Make WordPress Core

Changeset 56493


Ignore:
Timestamp:
08/30/2023 03:37:33 PM (13 months ago)
Author:
Bernhard Reiter
Message:

HTML API: Stop processing HTML when encountering unsupported markup.

It was a design goal of the HTML Processor to abort processing its input document when encountering unsupported markup. Unfortunately there was no test for this and so-far, the HTML Processor has paused, but continued processing in these situations.

In this patch a new test ensures that the HTML Processor stops and refuses to move forward after encountering any unsupported markup. It also ensures that it doesn't report any current tag names since unsupported markup could imply that the read tag name is different than the parsed tag name.

Props dmsnell.
Fixes #59167.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/html-api/class-wp-html-processor.php

    r56380 r56493  
    433433     */
    434434    public function step( $node_to_process = self::PROCESS_NEXT_NODE ) {
     435        // Refuse to proceed if there was a previous error.
     436        if ( null !== $this->last_error ) {
     437            return false;
     438        }
     439
    435440        if ( self::PROCESS_NEXT_NODE === $node_to_process ) {
    436441            $top_node = $this->state->stack_of_open_elements->current_node();
     
    745750     */
    746751    public function get_tag() {
     752        if ( null !== $this->last_error ) {
     753            return null;
     754        }
     755
    747756        $tag_name = parent::get_tag();
    748757
  • trunk/tests/phpunit/tests/html-api/wpHtmlProcessor.php

    r56299 r56493  
    4141            "Calling the public constructor should warn to call the static creator methods instead, but didn't."
    4242        );
     43    }
     44
     45    /**
     46     * Once stepping to the end of the document, WP_HTML_Processor::get_tag
     47     * should no longer report a tag. It should report `null` because there
     48     * is no tag matched or open.
     49     *
     50     * @ticket 59167
     51     *
     52     * @covers WP_HTML_Processor::get_tag
     53     */
     54    public function test_get_tag_is_null_once_document_is_finished() {
     55        $p = WP_HTML_Processor::createFragment( '<div class="test">Test</div>' );
     56        $p->next_tag();
     57        $this->assertSame( 'DIV', $p->get_tag() );
     58
     59        $this->assertFalse( $p->next_tag() );
     60        $this->assertNull( $p->get_tag() );
     61    }
     62
     63    /**
     64     * Ensures that if the HTML Processor encounters inputs that it can't properly handle,
     65     * that it stops processing the rest of the document. This prevents data corruption.
     66     *
     67     * @ticket 59167
     68     *
     69     * @covers WP_HTML_Processor::next_tag
     70     */
     71    public function test_stops_processing_after_unsupported_elements() {
     72        $p = WP_HTML_Processor::createFragment( '<p><x-not-supported></p><p></p>' );
     73        $p->next_tag( 'P' );
     74        $this->assertFalse( $p->next_tag(), 'Stepped into a tag after encountering X-NOT-SUPPORTED element when it should have aborted.' );
     75        $this->assertNull( $p->get_tag(), "Should have aborted processing, but still reported tag {$p->get_tag()} after properly failing to step into tag." );
     76        $this->assertFalse( $p->next_tag( 'P' ), 'Stepped into normal P element after X-NOT-SUPPORTED element when it should have aborted.' );
    4377    }
    4478
Note: See TracChangeset for help on using the changeset viewer.