[wp-trac] [WordPress Trac] #58921: wp_kses_allowed_html doesn't allow to add esi:include
WordPress Trac
noreply at wordpress.org
Mon Jul 31 02:46:10 UTC 2023
#58921: wp_kses_allowed_html doesn't allow to add esi:include
--------------------------------------+------------------------------
Reporter: alekv | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 3.5
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------------------
Comment (by alekv):
Replying to [comment:11 peterwilsoncc]:
> To that end, the discussion on this ticket can become:
> * support the specific prefix `esi:`
The latest PR does exactly that. It adds support for using the `esi:`
prefix specifically.
> As the linked [https://www.w3.org/TR/esi-lang/ w3 document] is a note
rather than a specification, it would be good to know how widely supported
ESI tags are supported?
The [https://wordpress.org/plugins/litespeed-cache/ LiteSpeed Cache]
WordPress plugin, with over 4mio active installs, fully supports ESI.
Other popular services that support ESI:
* [https://docs.oracle.com/cd/A97335_02/caching.102/a90372/esi.htm Oracle]
(who proposed ESI together with Akamai)
* [https://techdocs.akamai.com/property-mgr/docs/esi-edge-side-includes
Akamai] (who proposed ESI together with Oracle)
* [https://www.fastly.com/blog/using-esi-part-1-simple-edge-side-include
fastly]
* [https://devdocs.magento.com/guides/v2.3/config-guide/varnish/use-
varnish-esi.html Magento]
* [https://varnish-cache.org/docs/3.0/tutorial/esi.html Varnish Cache]
Not every service currently supports or wants to support ESI:
* [https://blog.cloudflare.com/making-edge-side-includes-esi-automatic-
and-e/ Cloudflare says that "old school CDNs" support ESI]. And they
(Cloudflare) promote their own no-code solution that achieves the same as
ESI.
* [https://www.keycdn.com/support/edge-side-includes KeyCDN] points out
that it requires too much technical know-how to implement ESI for the end
user and is not good for TTFB. So they will only implement ESI if it
becomes a W3C standard.
So, pretty large services support ESI. But it doesn't tell us much about
usage, and I couldn't find much about that. I only can deduct from what
experience I have in relation to the LiteSpeed Cache plugin.
Not all the websites activate ESI in LiteSpeed Cache, and it only makes
sense to use it for logged-in users. So this narrows it down to be mostly
useful to membership websites and e-commerce websites that offer to create
customer accounts. That's certainly not millions, but it could be tens of
thousands if not hundreds of thousands of websites that use ESI. And I
don't have any numbers of how many of the 50'000
[https://wordpress.org/plugins/woocommerce-google-adwords-conversion-
tracking-tag/ Pixel Manager for WooCommerce] users also use LiteSpeed
Cache with ESI enabled.
Out of own experience, we had only a few customers (of the Pixel Manager
for WooCommerce) to reach out to us regarding ESI support for LiteSpeed
Cache. However, those are the more technical users who cared about looking
into it more closely and asking. Since the Pixel Manager outputs PII for
logged-in users, its output must be excluded if ESI is enabled in
LiteSpeed Cache. For now, I implemented a way that disables the entire
caching (for logged-in users) if ESI is enabled to ensure that no PII is
cached. But we had complaints from our users about that because they'd
prefer to use ESI for what it's made for. We must assume that every
LiteSpeed Cache user who has enabled ESI also wants to profit from its
full benefit, which going back to the above numbers, is probably something
around tens of thousands up to hundreds of thousands of users.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58921#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list