Skip to content

Add set_inner_html to WP_HTML_Processor#80

Draft
sirreal wants to merge 2 commits into
trunkfrom
set-inner-html-fable
Draft

Add set_inner_html to WP_HTML_Processor#80
sirreal wants to merge 2 commits into
trunkfrom
set-inner-html-fable

Conversation

@sirreal

@sirreal sirreal commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Implementation: the method validates by construction rather than by rule lists. It re-parses the current document to locate the inner span and records a signature for every stack event (operation, provenance, node, namespace, position, breadcrumbs) from the context element's close to EOF; then re-parses the spliced candidate, requiring that new content stays strictly inside the context element and that the post-close event stream is identical. Any escape — <a> popping the context A, </div> closing it, unclosed <b> re-wrapping later content, fostered table text — shows up as a stream mismatch and rejects with a clean false; the processor and document are untouched. On success it commits through the existing WP_HTML_Text_Replacement machinery, purges bookmarks into the replaced span, and stays paused on the opening tag so parsing continues into the new content.

Two divergences re-parsing can't see are rejected by a lexical pre-scan: <html>/<body> openers and SELECT contexts. WP still parses selects per the old spec. Content in or introducing a SELECT is limited to OPTION/OPTGROUP/HR/text/comments for now.

Verification: 55 PHPUnit tests (194 assertions) covering A-in-A, LI, </a> escape, tables, SVG, templates, bookmarks, seek interaction, and repeated calls; the full html-api group passes (1,547 tests) and PHPCS is clean. Separately, a scratchpad fuzz harness cross-checked every accepted replacement against Dom\HTMLDocument: 12,285 doc×content cases, 4,003 accepted, zero cases where the tree outside the context element changed.

Trac ticket:

Use of AI Tools


This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

Implementation: the method validates by construction rather than by rule
lists. It re-parses the current document to locate the inner span and
records a signature for every stack event (operation, provenance, node,
namespace, position, breadcrumbs) from the context element's close to
EOF; then re-parses the spliced candidate, requiring that new content
stays strictly inside the context element and that the post-close event
stream is identical. Any escape — <a> popping the context A, </div>
closing it, unclosed <b> re-wrapping later content, fostered table text
— shows up as a stream mismatch and rejects with a clean false; the
processor and document are untouched. On success it commits through the
existing WP_HTML_Text_Replacement machinery, purges bookmarks into the
replaced span, and stays paused on the opening tag so parsing continues
into the new content.

Two divergences re-parsing can't see are rejected by a lexical pre-scan:
<html>/<body> openers  and SELECT contexts. WP still parses selects per
the old spec. Content in or introducing a SELECT is limited to
OPTION/OPTGROUP/HR/text/comments for now.

Verification: 55 PHPUnit tests (194 assertions) covering
A-in-A, LI, </a> escape, tables, SVG, templates, bookmarks, seek
interaction, and repeated calls; the full html-api group passes (1,547
tests) and PHPCS is clean. Separately, a scratchpad fuzz harness
cross-checked every accepted replacement against Dom\HTMLDocument:
12,285 doc×content cases, 4,003 accepted, zero cases where the tree
outside the context element changed.
@sirreal

sirreal commented Jul 2, 2026

Copy link
Copy Markdown
Owner Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant