Add set_inner_html to WP_HTML_Processor#80
Draft
sirreal wants to merge 2 commits into
Draft
Conversation
Implementation: the method validates by construction rather than by rule lists. It re-parses the current document to locate the inner span and records a signature for every stack event (operation, provenance, node, namespace, position, breadcrumbs) from the context element's close to EOF; then re-parses the spliced candidate, requiring that new content stays strictly inside the context element and that the post-close event stream is identical. Any escape — <a> popping the context A, </div> closing it, unclosed <b> re-wrapping later content, fostered table text — shows up as a stream mismatch and rejects with a clean false; the processor and document are untouched. On success it commits through the existing WP_HTML_Text_Replacement machinery, purges bookmarks into the replaced span, and stays paused on the opening tag so parsing continues into the new content. Two divergences re-parsing can't see are rejected by a lexical pre-scan: <html>/<body> openers and SELECT contexts. WP still parses selects per the old spec. Content in or introducing a SELECT is limited to OPTION/OPTGROUP/HR/text/comments for now. Verification: 55 PHPUnit tests (194 assertions) covering A-in-A, LI, </a> escape, tables, SVG, templates, bookmarks, seek interaction, and repeated calls; the full html-api group passes (1,547 tests) and PHPCS is clean. Separately, a scratchpad fuzz harness cross-checked every accepted replacement against Dom\HTMLDocument: 12,285 doc×content cases, 4,003 accepted, zero cases where the tree outside the context element changed.
Owner
Author
|
This is interesting to consider: https://github.com/josepharhar/react/blob/main/packages/react-dom-bindings/src/client/validateDOMNesting.js |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implementation: the method validates by construction rather than by rule lists. It re-parses the current document to locate the inner span and records a signature for every stack event (operation, provenance, node, namespace, position, breadcrumbs) from the context element's close to EOF; then re-parses the spliced candidate, requiring that new content stays strictly inside the context element and that the post-close event stream is identical. Any escape —
<a>popping the contextA,</div>closing it, unclosed<b>re-wrapping later content, fostered table text — shows up as a stream mismatch and rejects with a clean false; the processor and document are untouched. On success it commits through the existingWP_HTML_Text_Replacementmachinery, purges bookmarks into the replaced span, and stays paused on the opening tag so parsing continues into the new content.Two divergences re-parsing can't see are rejected by a lexical pre-scan:
<html>/<body>openers and SELECT contexts. WP still parses selects per the old spec. Content in or introducing a SELECT is limited to OPTION/OPTGROUP/HR/text/comments for now.Verification: 55 PHPUnit tests (194 assertions) covering A-in-A, LI,
</a>escape, tables, SVG, templates, bookmarks, seek interaction, and repeated calls; the full html-api group passes (1,547 tests) and PHPCS is clean. Separately, a scratchpad fuzz harness cross-checked every accepted replacement against Dom\HTMLDocument: 12,285 doc×content cases, 4,003 accepted, zero cases where the tree outside the context element changed.Trac ticket:
Use of AI Tools
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.