Prevent entity normalization mangling HTML like '

[sirreal]

Prevent the wp_kses_normalize_entities function from transforming inputs like ' to ', changing its value. That transformation changes the input in a way that is not normalized results in significantly different HTML.

Trac ticket: https://core.trac.wordpress.org/ticket/63630

✅ (merged) This change includes #9095 which should be reviewed and landed first.

---

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props jonsurrell, dmsnell.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[github-actions]

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

• The Plugin and Theme Directories cannot be accessed within Playground.
• All changes will be lost when closing a tab with a Playground instance.
• All changes will be lost when refreshing the page.
• A fresh instance is created each time the link below is clicked.
• Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
  it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

[sirreal]

PR 9095 landed in [60446], this change is now unblocked.

[dmsnell]

While it think it would be best to find another reviewer (perhaps @xknown or @johnbillion or @mdawaffe) I think this is sound at face value and it’s not breaking tests.

The fix makes sense theoretically and behaves as we expect.

As a side note, this entire function is ripe for replacement with the HTML API whereby we can reliably resolve encoding and escaping issues, but for now this change brings an immediate improvement without raising new questions about legacy bugs or interfaces.

This change should break behavior with old sites, but as demonstrated in the comment in the code, I believe that any existing code relying on the broken behavior is bound to be broken in some way already, making this change a wash.

For HTML saved as intended, this preserves existing behaviors.

[dmsnell]

as a clarification, I wanted to note that while this introduces a change of behavior, it’s not doing so in a way I would expect it to break things.

previously, those characters might be corrupted through Core, and if some plugin looks for them and tries to repair them, perhaps that code would now see different data coming through the filter stack.

in all of the cases where the behavior is different though, the existing options are fundamentally broken because the corruption happened by Core at the start. this should only improve the situation.

[sirreal]

I shared this and requested review at the July 16, 2025 Core devchat.

I plan to land this in the next few days unless there are reviews that raise concerns or other issues.

[github-actions]

A commit was made that fixes the Trac ticket referenced in the description of this pull request.

SVN changeset: 60616
GitHub commit: b91b757

This PR will be closed, but please confirm the accuracy of this and reopen if there is more work to be done.