[wp-trac] [WordPress Trac] #30986: Consider using an abstract syntax tree for wpautop

WordPress Trac noreply at wordpress.org
Tue Jan 13 05:10:47 UTC 2015

#30986: Consider using an abstract syntax tree for wpautop
 Reporter:  ericlewis    |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Formatting   |     Version:  0.71
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:

Comment (by dd32):

 I think this is an interesting approach to look into, the main issues I

 1. Speed; `wpautop()` is called on the front end, needs to be a decent
 1. Security; `DOMDocument` needs to have it's external entities loading
 disabled at a minimum, any unknown quirks in it's HTML parsing could
 bypass `kses` potentially  (I'm thinking worst-case scenario here)
 1. Availability; `DOMDocument` can be disabled in PHP, as can other XML
 parsing tools, and we've got conditionals on it's use elsewhere within
 core already I believe.

Ticket URL: <https://core.trac.wordpress.org/ticket/30986#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list