1 files changed, 13 insertions, 1 deletions

diff --git a/plugins/jetpack/3rd-party/debug-bar/class.jetpack-search-debug-bar.php b/plugins/jetpack/3rd-party/debug-bar/class.jetpack-search-debug-bar.php
index c32d7e01..025f7c21 100644
--- a/plugins/jetpack/3rd-party/debug-bar/class.jetpack-search-debug-bar.php
+++ b/plugins/jetpack/3rd-party/debug-bar/class.jetpack-search-debug-bar.php
@@ -152,7 +152,19 @@ class Jetpack_Search_Debug_Bar extends Debug_Bar_Panel {
 	public function render_json_toggle( $value ) {
 	?>
 		<div class="json-toggle-wrap">
-			<pre class="json"><?php echo wp_json_encode( $value ); ?></pre>
+			<pre class="json"><?php
+				// esc_html() will not double-encode entities (&amp; -> &amp;amp;).
+				// If any entities are part of the JSON blob, we want to re-encoode them
+				// (double-encode them) so that they are displayed correctly in the debug
+				// bar.
+				// Use _wp_specialchars() "manually" to ensure entities are encoded correctly.
+				echo _wp_specialchars(
+					wp_json_encode( $value ),
+					ENT_NOQUOTES, // Don't need to encode quotes (output is for a text node).
+					'UTF-8',      // wp_json_encode() outputs UTF-8 (really just ASCII), not the blog's charset.
+					true          // Do "double-encode" existing HTML entities
+				);
+			?></pre>
 			<span class="pretty toggle"><?php echo esc_html_x( 'Pretty', 'label for formatting JSON', 'jetpack' ); ?></span>
 			<span class="ugly toggle"><?php echo esc_html_x( 'Minify', 'label for formatting JSON', 'jetpack' ); ?></span>
 		</div>