Changeset 59469 for trunk/src/wp-includes/html-api/class-wp-html-processor.php

Timestamp:

11/28/2024 02:25:51 PM (6 months ago)

Author:

Bernhard Reiter

Message:

HTML API: Make non-body fragment creation methods private.

The current implementation of create_fragment (and the underlying create_fragment_at_current_node) allows passing in a context that might result in a tree that cannot be represented by HTML. For example, a user might use <p> as context, and attempt to create a fragment that also consists of a paragraph element, <p>like this. This would result in a paragraph node nested inside another -- something that can never result from parsing HTML.

To prevent this, this changeset makes create_fragment_at_current_node private and limits create_fragment to only <body> as context, while a comprehensive solution to allow other contexts is being worked on.

Follow-up to [59444], [59467].
Props jonsurrell, dmsnell, bernhard-reiter.
Fixes #62584.

File:

• trunk/src/wp-includes/html-api/class-wp-html-processor.php (modified) (2 diffs)

trunk/src/wp-includes/html-api/class-wp-html-processor.php

@@ -280 +280 @@
      * impact the parse, such as with a SCRIPT tag and its `type` attribute.
      *
-     * Example:
-     *
-     *     // Usually, snippets of HTML ought to be processed in the default `<body>` context:
-     *     $processor = WP_HTML_Processor::create_fragment( '<p>Hi</p>' );
-     *
-     *     // Some fragments should be processed in the correct context like this SVG:
-     *     $processor = WP_HTML_Processor::create_fragment( '<rect width="10" height="10" />', '<svg>' );
-     *
-     *     // This fragment with TD tags should be processed in a TR context:
-     *     $processor = WP_HTML_Processor::create_fragment(
-     *         '<td>1<td>2<td>3',
-     *         '<table><tbody><tr>'
-     *     );
-     *
-     * In order to create a fragment processor at the correct location, the
-     * provided fragment will be processed as part of a full HTML document.
-     * The processor will search for the last opener tag in the document and
-     * create a fragment processor at that location. The document will be
-     * forced into "no-quirks" mode by including the HTML5 doctype.
-     *
-     * For advanced usage and precise control over the context element, use
-     * `WP_HTML_Processor::create_full_processor()` and
-     * `WP_HTML_Processor::create_fragment_at_current_node()`.
-     *
-     * UTF-8 is the only allowed encoding. If working with a document that
-     * isn't UTF-8, first convert the document to UTF-8, then pass in the
-     * converted HTML.
+     * ## Current HTML Support
+     *
+     *  - The only supported context is `<body>`, which is the default value.
+     *  - The only supported document encoding is `UTF-8`, which is the default value.
      *
      * @since 6.4.0
      * @since 6.6.0 Returns `static` instead of `self` so it can create subclass instances.
-     * @since 6.8.0 Can create fragments with any context element.
      *
      * @param string $html     Input HTML fragment to process.
-     * @param string $context  Context element for the fragment. Defaults to `<body>`.
+     * @param string $context  Context element for the fragment, must be default of `<body>`.
      * @param string $encoding Text encoding of the document; must be default of 'UTF-8'.
      * @return static|null The created processor if successful, otherwise null.
      */
     public static function create_fragment( $html, $context = '<body>', $encoding = 'UTF-8' ) {
+        if ( '<body>' !== $context || 'UTF-8' !== $encoding ) {
+            return null;
+        }
+
         $context_processor = static::create_full_parser( "<!DOCTYPE html>{$context}", $encoding );
         if ( null === $context_processor ) {
@@ -476 +456 @@
      * @return static|null The created processor if successful, otherwise null.
      */
-    public function create_fragment_at_current_node( string $html ) {
+    private function create_fragment_at_current_node( string $html ) {
         if ( $this->get_token_type() !== '#tag' || $this->is_tag_closer() ) {
             _doing_it_wrong(