From 2e080bf48d7d08635f2ba7ef38e73525b338806c Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Mon, 6 Oct 2025 23:46:30 +0000 Subject: [PATCH] General: Optimize `wp.sanitize.stripTags()` to improve memory usage. This updates the logic to use iteration instead of recursive calls, resulting in reduced memory usage and avoiding a possible stack overflow for large HTML documents. The JS code is also tidied up with improved JSDoc and utilizing `let` instead of `var`. Props jrchamp, sabernhardt, SirLouen, rollybueno, mukesh27, flixos90, westonruter. Fixes #48054. Built from https://develop.svn.wordpress.org/trunk@60907 git-svn-id: http://core.svn.wordpress.org/trunk@60243 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/js/wp-sanitize.js | 30 ++++++++++++++++-------------- wp-includes/js/wp-sanitize.min.js | 2 +- wp-includes/version.php | 2 +- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/wp-includes/js/wp-sanitize.js b/wp-includes/js/wp-sanitize.js index 13f9045024..4252d0a014 100644 --- a/wp-includes/js/wp-sanitize.js +++ b/wp-includes/js/wp-sanitize.js @@ -2,6 +2,8 @@ * @output wp-includes/js/wp-sanitize.js */ +/* eslint-env es6 */ + ( function () { window.wp = window.wp || {}; @@ -16,24 +18,24 @@ /** * Strip HTML tags. * - * @param {string} text Text to strip the HTML tags from. + * @param {string} text - Text to strip the HTML tags from. * - * @return Stripped text. + * @return {string} Stripped text. */ stripTags: function( text ) { - text = text || ''; + let _text = text || ''; - // Do the replacement. - var _text = text + // Do the search-replace until there is nothing to be replaced. + do { + // Keep pre-replace text for comparison. + text = _text; + + // Do the replacement. + _text = text .replace( /|$)/g, '' ) .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); - - // If the initial text is not equal to the modified text, - // do the search-replace again, until there is nothing to be replaced. - if ( _text !== text ) { - return wp.sanitize.stripTags( _text ); - } + } while ( _text !== text ); // Return the text with stripped tags. return _text; @@ -42,12 +44,12 @@ /** * Strip HTML tags and convert HTML entities. * - * @param {string} text Text to strip tags and convert HTML entities. + * @param {string} text - Text to strip tags and convert HTML entities. * - * @return Sanitized text. False on failure. + * @return {string} Sanitized text. */ stripTagsAndEncodeText: function( text ) { - var _text = wp.sanitize.stripTags( text ), + let _text = wp.sanitize.stripTags( text ), textarea = document.createElement( 'textarea' ); try { diff --git a/wp-includes/js/wp-sanitize.min.js b/wp-includes/js/wp-sanitize.min.js index 504d3386d3..1b8949699a 100644 --- a/wp-includes/js/wp-sanitize.min.js +++ b/wp-includes/js/wp-sanitize.min.js @@ -1,2 +1,2 @@ /*! This file is auto-generated */ -window.wp=window.wp||{},wp.sanitize={stripTags:function(t){var e=(t=t||"").replace(/|$)/g,"").replace(/<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/gi,"").replace(/<\/?[a-z][\s\S]*?(>|$)/gi,"");return e!==t?wp.sanitize.stripTags(e):e},stripTagsAndEncodeText:function(t){var t=wp.sanitize.stripTags(t),e=document.createElement("textarea");try{e.textContent=t,t=wp.sanitize.stripTags(e.value)}catch(t){}return t}}; \ No newline at end of file +window.wp=window.wp||{},wp.sanitize={stripTags:function(t){let e=t||"";for(;(e=(t=e).replace(/|$)/g,"").replace(/<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/gi,"").replace(/<\/?[a-z][\s\S]*?(>|$)/gi,""))!==t;);return e},stripTagsAndEncodeText:function(t){let e=wp.sanitize.stripTags(t),i=document.createElement("textarea");try{i.textContent=e,e=wp.sanitize.stripTags(i.value)}catch(t){}return e}}; \ No newline at end of file diff --git a/wp-includes/version.php b/wp-includes/version.php index 9644e229d0..5b1ef3722f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.9-alpha-60906'; +$wp_version = '6.9-alpha-60907'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.