Changeset 56563

Timestamp:

09/13/2023 12:47:25 PM (3 months ago)

Author:

Bernhard Reiter

Message:

HTML API: Skip over contents of RAWTEXT elements such as STYLE.

When encountering elements that imply switching into the RAWTEXT parsing state,
the Tag Processor should skip processing until exiting the RAWTEXT state.

In this patch the Tag Processor does just that, except for the case of the
deprecated XMP element which implies further and more complicated rules.

There's an implicit assumption that the SCRIPT ENABLED flag in HTML parsing
is enabled so that the contents of NOSCRIPT can be skipped. Otherwise, it would
be required to parse the contents of that tag.

Props dmsnell.
Fixes #59292.

Location:

trunk

Files:

• src/wp-includes/html-api/class-wp-html-tag-processor.php (modified) (5 diffs)
• tests/phpunit/tests/html-api/wpHtmlTagProcessor.php (modified) (1 diff)

trunk/src/wp-includes/html-api/class-wp-html-tag-processor.php

@@ -243 +243 @@
  *
  * @since 6.2.0
+ * @since 6.2.1 Fix: Support for various invalid comments; attribute updates are case-insensitive.
+ * @since 6.3.2 Fix: Skip HTML-like content inside rawtext elements such as STYLE.
  */
 class WP_HTML_Tag_Processor {
@@ -569 +571 @@
              */
             $t = $this->html[ $this->tag_name_starts_at ];
-            if ( ! $this->is_closing_tag && ( 's' === $t || 'S' === $t || 't' === $t || 'T' === $t ) ) {
+            if (
+                ! $this->is_closing_tag &&
+                (
+                    'i' === $t || 'I' === $t ||
+                    'n' === $t || 'N' === $t ||
+                    's' === $t || 'S' === $t ||
+                    't' === $t || 'T' === $t
+                ) ) {
                 $tag_name = $this->get_tag();
 
@@ -579 +588 @@
                     ! $this->skip_rcdata( $tag_name )
                 ) {
+                    $this->bytes_already_parsed = strlen( $this->html );
+                    return false;
+                } elseif (
+                    (
+                        'IFRAME' === $tag_name ||
+                        'NOEMBED' === $tag_name ||
+                        'NOFRAMES' === $tag_name ||
+                        'NOSCRIPT' === $tag_name ||
+                        'STYLE' === $tag_name
+                    ) &&
+                    ! $this->skip_rawtext( $tag_name )
+                ) {
+                    /*
+                     * "XMP" should be here too but its rules are more complicated and require the
+                     * complexity of the HTML Processor (it needs to close out any open P element,
+                     * meaning it can't be skipped here or else the HTML Processor will lose its
+                     * place). For now, it can be ignored as it's a rare HTML tag in practice and
+                     * any normative HTML should be using PRE instead.
+                     */
                     $this->bytes_already_parsed = strlen( $this->html );
                     return false;
@@ -711 +739 @@
     }
 
-
-    /**
-     * Skips contents of title and textarea tags.
+    /**
+     * Skips contents of generic rawtext elements.
+     *
+     * @since 6.3.2
+     *
+     * @see https://html.spec.whatwg.org/#generic-raw-text-element-parsing-algorithm
+     *
+     * @param string $tag_name The uppercase tag name which will close the RAWTEXT region.
+     * @return bool Whether an end to the RAWTEXT region was found before the end of the document.
+     */
+    private function skip_rawtext( $tag_name ) {
+        /*
+         * These two functions distinguish themselves on whether character references are
+         * decoded, and since functionality to read the inner markup isn't supported, it's
+         * not necessary to implement these two functions separately.
+         */
+        return $this->skip_rcdata( $tag_name );
+    }
+
+    /**
+     * Skips contents of RCDATA elements, namely title and textarea tags.
      *
      * @since 6.2.0
@@ -719 +765 @@
      * @see https://html.spec.whatwg.org/multipage/parsing.html#rcdata-state
      *
-     * @param string $tag_name The lowercase tag name which will close the RCDATA region.
+     * @param string $tag_name The uppercase tag name which will close the RCDATA region.
      * @return bool Whether an end to the RCDATA region was found before the end of the document.
      */

trunk/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php

@@ -1873 +1873 @@
 
     /**
+     * @ticket 59292
+     *
+     * @covers WP_HTML_Tag_Processor::next_tag
+     *
+     * @dataProvider data_next_tag_ignores_contents_of_rawtext_tags
+     *
+     * @param string $rawtext_element_then_target_node HTML starting with a RAWTEXT-specifying element such as STYLE,
+     *                                                 then an element afterward containing the "target" attribute.
+     */
+    public function test_next_tag_ignores_contents_of_rawtext_tags( $rawtext_element_then_target_node ) {
+        $processor = new WP_HTML_Tag_Processor( $rawtext_element_then_target_node );
+        $processor->next_tag();
+
+        $processor->next_tag();
+        $this->assertNotNull(
+            $processor->get_attribute( 'target' ),
+            "Expected to find element with target attribute but found {$processor->get_tag()} instead."
+        );
+    }
+
+    /**
+     * Data provider.
+     *
+     * @return array[].
+     */
+    public function data_next_tag_ignores_contents_of_rawtext_tags() {
+        return array(
+            'IFRAME'           => array( '<iframe><section>Inside</section></iframe><section target>' ),
+            'NOEMBED'          => array( '<noembed><p></p></noembed><div target>' ),
+            'NOFRAMES'         => array( '<noframes><p>Check the rules here.</p></noframes><div target>' ),
+            'NOSCRIPT'         => array( '<noscript><span>This assumes that scripting mode is enabled.</span></noscript><p target>' ),
+            'STYLE'            => array( '<style>* { margin: 0 }</style><div target>' ),
+            'STYLE hiding DIV' => array( '<style>li::before { content: "<div non-target>" }</style><div target>' ),
+        );
+    }
+
+    /**
      * Ensures that the invalid comment closing syntax "--!>" properly closes a comment.
      *