Add more missing json_encode flags

[anomiex]

Closes MONOREP-281

Proposed changes:

The functions wp_send_json(), wp_send_json_success(), and wp_send_json_error() also have a $flags argument that defaults to 0. Given the nature of these functions (returning-and-exiting from ajax endpoints after setting the content type header),
JSON_UNESCAPED_SLASHES is likely correct for all of them.

Also there was one wp_json_encode missed, one done incorrectly in an unused test, and three added since the last PR.

Other information:

• Have you written new tests for your changes, if applicable?
• Have you checked the E2E test CI results, and verified that your changes do not break them?
• Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

See MONOREP-129 and further discussion in p1763997995289799-slack-C05Q5HSS013.

Does this pull request change what data or activity we track or use?

No

Testing instructions:

• Stuff still work?

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack or WordPress.com Site Helper), and enable the fix/more-json-encode-flags branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack fix/more-json-encode-flags

bin/jetpack-downloader test jetpack-mu-wpcom-plugin fix/more-json-encode-flags

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• 🔴 Add a "[Status]" label (In Progress, Needs Review, ...).
  
• 🔴 Add a "[Type]" label (Bug, Enhancement, Janitorial, Task).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

---

Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

• WordPress.com Simple releases happen as soon as you deploy your changes after merging this PR (PCYsg-Jjm-p2).
• WoA releases happen weekly.
• Releases to self-hosted sites happen monthly:
  • Scheduled release: January 6, 2026

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Boost plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Super Cache plugin:

No scheduled milestone found for this plugin.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Wpcomsh plugin:

• Next scheduled release: Atomic deploys happen twice daily on weekdays (p9o2xV-2EN-p2)

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[jp-launch-control]

Code Coverage Summary

Coverage changed in 12 files. Only the first 5 are listed here.

File	Coverage	Δ%	Δ Uncovered
projects/packages/forms/src/contact-form/class-contact-form-plugin.php	471/1391 (33.86%)	-0.17%	7 💔
projects/plugins/jetpack/modules/carousel/jetpack-carousel.php	131/599 (21.87%)	-0.18%	5 💔
projects/packages/connection/src/class-tracking.php	72/132 (54.55%)	-0.84%	2 ❤️‍🩹
projects/packages/external-connections/src/class-external-connections.php	0/157 (0.00%)	0.00%	2 ❤️‍🩹
projects/packages/forms/src/contact-form/class-contact-form.php	918/1312 (69.97%)	-0.11%	2 ❤️‍🩹

Full summary · PHP report · JS report

_{Coverage check overridden by I don't care about code coverage for this PR Use this label to ignore the check for insufficient code coveage. .}

[anomiex]

@coder-karen Since you reviewed the other two, I'm hoping you'll give this one a look too. 🙂

[coder-karen]

Because of this change, I wonder if we can remove the manual headers in get_attachment_comments and post_attachment_comment ? Since if I'm understanding correctly wp_send_json sets this now?

[coder-karen]

Ah I guess that would just be get_attachment_comments, since post_attachment_comment still has various instances of die( wp_json_encode.

[anomiex]

We probably could, although I'm inclined not to just in case someone somewhere is doing something weird in the 'jp_carousel_check_blog_user_privileges' action or something.

Possibly at some point we should do an audit specifically for die( wp_json_encode() ), but I think I'll leave that for a different PR.

[coder-karen]

Took a look through Jetpack plugin changes and did some tests, as best as I can tell those changes make sense. For connection changes though, @bindlegirl or @sergeymitr can maybe confirm.

[coder-karen]

Took a look through Jetpack plugin changes and did some tests, as best as I can tell those changes make sense. For connection changes though, @bindlegirl or @sergeymitr can maybe confirm.