WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
10/01/2025 12:57:19 PM (5 months ago)
Author:
jonsurrell
Message:

HTML API: Ensure non-string HTML input is safely handled.

Prevents an issue where passing null to HTML API constructors could result in runtime errors.

Developed in https://github.com/WordPress/wordpress-develop/pull/9545.

Props kraftbj, jonsurrell, westonruter.
Fixes #63854.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php

    r60649 r60887  
    7171            $this->assertFalse( $processor->has_self_closing_flag(), 'Found the self-closing tag when it was absent.' );
    7272        }
     73    }
     74
     75    /**
     76     * @ticket 63854
     77     *
     78     * @covers WP_HTML_Tag_Processor::__construct
     79     * @expectedIncorrectUsage WP_HTML_Tag_Processor::__construct
     80     */
     81    public function test_constructor_validates_html_parameter() {
     82        // Test that passing null triggers _doing_it_wrong and sets HTML to empty string.
     83        $processor = new WP_HTML_Tag_Processor( null );
     84
     85        // Verify that the HTML was set to an empty string.
     86        $this->assertSame( '', $processor->get_updated_html(), 'HTML should be set to empty string when null is passed' );
     87
     88        // Verify that next_token() works without errors (indicating the processor is in a valid state).
     89        $this->assertFalse( $processor->next_token(), 'next_token() should work without errors when HTML is empty string' );
    7390    }
    7491
Note: See TracChangeset for help on using the changeset viewer.