Sets the modifiable text for the matched token, if matched.
Description
Modifiable text is text content that may be read and changed without changing the HTML structure of the document around it. This includes the contents of #text nodes in the HTML as well as the inner contents of HTML comments, Processing Instructions, and others, even though these nodes aren’t part of a parsed DOM tree. They also contain the contents of SCRIPT and STYLE tags, of TEXTAREA tags, and of any other section in an HTML document which cannot contain HTML markup (DATA).
Not all modifiable text may be set by this method, and not all content may be set as modifiable text. In the case that this fails it will return false indicating as much. For instance, it will not allow inserting the string </script into a SCRIPT element, because the rules for escaping that safely are complicated. Similarly, it will not allow setting content into a comment which would prematurely terminate the comment.
Example:
// Add a preface to all STYLE contents.
while ( $processor->next_tag( 'STYLE' ) ) {
$style = $processor->get_modifiable_text();
$processor->set_modifiable_text( "// Made with love on the World Wide Web\n{$style}" );
}
// Replace smiley text with Emoji smilies.
while ( $processor->next_token() ) {
if ( '#text' !== $processor->get_token_name() ) {
continue;
}
$chunk = $processor->get_modifiable_text();
if ( ! str_contains( $chunk, ':)' ) ) {
continue;
}
$processor->set_modifiable_text( str_replace( ':)', '🙂', $chunk ) );
}This function handles all necessary HTML encoding. Provide normal, unescaped string values.
The HTML API will encode the strings appropriately so that the browser will interpret them as the intended value.
Example:
// Renders as “Eggs & Milk” in a browser, encoded as `<p>Eggs & Milk</p>`.
$processor->set_modifiable_text( 'Eggs & Milk' );
// Renders as “Eggs & Milk” in a browser, encoded as `<p>Eggs &amp; Milk</p>`.
$processor->set_modifiable_text( 'Eggs & Milk' );Parameters
$plaintext_contentstringrequired- New text content to represent in the matched token.
Source
public function set_modifiable_text( string $plaintext_content ): bool {
if ( self::STATE_TEXT_NODE === $this->parser_state ) {
$this->lexical_updates['modifiable text'] = new WP_HTML_Text_Replacement(
$this->text_starts_at,
$this->text_length,
strtr(
$plaintext_content,
array(
'<' => '<',
'>' => '>',
'&' => '&',
'"' => '"',
"'" => ''',
)
)
);
return true;
}
// Comment data is not encoded.
if (
self::STATE_COMMENT === $this->parser_state &&
self::COMMENT_AS_HTML_COMMENT === $this->comment_type
) {
// Check if the text could close the comment.
if ( 1 === preg_match( '/--!?>/', $plaintext_content ) ) {
return false;
}
$this->lexical_updates['modifiable text'] = new WP_HTML_Text_Replacement(
$this->text_starts_at,
$this->text_length,
$plaintext_content
);
return true;
}
if ( self::STATE_MATCHED_TAG !== $this->parser_state ) {
return false;
}
switch ( $this->get_tag() ) {
case 'SCRIPT':
/**
* This is over-protective, but ensures the update doesn't break
* the HTML structure of the SCRIPT element.
*
* More thorough analysis could track the HTML tokenizer states
* and to ensure that the SCRIPT element closes at the expected
* SCRIPT close tag as is done in ::skip_script_data().
*
* A SCRIPT element could be closed prematurely by contents
* like `</script>`. A SCRIPT element could be prevented from
* closing by contents like `<!--<script>`.
*
* The following strings are essential for dangerous content,
* although they are insufficient on their own. This trade-off
* prevents dangerous scripts from being sent to the browser.
* It is also unlikely to produce HTML that may confuse more
* basic HTML tooling.
*/
if (
false !== stripos( $plaintext_content, '</script' ) ||
false !== stripos( $plaintext_content, '<script' )
) {
return false;
}
$this->lexical_updates['modifiable text'] = new WP_HTML_Text_Replacement(
$this->text_starts_at,
$this->text_length,
$plaintext_content
);
return true;
case 'STYLE':
$plaintext_content = preg_replace_callback(
'~</(?P<TAG_NAME>style)~i',
static function ( $tag_match ) {
return "\\3c\\2f{$tag_match['TAG_NAME']}";
},
$plaintext_content
);
$this->lexical_updates['modifiable text'] = new WP_HTML_Text_Replacement(
$this->text_starts_at,
$this->text_length,
$plaintext_content
);
return true;
case 'TEXTAREA':
case 'TITLE':
$plaintext_content = preg_replace_callback(
"~</(?P<TAG_NAME>{$this->get_tag()})~i",
static function ( $tag_match ) {
return "</{$tag_match['TAG_NAME']}";
},
$plaintext_content
);
/*
* These don't _need_ to be escaped, but since they are decoded it's
* safe to leave them escaped and this can prevent other code from
* naively detecting tags within the contents.
*
* @todo It would be useful to prefix a multiline replacement text
* with a newline, but not necessary. This is for aesthetics.
*/
$this->lexical_updates['modifiable text'] = new WP_HTML_Text_Replacement(
$this->text_starts_at,
$this->text_length,
$plaintext_content
);
return true;
}
return false;
}
User Contributed Notes
You must log in before being able to contribute a note or feedback.