Flitterkill Posted July 26, 2016 Share Posted July 26, 2016 SNIP /* Clean HTML */ if ( $value and $this->htmlPurifier ) { $value = $this->htmlPurifier->purify( $value ); } /* BBCode, Profanity, etc. */ if ( $value ) { $value = $this->_parseContent( $value ); } /* Clean HTML */ if ( $value and $this->htmlPurifier ) { $value = $this->htmlPurifier->purify( $value ); } SNIP Am I missing something or is this just a mistake? Seems inefficient... 4.1.13.2 Link to comment Share on other sites More sharing options...
teraßyte Posted July 26, 2016 Share Posted July 26, 2016 Indeed, just taking a quick look at the code you posted this below would be more efficient: SNIP /* BBCode, Profanity, etc. */ if ( $value ) { $value = $this->_parseContent( $value ); /* Clean HTML */ if ( $value and $this->htmlPurifier ) { $value = $this->htmlPurifier->purify( $value ); } } SNIP But I have not looked at the whole class/method the code is from so there might be a reason. Or it's just a copy/paste mistake, they moved it after bbcode parsing and they forgot to delete the one before. Link to comment Share on other sites More sharing options...
Management Charles Posted July 26, 2016 Management Share Posted July 26, 2016 It's done a second time because BBCode is archaic and can introduce all sorts of possible issues. Link to comment Share on other sites More sharing options...
CodingJungle Posted August 3, 2016 Share Posted August 3, 2016 On 7/26/2016 at 0:17 PM, Charles said: It's done a second time because BBCode is archaic and can introduce all sorts of possible issues. wouldn't it make more sense (and be more efficient) to parse the BBCode first, then send it to the htmlpurifier? Link to comment Share on other sites More sharing options...
bfarber Posted October 3, 2016 Share Posted October 3, 2016 It's because we use DomDocument, so we have to have well formed HTML to start with. HTMLPurifier does this, so we parse once which removes "bad" stuff and ensures everything is well formed, then we loop through nodes using DomDocument to do whatever bbcode-style processing is needed, and then we run HTML Purifier one more time to be safe (since bbcode replacements could introduce something bad). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.