::set_modifiable_text() should only work on atomic elements in the HTML namespace

[jonsurrell]

::set_modifiable_text() includes special handling to allow setting the text of certain special "atomic" elements. These elements all have special parsing rules in the HTML standard.

The special handling should only apply to elements in the HTML namespace. The special handling only checks the tag names.

For example, this is correct:

<?php
$p = WP_HTML_Processor::create_fragment('<textarea></textarea>');
$p->next_tag();
echo "{$p->get_namespace()}:{$p->get_tag()}\n";
assert( $p->set_modifiable_text('hello') );
echo $p->get_updated_html();

Prints:

html:TEXTAREA
<textarea>hello</textarea>

The following attempts to set the text on svg:textarea. This should fail and return false:

<?php
$p = WP_HTML_Processor::create_fragment('<svg><textarea></textarea></svg>');
$p->next_tag();
$p->next_tag();
echo "{$p->get_namespace()}:{$p->get_tag()}\n";
assert( $p->set_modifiable_text('whoops!') ); // this assertion should fail!
echo $p->get_updated_html();

Instead, it adds the text to the beginning of the HTML:

svg:TEXTAREA
whoops!<svg><textarea></textarea></svg>

::get_modifiable_text() should behave similarly. It does not appear to have any issues although it does not explicitly check the HTML namespace.

Ensure the the HTML API does not attempt to set modifiable text on a foreign element tag. This could happen in foreign content when the tag name matches a special "atomic" HTML element, like SCRIPT or TEXTAREA.

::set_modifiable_text() includes special handling to allow setting the text of certain special "atomic" elements. These elements all have special parsing rules in the HTML standard.

The special handling should only apply to elements in the HTML namespace. The special handling only checks the tag names.

For example, this is correct:

$p = WP_HTML_Processor::create_fragment('<textarea></textarea>');
$p->next_tag();
echo "{$p->get_namespace()}:{$p->get_tag()}\n";
assert( $p->set_modifiable_text('hello') );
echo $p->get_updated_html();

Prints:

html:TEXTAREA
<textarea>hello</textarea>

The following attempts to set the text on svg:textarea. This should fail and return false:

$p = WP_HTML_Processor::create_fragment('<svg><textarea></textarea></svg>');
$p->next_tag();
$p->next_tag();
echo "{$p->get_namespace()}:{$p->get_tag()}\n";
assert( $p->set_modifiable_text('whoops!') ); // this assertion should fail!
echo $p->get_updated_html();

Instead, it adds the text to the beginning of the HTML:

svg:TEXTAREA
whoops!<svg><textarea></textarea></svg>

::get_modifiable_text() should behave similarly. It does not appear to have any issues although it does not explicitly check the HTML namespace.

Trac ticket: https://core.trac.wordpress.org/ticket/64751

## Use of AI Tools

I see my suggestions would also apply to r61754.

I see my suggestions would also apply to r61754.

I pushed dc65bb38960bf63a191f8e3a1d125c7ac66bbfe1 to update those test types in this PR.

[jonsurrell]

In 61796:

HTML API: Check tag namespace in ::set_modifiable_text().

The method should only apply to special "atomic" HTML tags like SCRIPT or TEXTAREA. ::set_modifiable_text() should not apply to tags with the same name in other namespaces.

Developed in ​https://github.com/WordPress/wordpress-develop/pull/11083.

Props jonsurrell, dmsnell, westonruter.
Fixes #64751.