#48054 closed enhancement (fixed)
wp.sanitize.stripTags should iterate instead of using recursion
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 6.9 | Priority: | normal |
| Severity: | minor | Version: | 5.2.3 |
| Component: | General | Keywords: | has-patch has-test-info |
| Focuses: | javascript, performance | Cc: |
Description
The changes to wp-sanitize.js seemed wasteful and like it produced dead code in the final return.
When I got into it to fix the dead code, I also felt a way about the recursion, because stack and memory exhaustion are two other potential issues. So this way should *at most* be one function call and only duplicate memory instead of being O(n*memory).
https://github.com/WordPress/WordPress/commit/d9b128f50546a65c9cf0944ee61237e35ff269c0
This is probably a drive-by commit and for that I apologize. I hope it's more useful than not, but your mileage may vary. Thank you for making WordPress.
Attachments (1)
Change History (13)
#1
@
5 years ago
- Focuses javascript performance added
- Keywords needs-testing added
@jrchamp Thanks for the patch!
I simply moved those changes to the file that creates wp-includes/js/wp-sanitize.js.
#3
@
8 months ago
- Milestone changed from Awaiting Review to 6.9
- Owner set to flixos90
- Status changed from new to reviewing
Reviewing this as part of a bug scrub, it feels rather trivial to commit. Looks like nobody followed up here all the years, but it should be a small quick win to add.
This ticket was mentioned in PR #8980 on WordPress/wordpress-develop by @SirLouen.
8 months ago
#4
This is the refresh
Trac ticket: https://core.trac.wordpress.org/ticket/48054
#5
@
8 months ago
- Keywords has-test-info added; needs-testing removed
Test Report
Description
✅ This report validates that the indicated patch works as expected.
Patch tested: https://github.com/WordPress/wordpress-develop/pull/8980.diff
Environment
- WordPress: 6.9-alpha-60093-src
- PHP: 8.2.28
- Server: nginx/1.27.5
- Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.28)
- Browser: Chrome 137.0.0.0
- OS: Windows 10/11
- Theme: Twenty Twenty-Five 1.2
- MU Plugins: None activated
- Plugins:
- Test Reports 1.2.0
Testing Instructions
- Add the code provided in the artifacts to a plugin or functions.php or wherever it can be executed
- Remember to build JS files before and after testing
- Add the shortcode
[wp_sanitize_demo]to a post - Check if the results are identical before and after the patch.
Actual Results
- ✅ Patch works correctly, as expected
Additional Notes
I agree with @jrchamp, the recursion here seems completely unnecessary adds stack risks, also recursion is always more difficult to understand, and it's self-contained after all. I cannot see any advantages of using here the recursion version.
Anyway, I would have preferred here to see trouble in action, other than just a code refactor suggestion as code refactors are not generally well seen (and only up to be taken by certain committers that seem to be happy that day).
Supplemental Artifacts
Some code aimed for testers to test that works after and before:
add_shortcode( 'wp_sanitize_demo', 'wp_sanitize_demo_shortcode' );
function wp_sanitize_demo_shortcode() {
wp_enqueue_script( 'wp-sanitize' );
$html = '<div class="test"><script>alert("test");</script><p>This is a <b>test</b> with <i>HTML</i> tags</p> to be stripped</div>';
$output = '<div id="wp-sanitize-demo">';
$output .= '<h3>Original HTML:</h3>';
$output .= '<pre>' . esc_html($html) . '</pre>';
$output .= '<h3>Sanitized Result:</h3>';
$output .= '<div id="sanitized-result"></div>';
$output .= '<script>
document.addEventListener( "DOMContentLoaded", function() {
var original = ' . json_encode($html) . ';
var sanitized = wp.sanitize.stripTags(original);
document.getElementById("sanitized-result").textContent = sanitized;
});
</script>';
$output .= '</div>';
return $output;
}
@mukesh27 commented on PR #8980:
6 months ago
#6
@SirLouen I tested the shortcode you shared in the testing instructions https://core.trac.wordpress.org/ticket/48054#comment:5, but I didn’t notice any change in the HTML output.
Could you please share a bit more detail about what should change, or provide a before/after screenshot if possible?
#7
@
6 months ago
@mukesh27, as far as I can remember, this was just a refactor. The test is basically that: everything still in place after and before the patch with a code that actually executes the section of code that is being changed.
#8
@
4 months ago
Test Report
Description
This report validates whether the indicated patch works as expected.
Patch tested: https://github.com/WordPress/wordpress-develop/pull/8980
Environment
- WordPress: 6.9-alpha-60093-src
- PHP: 8.2.29
- Server: nginx/1.29.1
- Database: mysqli (Server: 8.4.6 / Client: mysqlnd 8.2.29)
- Browser: Chrome 140.0.0.0
- OS: Linux
- Theme: Twenty Twenty-Five 1.2
- MU Plugins: None activated
- Plugins:
- Gutenberg 21.7.0
- Test Reports 1.2.0
Actual Results
- ✅ Issue resolved with patch, if we just expecting same result from trunk.
Additional Notes
- Patch was fetched and applied locally using:
git fetch upstream pull/8980/head:pr-8980 git checkout pr-8980
- Used test code from https://core.trac.wordpress.org/ticket/48054#comment:5
- No errors encountered during build or test execution.
Supplemental Artifacts
trunk as of this report: 
PR 8980: 
#9
@
4 months ago
- Owner changed from flixos90 to westonruter
- Status changed from reviewing to accepted
@westonruter commented on PR #8980:
4 months ago
#10
Could you please share a bit more detail about what should change, or provide a before/after screenshot if possible?
@mukeshpanchal27 There should not be any difference. It's purely a memory optimization and it prevents a possible stack overflow.
applying changes to /js/_enqueues/wp/sanitize.js