added escaping to the for id attribute for scripts and styles

Author: XecurAbhijeet

src/wp-includes/class-wp-scripts.php

@@ -341,7 +341,7 @@ public function do_item( $handle, $group = false ) {
 
 		$translations = $this->print_translations( $handle, false );
 		if ( $translations ) {
-			$translations = wp_get_inline_script_tag( $translations, array( 'id' => "{$handle}-js-translations" ) );
+			$translations = wp_get_inline_script_tag( $translations, array( 'id' => esc_attr( $handle ) . '-js-translations' ) );
 		}
 
 		if ( $this->do_concat ) {
@@ -417,7 +417,7 @@ public function do_item( $handle, $group = false ) {
 
 		$attr = array(
 			'src' => $src,
-			'id'  => "{$handle}-js",
+			'id'  => esc_attr( $handle ) . '-js',
 		);
 		if ( $strategy ) {
 			$attr[ $strategy ] = true;

src/wp-includes/class-wp-styles.php

@@ -229,7 +229,7 @@ public function do_item( $handle, $group = false ) {
 		$tag = sprintf(
 			"<link rel='%s' id='%s-css'%s href='%s'%s media='%s' />\n",
 			$rel,
-			$handle,
+			esc_attr( $handle ),
 			$title,
 			$href,
 			$this->type_attr,
@@ -261,7 +261,7 @@ public function do_item( $handle, $group = false ) {
 			$rtl_tag = sprintf(
 				"<link rel='%s' id='%s-rtl-css'%s href='%s'%s media='%s' />\n",
 				$rel,
-				$handle,
+				esc_attr( $handle ),
 				$title,
 				$rtl_href,
 				$this->type_attr,