Opened 14 years ago
Closed 14 years ago
#17035 closed enhancement (fixed)
kses speed up
Reported by: | duck_ | Owned by: | |
---|---|---|---|
Milestone: | 3.2 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Performance | Keywords: | has-patch |
Focuses: | Cc: |
Description
The attached patch optimises some parts of kses by removing a regular expression and instances of error suppression. It gives the greatest benefit when processing large, mark-up rich content -- up to 1s over 1k runs.
The regex can be removed because it's aiming to grab the content between opening an closing HTML comment tags, but doesn't care if it's closed. So we can just check for the opening tag and then do the same str_replace to remove the opening/closing tags as well as any encapsulated ones.
The other part to explain is:
if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 )
It does look strange to return the element if it's not set in $allowed_html
, but it is consistent with the current code. Other options could be to assume that we have always had non-whitelisted tags removed and not bother with the isset
or move the isset
to it's own check an return empty string.
It performs the same in all my tests (which I still need to make public). These are essentially checking everything from ha.ckers.org/xss.html as well as some more generic tests, especially to do with bad protocols.
!isset() or count() == 0 could probably become empty() for an additional boost.