[wp-trac] [WordPress Trac] #30986: Consider using an abstract syntax tree for wpautop
WordPress Trac
noreply at wordpress.org
Tue Jan 13 05:10:47 UTC 2015
#30986: Consider using an abstract syntax tree for wpautop
-------------------------+------------------------------
Reporter: ericlewis | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 0.71
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by dd32):
I think this is an interesting approach to look into, the main issues I
see:
1. Speed; `wpautop()` is called on the front end, needs to be a decent
speed
1. Security; `DOMDocument` needs to have it's external entities loading
disabled at a minimum, any unknown quirks in it's HTML parsing could
bypass `kses` potentially (I'm thinking worst-case scenario here)
1. Availability; `DOMDocument` can be disabled in PHP, as can other XML
parsing tools, and we've got conditionals on it's use elsewhere within
core already I believe.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30986#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list