WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
10/01/2025 12:57:19 PM (5 months ago)
Author:
jonsurrell
Message:

HTML API: Ensure non-string HTML input is safely handled.

Prevents an issue where passing null to HTML API constructors could result in runtime errors.

Developed in https://github.com/WordPress/wordpress-develop/pull/9545.

Props kraftbj, jonsurrell, westonruter.
Fixes #63854.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/html-api/class-wp-html-tag-processor.php

    r60706 r60887  
    835835     */
    836836    public function __construct( $html ) {
     837        if ( ! is_string( $html ) ) {
     838            _doing_it_wrong(
     839                __METHOD__,
     840                __( 'The HTML parameter must be a string.' ),
     841                '6.9.0'
     842            );
     843            $html = '';
     844        }
    837845        $this->html = $html;
    838846    }
Note: See TracChangeset for help on using the changeset viewer.