WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
09/03/2024 07:48:57 PM (15 months ago)
Author:
dmsnell
Message:

HTML API: Ensure that NULL and whitespace-only CDATA sections don't forbid FRAMESET.

When CDATA sections (which can only occur inside SVG and MathML content) consist only of NULL bytes or whitespace characters they should not clear the "frameset ok" flag. Previously they have always been clearing this flag, but in this patch the logic is updated to detect these sequences properly.

Developed in https://github.com/WordPress/wordpress-develop/pull/7230
Discussed in https://core.trac.wordpress.org/ticket/61576

Follow-up to [58867].

Props dmsnell, jonsurrell.
See #61576.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/html-api/class-wp-html-processor.php

    r58970 r58977  
    844844        if ( self::PROCESS_NEXT_NODE === $node_to_process ) {
    845845            parent::next_token();
    846             if (
    847                 WP_HTML_Tag_Processor::STATE_TEXT_NODE === $this->parser_state ||
    848                 WP_HTML_Tag_Processor::STATE_CDATA_NODE === $this->parser_state
    849             ) {
     846            if ( WP_HTML_Tag_Processor::STATE_TEXT_NODE === $this->parser_state ) {
    850847                parent::subdivide_text_appropriately();
    851848            }
     
    43764373
    43774374        switch ( $op ) {
    4378             case '#cdata-section':
    43794375            case '#text':
    43804376                /*
     
    43904386                 */
    43914387                if ( parent::TEXT_IS_GENERIC === $this->text_node_classification ) {
     4388                    $this->state->frameset_ok = false;
     4389                }
     4390
     4391                $this->insert_foreign_element( $this->state->current_token, false );
     4392                return true;
     4393
     4394            /*
     4395             * CDATA sections are alternate wrappers for text content and therefore
     4396             * ought to follow the same rules as text nodes.
     4397             */
     4398            case '#cdata-section':
     4399                /*
     4400                 * NULL bytes and whitespace do not change the frameset-ok flag.
     4401                 */
     4402                $current_token        = $this->bookmarks[ $this->state->current_token->bookmark_name ];
     4403                $cdata_content_start  = $current_token->start + 9;
     4404                $cdata_content_length = $current_token->length - 12;
     4405                if ( strspn( $this->html, "\0 \t\n\f\r", $cdata_content_start, $cdata_content_length ) !== $cdata_content_length ) {
    43924406                    $this->state->frameset_ok = false;
    43934407                }
Note: See TracChangeset for help on using the changeset viewer.