WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#17035 closed enhancement (fixed)

kses speed up

Reported by: duck_ Owned by:
Milestone: 3.2 Priority: normal
Severity: normal Version:
Component: Performance Keywords: has-patch
Focuses: Cc:

Description

The attached patch optimises some parts of kses by removing a regular expression and instances of error suppression. It gives the greatest benefit when processing large, mark-up rich content -- up to 1s over 1k runs.

The regex can be removed because it's aiming to grab the content between opening an closing HTML comment tags, but doesn't care if it's closed. So we can just check for the opening tag and then do the same str_replace to remove the opening/closing tags as well as any encapsulated ones.

The other part to explain is:

if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 )

It does look strange to return the element if it's not set in $allowed_html, but it is consistent with the current code. Other options could be to assume that we have always had non-whitelisted tags removed and not bother with the isset or move the isset to it's own check an return empty string.

It performs the same in all my tests (which I still need to make public). These are essentially checking everything from ha.ckers.org/xss.html as well as some more generic tests, especially to do with bad protocols.

Attachments (1)

kses.speedup.diff (3.9 KB) - added by duck_ 3 years ago.

Download all attachments as: .zip

Change History (3)

duck_3 years ago

comment:1 nacin3 years ago

!isset() or count() == 0 could probably become empty() for an additional boost.

comment:2 ryan3 years ago

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.