From d5e9fb87670231ecc5746ceb85f38dc9efc17227 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@ruter.net>
Date: Fri, 30 Jan 2026 23:28:47 -0800
Subject: [PATCH] Fix regression in `wp.sanitize.stripTags()` when input is
 null or undefined.

Ensure that `wp.sanitize.stripTags()` returns an empty string when the input is `null` or `undefined`, preventing it from being converted to the string "null" by `DOMParser`.

Added regression tests.

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---
 src/js/_enqueues/wp/sanitize.js           |  4 +++
 tests/qunit/index.html                    |  1 +
 tests/qunit/wp-includes/js/wp-sanitize.js | 40 +++++++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100644 tests/qunit/wp-includes/js/wp-sanitize.js

diff --git a/src/js/_enqueues/wp/sanitize.js b/src/js/_enqueues/wp/sanitize.js
index 4fec26ab30683..7b69d65416ca5 100644
--- a/src/js/_enqueues/wp/sanitize.js
+++ b/src/js/_enqueues/wp/sanitize.js
@@ -23,6 +23,10 @@
 		 * @return {string} Stripped text.
 		 */
 		stripTags: function( text ) {
+			if ( null === text || 'undefined' === typeof text ) {
+				return '';
+			}
+
 			const domParser = new DOMParser();
 			const htmlDocument = domParser.parseFromString(
 				text,
diff --git a/tests/qunit/index.html b/tests/qunit/index.html
index bcd6d8c1c6ddd..6b4c4a1dd8811 100644
--- a/tests/qunit/index.html
+++ b/tests/qunit/index.html
@@ -155,6 +155,7 @@
 		<script src="wp-includes/js/api-request.js"></script>
 		<script src="wp-includes/js/jquery.js"></script>
 		<script src="wp-includes/js/wp-api.js"></script>
+		<script src="wp-includes/js/wp-sanitize.js"></script>
 		<script src="wp-admin/js/customize-controls.js"></script>
 		<script src="wp-admin/js/customize-controls-utils.js"></script>
 		<script src="wp-admin/js/customize-nav-menus.js"></script>
diff --git a/tests/qunit/wp-includes/js/wp-sanitize.js b/tests/qunit/wp-includes/js/wp-sanitize.js
new file mode 100644
index 0000000000000..45e687845925e
--- /dev/null
+++ b/tests/qunit/wp-includes/js/wp-sanitize.js
@@ -0,0 +1,40 @@
+/* global wp */
+
+QUnit.module( 'wp.sanitize.stripTags' );
+
+QUnit.test( 'stripTags should return empty string for null input', function( assert ) {
+	const result = wp.sanitize.stripTags( null );
+	assert.strictEqual( result, '', 'stripTags( null ) should return ""' );
+} );
+
+QUnit.test( 'stripTags should return empty string for undefined input', function( assert ) {
+	const result = wp.sanitize.stripTags( undefined );
+	assert.strictEqual( result, '', 'stripTags( undefined ) should return ""' );
+} );
+
+QUnit.test( 'stripTags should strip tags from string', function( assert ) {
+	const result = wp.sanitize.stripTags( '<p>Hello <b>World</b></p>' );
+	assert.strictEqual( result, 'Hello World', 'stripTags( "<p>Hello <b>World</b></p>" ) should return "Hello World"' );
+} );
+
+QUnit.test( 'stripTags should convert numbers to strings', function( assert ) {
+	const result = wp.sanitize.stripTags( 123 );
+	assert.strictEqual( result, '123', 'stripTags( 123 ) should return "123"' );
+} );
+
+QUnit.module( 'wp.sanitize.stripTagsAndEncodeText' );
+
+QUnit.test( 'stripTagsAndEncodeText should return empty string for null input', function( assert ) {
+	const result = wp.sanitize.stripTagsAndEncodeText( null );
+	assert.strictEqual( result, '', 'stripTagsAndEncodeText( null ) should return ""' );
+} );
+
+QUnit.test( 'stripTagsAndEncodeText should return empty string for undefined input', function( assert ) {
+	const result = wp.sanitize.stripTagsAndEncodeText( undefined );
+	assert.strictEqual( result, '', 'stripTagsAndEncodeText( undefined ) should return ""' );
+} );
+
+QUnit.test( 'stripTagsAndEncodeText should strip tags and encode text', function( assert ) {
+	const result = wp.sanitize.stripTagsAndEncodeText( '<p>Hello & <b>World</b></p>' );
+	assert.strictEqual( result, 'Hello &amp; World', 'stripTagsAndEncodeText( "<p>Hello & <b>World</b></p>" ) should return "Hello &amp; World"' );
+} );