter_calls );
+		$this->assertStringNotContainsString( 'wp-script-data-registered-only', $output );
+		$this->assertStringContainsString( 'wp-script-data-enqueued', $output );
+	}
+
+	/**
+	 * Tests that the script_data_{$handle} filter works independently from wp_localize_script.
+	 *
+	 * @covers WP_Scripts::print_script_data
+	 */
+	public function test_script_data_filter_independent_from_localize() {
+		wp_enqueue_script( 'test-script', '/test.js', array(), null );
+		wp_localize_script( 'test-script', 'myData', array( 'localized' => 'value' ) );
+
+		add_filter(
+			'script_data_test-script',
+			function ( $data ) {
+				$data['filtered'] = 'data';
+				return $data;
+			}
+		);
+
+		$script_output = get_echo( 'wp_print_scripts' );
+		$data_output   = get_echo( 'wp_print_script_data' );
+
+		// Check localized data is in script output as JavaScript.
+		$this->assertStringContainsString( 'var myData = {"localized":"value"};', $script_output );
+
+		// Check filtered data is in data output as JSON.
+		$this->assertStringContainsString( '<script type="application/json" id="wp-script-data-test-script">', $data_output );
+		$this->assertStringContainsString( '"filtered":"data"', $data_output );
 
-		$this->assertTrue( $filter_called, 'Filter should be called for jquery-core handle' );
-		$this->assertStringContainsString( '"filtered":"true"', $output );
+		// Data output should not contain the localized script data.
+		$this->assertStringNotContainsString( 'myData', $data_output );
+		$this->assertStringNotContainsString( 'localized', $data_output );
 	}
 }

From 4e490eee88c963f818a6f9afa9417c1ce0f6efbb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:31:40 +0000
Subject: [PATCH 05/12] Optimize print_script_data method - extract charset
 check outside loop and simplify iteration

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php | 72 +++++++++++++---------------
 1 file changed, 34 insertions(+), 38 deletions(-)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index e710b371ae5e6..034355a6a3309 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -1196,14 +1196,41 @@ protected function get_dependency_warning_message( $handle, $missing_dependency_
 	 * @since 6.8.0
 	 */
 	public function print_script_data() {
-		$scripts = array();
-
-		// Collect all enqueued scripts and their dependencies.
-		foreach ( array_unique( $this->queue ) as $handle ) {
-			$scripts[ $handle ] = true;
+		/*
+		 * Determine JSON encoding flags once, outside the loop.
+		 * The charset won't change during iteration.
+		 *
+		 * This data will be printed as JSON inside a script tag like this:
+		 *   <script type="application/json"></script>
+		 *
+		 * A script tag must be closed by a sequence beginning with `</`. It's impossible to
+		 * close a script tag without using `<`. We ensure that `<` is escaped and `/` can
+		 * remain unescaped, so `</script>` will be printed as `\u003C/script>`.
+		 *
+		 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
+		 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
+		 *
+		 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
+		 *
+		 *   - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
+		 *   - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
+		 *     JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
+		 *     before PHP 7.1 without this constant. Available as of PHP 7.1.0.
+		 *
+		 * The JSON specification requires encoding in UTF-8, so if the generated HTML page
+		 * is not encoded in UTF-8 then it's not safe to include those literals. They must
+		 * be escaped to avoid encoding issues.
+		 *
+		 * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
+		 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
+		 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
+		 */
+		$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
+		if ( ! is_utf8_charset() ) {
+			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
 		}
 
-		foreach ( array_keys( $scripts ) as $handle ) {
+		foreach ( array_unique( $this->queue ) as $handle ) {
 			/**
 			 * Filters data associated with a given script.
 			 *
@@ -1253,38 +1280,7 @@ public function print_script_data() {
 			 */
 			$data = apply_filters( "script_data_{$handle}", array() );
 
-			if ( is_array( $data ) && array() !== $data ) {
-				/*
-				 * This data will be printed as JSON inside a script tag like this:
-				 *   <script type="application/json"></script>
-				 *
-				 * A script tag must be closed by a sequence beginning with `</`. It's impossible to
-				 * close a script tag without using `<`. We ensure that `<` is escaped and `/` can
-				 * remain unescaped, so `</script>` will be printed as `\u003C/script>`.
-				 *
-				 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
-				 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
-				 *
-				 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
-				 *
-				 *   - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
-				 *   - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
-				 *     JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
-				 *     before PHP 7.1 without this constant. Available as of PHP 7.1.0.
-				 *
-				 * The JSON specification requires encoding in UTF-8, so if the generated HTML page
-				 * is not encoded in UTF-8 then it's not safe to include those literals. They must
-				 * be escaped to avoid encoding issues.
-				 *
-				 * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
-				 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
-				 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
-				 */
-				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
-				if ( ! is_utf8_charset() ) {
-					$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
-				}
-
+			if ( is_array( $data ) && ! empty( $data ) ) {
 				wp_print_inline_script_tag(
 					(string) wp_json_encode(
 						$data,

From 14e4ff92009298da32662e6da7d035d3d883bea6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:33:50 +0000
Subject: [PATCH 06/12] Remove redundant is_array check and improve test naming

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php         | 2 +-
 tests/phpunit/tests/dependencies/scripts.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index 034355a6a3309..affc55adac562 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -1280,7 +1280,7 @@ public function print_script_data() {
 			 */
 			$data = apply_filters( "script_data_{$handle}", array() );
 
-			if ( is_array( $data ) && ! empty( $data ) ) {
+			if ( ! empty( $data ) ) {
 				wp_print_inline_script_tag(
 					(string) wp_json_encode(
 						$data,
diff --git a/tests/phpunit/tests/dependencies/scripts.php b/tests/phpunit/tests/dependencies/scripts.php
index 3e7be7234baf0..e57418c3c957b 100644
--- a/tests/phpunit/tests/dependencies/scripts.php
+++ b/tests/phpunit/tests/dependencies/scripts.php
@@ -4124,11 +4124,11 @@ public function test_wp_scripts_doing_it_wrong_for_missing_dependencies() {
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter outputs JSON script tags.
+	 * Tests that print_script_data outputs JSON script tags.
 	 *
 	 * @covers WP_Scripts::print_script_data
 	 */
-	public function test_script_data_filter_outputs_json_script_tag() {
+	public function test_print_script_data_outputs_json_script_tag() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
 
 		add_filter(

From 16c9b3fb2d2731f2b24d2b27e122ae6b87e1272b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:46:51 +0000
Subject: [PATCH 07/12] Refactor: Integrate script_data filter directly into
 do_item() method

- Removed separate print_script_data() method and wp_print_script_data() wrapper
- Removed action hooks from wp_footer and admin_print_footer_scripts
- Filter now runs during script processing in do_item()
- Data script tag is output immediately before each script tag
- Updated all tests to use wp_print_scripts instead of wp_print_script_data
- Added test to verify data tag appears before script tag

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-admin/includes/admin-filters.php      |   1 -
 src/wp-includes/class-wp-scripts.php         | 207 +++++++++----------
 src/wp-includes/default-filters.php          |   1 -
 src/wp-includes/functions.wp-scripts.php     |  17 --
 tests/phpunit/tests/dependencies/scripts.php |  54 +++--
 5 files changed, 120 insertions(+), 160 deletions(-)

diff --git a/src/wp-admin/includes/admin-filters.php b/src/wp-admin/includes/admin-filters.php
index e48cac473ef4d..6776f5898ad58 100644
--- a/src/wp-admin/includes/admin-filters.php
+++ b/src/wp-admin/includes/admin-filters.php
@@ -59,7 +59,6 @@
 add_action( 'admin_print_scripts', 'print_emoji_detection_script' );
 add_action( 'admin_print_scripts', 'print_head_scripts', 20 );
 add_action( 'admin_print_footer_scripts', '_wp_footer_scripts' );
-add_action( 'admin_print_footer_scripts', 'wp_print_script_data', 21 );
 add_action( 'admin_enqueue_scripts', 'wp_enqueue_emoji_styles' );
 add_action( 'admin_print_styles', 'print_emoji_styles' ); // Retained for backwards-compatibility. Unhooked by wp_enqueue_emoji_styles().
 add_action( 'admin_print_styles', 'print_admin_styles', 20 );
diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index affc55adac562..15796241193c4 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -452,7 +452,101 @@ public function do_item( $handle, $group = false ) {
 			$attr['data-wp-fetchpriority'] = $original_fetchpriority;
 		}
 
-		$tag  = $translations . $before_script;
+		/**
+		 * Filters data associated with a given script.
+		 *
+		 * Scripts may require data that is required for initialization or is essential
+		 * to have immediately available on page load. These are suitable use cases for
+		 * this data.
+		 *
+		 * The dynamic portion of the hook name, `$handle`, refers to the script handle.
+		 *
+		 * This is best suited to pass essential data that must be available to the script for
+		 * initialization or immediately on page load. It does not replace the REST API or
+		 * fetching data from the client.
+		 *
+		 * Example:
+		 *
+		 *     add_filter(
+		 *         'script_data_my-script-handle',
+		 *         function ( array $data ): array {
+		 *             $data['myConfig'] = array( 'key' => 'value' );
+		 *             return $data;
+		 *         }
+		 *     );
+		 *
+		 * If the filter returns no data (an empty array), nothing will be embedded in the page.
+		 *
+		 * The data for a given script, if provided, will be JSON serialized in a script
+		 * tag with an ID of the form `wp-script-data-{$handle}` and type `application/json`.
+		 *
+		 * The data can be read on the client with a pattern like this:
+		 *
+		 * Example:
+		 *
+		 *     const dataContainer = document.getElementById( 'wp-script-data-my-script-handle' );
+		 *     let data = {};
+		 *     if ( dataContainer ) {
+		 *         try {
+		 *             data = JSON.parse( dataContainer.textContent );
+		 *         } catch {}
+		 *     }
+		 *     // data.myConfig.key === 'value';
+		 *     initMyScriptWithData( data );
+		 *
+		 * @since 6.8.0
+		 *
+		 * @param array $data The data associated with the script.
+		 */
+		$script_data = apply_filters( "script_data_{$handle}", array() );
+
+		$data_tag = '';
+		if ( ! empty( $script_data ) ) {
+			/*
+			 * This data will be printed as JSON inside a script tag like this:
+			 *   <script type="application/json"></script>
+			 *
+			 * A script tag must be closed by a sequence beginning with `</`. It's impossible to
+			 * close a script tag without using `<`. We ensure that `<` is escaped and `/` can
+			 * remain unescaped, so `</script>` will be printed as `\u003C/script>`.
+			 *
+			 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
+			 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
+			 *
+			 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
+			 *
+			 *   - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
+			 *   - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
+			 *     JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
+			 *     before PHP 7.1 without this constant. Available as of PHP 7.1.0.
+			 *
+			 * The JSON specification requires encoding in UTF-8, so if the generated HTML page
+			 * is not encoded in UTF-8 then it's not safe to include those literals. They must
+			 * be escaped to avoid encoding issues.
+			 *
+			 * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
+			 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
+			 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
+			 */
+			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
+			if ( ! is_utf8_charset() ) {
+				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
+			}
+
+			$data_tag = wp_print_inline_script_tag(
+				(string) wp_json_encode(
+					$script_data,
+					$json_encode_flags
+				),
+				array(
+					'type' => 'application/json',
+					'id'   => "wp-script-data-{$handle}",
+				),
+				false
+			);
+		}
+
+		$tag  = $translations . $before_script . $data_tag;
 		$tag .= wp_get_script_tag( $attr );
 		$tag .= $after_script;
 
@@ -1183,115 +1277,4 @@ protected function get_dependency_warning_message( $handle, $missing_dependency_
 		);
 	}
 
-	/**
-	 * Prints data associated with scripts.
-	 *
-	 * The data will be embedded in the page HTML and can be read by scripts on page load.
-	 *
-	 * Data can be associated with a script via the {@see "script_data_{$handle}"} filter.
-	 *
-	 * The data for a script will be serialized as JSON in a script tag with an ID of the
-	 * form `wp-script-data-{$handle}`.
-	 *
-	 * @since 6.8.0
-	 */
-	public function print_script_data() {
-		/*
-		 * Determine JSON encoding flags once, outside the loop.
-		 * The charset won't change during iteration.
-		 *
-		 * This data will be printed as JSON inside a script tag like this:
-		 *   <script type="application/json"></script>
-		 *
-		 * A script tag must be closed by a sequence beginning with `</`. It's impossible to
-		 * close a script tag without using `<`. We ensure that `<` is escaped and `/` can
-		 * remain unescaped, so `</script>` will be printed as `\u003C/script>`.
-		 *
-		 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
-		 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
-		 *
-		 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
-		 *
-		 *   - JSON_UNESCAPED_UNICODE: Encode multibyte Unicode characters literally (instead of as `\uXXXX`).
-		 *   - JSON_UNESCAPED_LINE_TERMINATORS: The line terminators are kept unescaped when
-		 *     JSON_UNESCAPED_UNICODE is supplied. It uses the same behaviour as it was
-		 *     before PHP 7.1 without this constant. Available as of PHP 7.1.0.
-		 *
-		 * The JSON specification requires encoding in UTF-8, so if the generated HTML page
-		 * is not encoded in UTF-8 then it's not safe to include those literals. They must
-		 * be escaped to avoid encoding issues.
-		 *
-		 * @see https://www.rfc-editor.org/rfc/rfc8259.html for details on encoding requirements.
-		 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
-		 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
-		 */
-		$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
-		if ( ! is_utf8_charset() ) {
-			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
-		}
-
-		foreach ( array_unique( $this->queue ) as $handle ) {
-			/**
-			 * Filters data associated with a given script.
-			 *
-			 * The dynamic portion of the hook name, `$handle`, refers to the script handle.
-			 *
-			 * Scripts may require data that is required for initialization or is essential
-			 * to have immediately available on page load. These are suitable use cases for
-			 * this data.
-			 *
-			 * This is best suited to pass essential data that must be available to the script for
-			 * initialization or immediately on page load. It does not replace the REST API or
-			 * fetching data from the client.
-			 *
-			 * Example:
-			 *
-			 *     add_filter(
-			 *         'script_data_my-script-handle',
-			 *         function ( array $data ): array {
-			 *             $data['myData'] = array(
-			 *                 'option' => get_option( 'my_option' ),
-			 *             );
-			 *             return $data;
-			 *         }
-			 *     );
-			 *
-			 * If the filter returns no data (an empty array), nothing will be embedded in the page.
-			 *
-			 * The data for a given script, if provided, will be JSON serialized in a script
-			 * tag with an ID of the form `wp-script-data-{$handle}`.
-			 *
-			 * The data can be read on the client with a pattern like this:
-			 *
-			 * Example:
-			 *
-			 *     const dataContainer = document.getElementById( 'wp-script-data-my-script-handle' );
-			 *     let data = {};
-			 *     if ( dataContainer ) {
-			 *         try {
-			 *             data = JSON.parse( dataContainer.textContent );
-			 *         } catch {}
-			 *     }
-			 *     initMyScriptWithData( data );
-			 *
-			 * @since 6.8.0
-			 *
-			 * @param array $data The data associated with the script.
-			 */
-			$data = apply_filters( "script_data_{$handle}", array() );
-
-			if ( ! empty( $data ) ) {
-				wp_print_inline_script_tag(
-					(string) wp_json_encode(
-						$data,
-						$json_encode_flags
-					),
-					array(
-						'type' => 'application/json',
-						'id'   => "wp-script-data-{$handle}",
-					)
-				);
-			}
-		}
-	}
 }
diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
index 0eac638ddcce7..68dccd979f2fe 100644
--- a/src/wp-includes/default-filters.php
+++ b/src/wp-includes/default-filters.php
@@ -361,7 +361,6 @@
 add_action( 'wp_head', 'wp_site_icon', 99 );
 add_action( 'wp_footer', 'wp_print_speculation_rules' );
 add_action( 'wp_footer', 'wp_print_footer_scripts', 20 );
-add_action( 'wp_footer', 'wp_print_script_data', 21 );
 add_action( 'template_redirect', 'wp_shortlink_header', 11, 0 );
 add_action( 'wp_print_footer_scripts', '_wp_footer_scripts' );
 add_action( 'init', '_register_core_block_patterns_and_categories' );
diff --git a/src/wp-includes/functions.wp-scripts.php b/src/wp-includes/functions.wp-scripts.php
index c34b8bca92df4..f86b456d5f69a 100644
--- a/src/wp-includes/functions.wp-scripts.php
+++ b/src/wp-includes/functions.wp-scripts.php
@@ -450,20 +450,3 @@ function wp_script_is( $handle, $status = 'enqueued' ) {
 function wp_script_add_data( $handle, $key, $value ) {
 	return wp_scripts()->add_data( $handle, $key, $value );
 }
-
-/**
- * Prints data associated with enqueued scripts.
- *
- * @since 6.8.0
- *
- * @see WP_Scripts::print_script_data()
- */
-function wp_print_script_data() {
-	global $wp_scripts;
-
-	if ( ! ( $wp_scripts instanceof WP_Scripts ) ) {
-		return;
-	}
-
-	$wp_scripts->print_script_data();
-}
diff --git a/tests/phpunit/tests/dependencies/scripts.php b/tests/phpunit/tests/dependencies/scripts.php
index e57418c3c957b..44f097eba68fb 100644
--- a/tests/phpunit/tests/dependencies/scripts.php
+++ b/tests/phpunit/tests/dependencies/scripts.php
@@ -4124,11 +4124,11 @@ public function test_wp_scripts_doing_it_wrong_for_missing_dependencies() {
 	}
 
 	/**
-	 * Tests that print_script_data outputs JSON script tags.
+	 * Tests that script_data_{$handle} filter outputs JSON script tags before the script.
 	 *
-	 * @covers WP_Scripts::print_script_data
+	 * @covers WP_Scripts::do_item
 	 */
-	public function test_print_script_data_outputs_json_script_tag() {
+	public function test_script_data_filter_outputs_json_script_tag() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
 
 		add_filter(
@@ -4139,7 +4139,7 @@ function ( $data ) {
 			}
 		);
 
-		$output = get_echo( 'wp_print_script_data' );
+		$output = get_echo( 'wp_print_scripts' );
 
 		$this->assertStringContainsString( '<script type="application/json" id="wp-script-data-test-script">', $output );
 		$this->assertStringContainsString( '"foo":"bar"', $output );
@@ -4148,7 +4148,7 @@ function ( $data ) {
 	/**
 	 * Tests that the script_data_{$handle} filter receives an empty array by default.
 	 *
-	 * @covers WP_Scripts::print_script_data
+	 * @covers WP_Scripts::do_item
 	 */
 	public function test_script_data_filter_receives_empty_array() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
@@ -4163,7 +4163,7 @@ function ( $data ) use ( &$filter_called ) {
 			}
 		);
 
-		get_echo( 'wp_print_script_data' );
+		get_echo( 'wp_print_scripts' );
 
 		$this->assertTrue( $filter_called, 'Filter should have been called' );
 	}
@@ -4171,7 +4171,7 @@ function ( $data ) use ( &$filter_called ) {
 	/**
 	 * Tests that the script_data_{$handle} filter doesn't output anything for empty data.
 	 *
-	 * @covers WP_Scripts::print_script_data
+	 * @covers WP_Scripts::do_item
 	 */
 	public function test_script_data_filter_no_output_for_empty_data() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
@@ -4184,15 +4184,16 @@ function ( $data ) {
 			}
 		);
 
-		$output = get_echo( 'wp_print_script_data' );
+		$output = get_echo( 'wp_print_scripts' );
 
-		$this->assertSame( '', $output );
+		// Should not contain data script tag.
+		$this->assertStringNotContainsString( 'wp-script-data-test-script', $output );
 	}
 
 	/**
 	 * Tests that the script_data_{$handle} filter is called for each enqueued script.
 	 *
-	 * @covers WP_Scripts::print_script_data
+	 * @covers WP_Scripts::do_item
 	 */
 	public function test_script_data_filter_called_for_each_enqueued_script() {
 		wp_enqueue_script( 'script-1', '/script-1.js', array(), null );
@@ -4217,7 +4218,7 @@ function ( $data ) use ( &$filter_calls ) {
 			}
 		);
 
-		$output = get_echo( 'wp_print_script_data' );
+		$output = get_echo( 'wp_print_scripts' );
 
 		$this->assertSame( array( 'script-1', 'script-2' ), $filter_calls );
 		$this->assertStringContainsString( 'wp-script-data-script-1', $output );
@@ -4229,7 +4230,7 @@ function ( $data ) use ( &$filter_calls ) {
 	/**
 	 * Tests that the script_data_{$handle} filter is only called for enqueued scripts.
 	 *
-	 * @covers WP_Scripts::print_script_data
+	 * @covers WP_Scripts::do_item
 	 */
 	public function test_script_data_filter_only_called_for_enqueued_scripts() {
 		wp_register_script( 'registered-only', '/registered-only.js', array(), null );
@@ -4253,7 +4254,7 @@ function ( $data ) use ( &$filter_calls ) {
 			}
 		);
 
-		$output = get_echo( 'wp_print_script_data' );
+		$output = get_echo( 'wp_print_scripts' );
 
 		$this->assertSame( array( 'enqueued' ), $filter_calls );
 		$this->assertStringNotContainsString( 'wp-script-data-registered-only', $output );
@@ -4261,34 +4262,29 @@ function ( $data ) use ( &$filter_calls ) {
 	}
 
 	/**
-	 * Tests that the script_data_{$handle} filter works independently from wp_localize_script.
+	 * Tests that the script_data_{$handle} filter outputs data before the script tag.
 	 *
-	 * @covers WP_Scripts::print_script_data
+	 * @covers WP_Scripts::do_item
 	 */
-	public function test_script_data_filter_independent_from_localize() {
+	public function test_script_data_filter_outputs_before_script() {
 		wp_enqueue_script( 'test-script', '/test.js', array(), null );
-		wp_localize_script( 'test-script', 'myData', array( 'localized' => 'value' ) );
 
 		add_filter(
 			'script_data_test-script',
 			function ( $data ) {
-				$data['filtered'] = 'data';
+				$data['config'] = 'value';
 				return $data;
 			}
 		);
 
-		$script_output = get_echo( 'wp_print_scripts' );
-		$data_output   = get_echo( 'wp_print_script_data' );
-
-		// Check localized data is in script output as JavaScript.
-		$this->assertStringContainsString( 'var myData = {"localized":"value"};', $script_output );
+		$output = get_echo( 'wp_print_scripts' );
 
-		// Check filtered data is in data output as JSON.
-		$this->assertStringContainsString( '<script type="application/json" id="wp-script-data-test-script">', $data_output );
-		$this->assertStringContainsString( '"filtered":"data"', $data_output );
+		// Find positions of data script tag and script tag.
+		$data_pos = strpos( $output, 'wp-script-data-test-script' );
+		$script_pos = strpos( $output, 'test-script-js' );
 
-		// Data output should not contain the localized script data.
-		$this->assertStringNotContainsString( 'myData', $data_output );
-		$this->assertStringNotContainsString( 'localized', $data_output );
+		$this->assertNotFalse( $data_pos, 'Data script tag should be present' );
+		$this->assertNotFalse( $script_pos, 'Script tag should be present' );
+		$this->assertLessThan( $script_pos, $data_pos, 'Data script tag should come before script tag' );
 	}
 }

From 3edd50e31248aa0bc97b889b5f9981a98c8bc58d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 17:48:38 +0000
Subject: [PATCH 08/12] Add comment explaining wp_print_inline_script_tag
 return parameter

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index 15796241193c4..29b11170ceb86 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -533,6 +533,10 @@ public function do_item( $handle, $group = false ) {
 				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
 			}
 
+			/*
+			 * Return the data script tag as a string (third parameter false) rather than echoing it.
+			 * This allows it to be included with the script tag in the concatenated output.
+			 */
 			$data_tag = wp_print_inline_script_tag(
 				(string) wp_json_encode(
 					$script_data,

From 0fbee29bef3b21fbbf0a447ef12b2617a18cd35a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 16 Dec 2025 16:31:05 +0000
Subject: [PATCH 09/12] Address code review feedback

- Rename $data_tag to $script_data_tag for clarity
- Remove unnecessary (string) coercion from wp_json_encode
- Update @since tag to 7.0.0
- Remove empty line before closing brace

Co-authored-by: sirreal <841763+sirreal@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index 29b11170ceb86..3330b911c6a55 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -494,13 +494,13 @@ public function do_item( $handle, $group = false ) {
 		 *     // data.myConfig.key === 'value';
 		 *     initMyScriptWithData( data );
 		 *
-		 * @since 6.8.0
+		 * @since 7.0.0
 		 *
 		 * @param array $data The data associated with the script.
 		 */
 		$script_data = apply_filters( "script_data_{$handle}", array() );
 
-		$data_tag = '';
+		$script_data_tag = '';
 		if ( ! empty( $script_data ) ) {
 			/*
 			 * This data will be printed as JSON inside a script tag like this:
@@ -537,8 +537,8 @@ public function do_item( $handle, $group = false ) {
 			 * Return the data script tag as a string (third parameter false) rather than echoing it.
 			 * This allows it to be included with the script tag in the concatenated output.
 			 */
-			$data_tag = wp_print_inline_script_tag(
-				(string) wp_json_encode(
+			$script_data_tag = wp_print_inline_script_tag(
+				wp_json_encode(
 					$script_data,
 					$json_encode_flags
 				),
@@ -550,7 +550,7 @@ public function do_item( $handle, $group = false ) {
 			);
 		}
 
-		$tag  = $translations . $before_script . $data_tag;
+		$tag  = $translations . $before_script . $script_data_tag;
 		$tag .= wp_get_script_tag( $attr );
 		$tag .= $after_script;
 
@@ -1280,5 +1280,4 @@ protected function get_dependency_warning_message( $handle, $missing_dependency_
 			implode( ', ', $missing_dependency_handles )
 		);
 	}
-
 }

From d89d333fe0d6fc8dd095f703e40f14d60b3d553f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Dec 2025 23:19:21 +0000
Subject: [PATCH 10/12] Add JSON_INVALID_UTF8_SUBSTITUTE flag for better UTF-8
 handling

- Add JSON_INVALID_UTF8_SUBSTITUTE to json_encode flags
- This prevents failures on invalid UTF-8 by substituting with U+FFFD
- Provides defense-in-depth beyond wp_json_encode's sanity checking
- Document the flag's purpose in the inline comment

Co-authored-by: dmsnell <5431237+dmsnell@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index 3330b911c6a55..c70b9c51ffb47 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -512,6 +512,8 @@ public function do_item( $handle, $group = false ) {
 			 *
 			 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
 			 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
+			 *   - JSON_INVALID_UTF8_SUBSTITUTE: Substitute invalid UTF-8 characters with the Unicode
+			 *     replacement character U+FFFD (�) instead of failing.
 			 *
 			 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
 			 *
@@ -528,9 +530,9 @@ public function do_item( $handle, $group = false ) {
 			 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
 			 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
 			 */
-			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
+			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS | JSON_INVALID_UTF8_SUBSTITUTE;
 			if ( ! is_utf8_charset() ) {
-				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
+				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_INVALID_UTF8_SUBSTITUTE;
 			}
 
 			/*

From d9f018ffa2dc3b6826a07644aa1b4213191cc5cb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 18 Dec 2025 04:09:23 +0000
Subject: [PATCH 11/12] Revert "Add JSON_INVALID_UTF8_SUBSTITUTE flag for
 better UTF-8 handling"

This reverts commit d89d333. The flag was added based on incorrect analysis.
wp_json_encode() already handles invalid UTF-8 through its fallback
mechanism (_wp_json_sanity_check), converting invalid bytes to "?".

The implementation now matches script modules exactly, using only:
- JSON_HEX_TAG
- JSON_UNESCAPED_SLASHES
- JSON_UNESCAPED_UNICODE (UTF-8 pages only)
- JSON_UNESCAPED_LINE_TERMINATORS (UTF-8 pages only)

Co-authored-by: dmsnell <5431237+dmsnell@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index c70b9c51ffb47..3330b911c6a55 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -512,8 +512,6 @@ public function do_item( $handle, $group = false ) {
 			 *
 			 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
 			 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
-			 *   - JSON_INVALID_UTF8_SUBSTITUTE: Substitute invalid UTF-8 characters with the Unicode
-			 *     replacement character U+FFFD (�) instead of failing.
 			 *
 			 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
 			 *
@@ -530,9 +528,9 @@ public function do_item( $handle, $group = false ) {
 			 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
 			 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
 			 */
-			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS | JSON_INVALID_UTF8_SUBSTITUTE;
+			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
 			if ( ! is_utf8_charset() ) {
-				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_INVALID_UTF8_SUBSTITUTE;
+				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
 			}
 
 			/*

From cf669ad5165d4fcbd972d409170ca8a7743e85d5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 18 Dec 2025 04:19:41 +0000
Subject: [PATCH 12/12] Add JSON_INVALID_UTF8_SUBSTITUTE flag to avoid fallback
 overhead
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Without this flag, json_encode() returns false on invalid UTF-8, triggering
wp_json_encode()'s expensive fallback mechanism (_wp_json_sanity_check)
which recursively walks all data and re-encodes.

With JSON_INVALID_UTF8_SUBSTITUTE:
- Invalid UTF-8 bytes are substituted with U+FFFD (�) in a single pass
- No fallback overhead
- Standard, consistent behavior

This is the proper solution rather than relying on the fallback.

Co-authored-by: dmsnell <5431237+dmsnell@users.noreply.github.com>
---
 src/wp-includes/class-wp-scripts.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/class-wp-scripts.php b/src/wp-includes/class-wp-scripts.php
index 3330b911c6a55..b8f8d0ff6c9d7 100644
--- a/src/wp-includes/class-wp-scripts.php
+++ b/src/wp-includes/class-wp-scripts.php
@@ -512,6 +512,9 @@ public function do_item( $handle, $group = false ) {
 			 *
 			 *   - JSON_HEX_TAG: All < and > are converted to \u003C and \u003E.
 			 *   - JSON_UNESCAPED_SLASHES: Don't escape /.
+			 *   - JSON_INVALID_UTF8_SUBSTITUTE: Substitute invalid UTF-8 sequences with U+FFFD (�)
+			 *     instead of failing. This avoids the overhead of `wp_json_encode()`'s fallback
+			 *     re-encoding and ensures consistent handling with the standard replacement character.
 			 *
 			 * If the page will use UTF-8 encoding, it's safe to print unescaped unicode:
 			 *
@@ -528,9 +531,9 @@ public function do_item( $handle, $group = false ) {
 			 * @see https://www.php.net/manual/en/json.constants.php for details on these constants.
 			 * @see https://html.spec.whatwg.org/#script-data-state for details on script tag parsing.
 			 */
-			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS;
+			$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_LINE_TERMINATORS | JSON_INVALID_UTF8_SUBSTITUTE;
 			if ( ! is_utf8_charset() ) {
-				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES;
+				$json_encode_flags = JSON_HEX_TAG | JSON_UNESCAPED_SLASHES | JSON_INVALID_UTF8_SUBSTITUTE;
 			}
 
 			/*