WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
10/01/2025 12:57:19 PM (5 months ago)
Author:
jonsurrell
Message:

HTML API: Ensure non-string HTML input is safely handled.

Prevents an issue where passing null to HTML API constructors could result in runtime errors.

Developed in https://github.com/WordPress/wordpress-develop/pull/9545.

Props kraftbj, jonsurrell, westonruter.
Fixes #63854.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/html-api/class-wp-html-processor.php

    r60647 r60887  
    298298        }
    299299
     300        if ( ! is_string( $html ) ) {
     301            _doing_it_wrong(
     302                __METHOD__,
     303                __( 'The HTML parameter must be a string.' ),
     304                '6.9.0'
     305            );
     306            return null;
     307        }
     308
    300309        $context_processor = static::create_full_parser( "<!DOCTYPE html>{$context}", $encoding );
    301310        if ( null === $context_processor ) {
     
    338347    public static function create_full_parser( $html, $known_definite_encoding = 'UTF-8' ) {
    339348        if ( 'UTF-8' !== $known_definite_encoding ) {
     349            return null;
     350        }
     351        if ( ! is_string( $html ) ) {
     352            _doing_it_wrong(
     353                __METHOD__,
     354                __( 'The HTML parameter must be a string.' ),
     355                '6.9.0'
     356            );
    340357            return null;
    341358        }
Note: See TracChangeset for help on using the changeset viewer.