From dfd259cb1356e2124b1f4fa126b52b68b39f21fd Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 23 Dec 2025 20:11:08 +0100 Subject: [PATCH 01/53] First sketching on templates --- .../html-api/class-wp-html-template.php | 63 ++++++++ src/wp-settings.php | 1 + .../phpunit/tests/html-api/wpHtmlTemplate.php | 146 ++++++++++++++++++ 3 files changed, 210 insertions(+) create mode 100644 src/wp-includes/html-api/class-wp-html-template.php create mode 100644 tests/phpunit/tests/html-api/wpHtmlTemplate.php diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php new file mode 100644 index 0000000000000..5cd17a19d4a20 --- /dev/null +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -0,0 +1,63 @@ +template_string = $template_string; + } + + /** + * @todo remove type hint from argument. + * @todo obviously bad name… + */ + public static function sprintf( string $template_string, array $replacements = array() ): string { + return self::from( $template_string )->render( $replacements ); + } + + /** + * @todo remove type hint from argument. + */ + public static function from( string $template_string ): static { + if ( ! is_string( $template_string ) ) { + _doing_it_wrong( + __METHOD__, + __( 'The template string must be a string.' ), + '7.0.0' + ); + $template_string = ''; + } + + return new static( $template_string ); + } + + /** + * @todo remove type hint from argument. + */ + public function render( array $replacements ): string { + if ( ! is_array( $replacements ) ) { + _doing_it_wrong( + __METHOD__, + __( 'The replacements must be an array.' ), + '7.0.0' + ); + $replacements = array(); + } + + return WP_HTML_Processor::normalize( $this->template_string ); + } +} diff --git a/src/wp-settings.php b/src/wp-settings.php index 60c220100f539..b80167116f541 100644 --- a/src/wp-settings.php +++ b/src/wp-settings.php @@ -276,6 +276,7 @@ require ABSPATH . WPINC . '/html-api/class-wp-html-stack-event.php'; require ABSPATH . WPINC . '/html-api/class-wp-html-processor-state.php'; require ABSPATH . WPINC . '/html-api/class-wp-html-processor.php'; +require ABSPATH . WPINC . '/html-api/class-wp-html-template.php'; require ABSPATH . WPINC . '/class-wp-block-processor.php'; require ABSPATH . WPINC . '/class-wp-http.php'; require ABSPATH . WPINC . '/class-wp-http-streams.php'; diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php new file mode 100644 index 0000000000000..c65eb13f0c803 --- /dev/null +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -0,0 +1,146 @@ +Hello, !

' ); + $result = $t->render( array( 'name' => 'World' ) ); + $this->assertSame( $result, T::sprintf( '

Hello, !

', array( 'name' => 'World' ) ) ); + + $expected = + <<<'HTML' +

Hello, World!

+ HTML; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_2() { + $template_string = '

Hello, !

'; + $replacements = array( 'placeholder' => 'Alice & Bob' ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = + <<<'HTML' +

Hello, Alice & Bob!

+ HTML; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_3() { + $template_string = '

Hello, , , , & !

'; + $replacements = array( 'Alice', 'Bob' ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = + <<<'HTML' +

Hello, Alice, Alice, Bob, & Bob!

+ HTML; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_4() { + $template_string = '

Hello, '; + $replacements = array( 'html' => T::from( 'Alice & Bob' ) ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = + <<<'HTML' +

Hello, Alice & Bob

+ HTML; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_attr() { + $template_string = ''; + $replacements = array( + 'n' => 'the name', + 'c' => 'the "content" & whatever else', + ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = + <<<'HTML' + + HTML; + $this->assertEqualHTML( $expected, $result ); + } + + /** + * @expectedIncorrectUsage WP_HTML_Template::render + */ + public function test_attr_rejects_html() { + $template_string = ''; + $replacements = array( + 'html' => T::from( 'This is not allowed!') , + ); + $this->assertFalse( T::sprintf( $template_string, $replacements ) ); + } + + /** + * @dataProvider data_template + * + * @ticket 60229 + * @covers ::from + * @covers ::render + */ + public function xtest_template( string $template_string, array $replacements, string $expected ) { + $result = WP_HTML_Template::sprintf( $template_string, $replacements ); + $this->assertEqualHTML( $expected, $result ); + } + + public static function data_template() { + return array( + 'Basic template' => array( + '

Hi!

', + array(), + '

Hi!

', + ), + + 'HTML text replacement (basic)' => array( + '

Hello, !

', + array( 'name' => 'World!' ), + '

Hello, World!

', + ), + + 'HTML text replacement (escaped)' => array( + '

Hello, !

', + array( 'name' => '' ), + '

Hello, <little-bobby-tags>

', + ), + + 'HTML replacement with template' => array( + '

Hello, !

', + array( + 'name' => WP_HTML_Template::from( 'World' ) + ), + '

Hello, World!

', + ), + ); + } +} From 3d85433ca225f12b1ef5afd8b40d050024c08c02 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Mon, 2 Feb 2026 16:10:11 +0100 Subject: [PATCH 02/53] DROPME: Collect examples --- templating-examples.php | 205 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 templating-examples.php diff --git a/templating-examples.php b/templating-examples.php new file mode 100644 index 0000000000000..2c9e4e80b83f3 --- /dev/null +++ b/templating-examples.php @@ -0,0 +1,205 @@ +Error: This is not a valid feed template.' ), '', array( 'response' => 404 ) ); + +// src/wp-includes/functions.php:1844-1845 +// Link with placeholder inside translation +$wpdb->error = sprintf( + /* translators: %s: Database repair URL. */ + __( 'One or more database tables are unavailable. The database may need to be repaired.' ), + 'maint/repair.php?referrer=is_blog_installed' +); + +// src/wp-admin/edit-form-advanced.php:185 +// HTML wrapper injected as sprintf parameter +$messages['post'][9] = sprintf( __( 'Post scheduled for: %s.' ), '' . $scheduled_date . '' ) . $scheduled_post_link_html; + +// src/wp-admin/revision.php:145-147 +// Multiple strong tags for emphasis in help text +$revisions_overview .= '
  • ' . __( 'To navigate between revisions, drag the slider handle left or right or use the Previous or Next buttons.' ) . '
    • '; +$revisions_overview .= '
  • ' . __( 'Compare two different revisions by selecting the “Compare any two revisions” box to the side.' ) . '
    • '; +$revisions_overview .= '
  • ' . __( 'To restore a revision, click Restore This Revision.' ) . '
'; + +// src/wp-includes/theme.php:978-979 +// Context translation (_x) with HTML error prefix +return new WP_Error( + 'theme_wp_php_incompatible', + sprintf( + /* translators: %s: Theme name. */ + _x( 'Error: Current WordPress and PHP versions do not meet minimum requirements for %s.', 'theme' ), + $theme->display( 'Name' ) + ) +); + +// src/wp-includes/widgets/class-wp-widget-text.php:542 +// Complex: _e() with embedded link and HTML entities +_e( 'Did you know there is a “Custom HTML” widget now? You can find it by pressing the “Add a Widget” button and searching for “HTML”. Check it out to add some custom code to your site!' ); + +// src/wp-includes/blocks/comments-title.php:29 +// HTML entities (curly quotes) in translation +$post_title = sprintf( __( '“%s”' ), get_the_title() ); + +// src/wp-includes/blocks/latest-posts.php:164-166 +// Complex nested HTML with multiple escaped placeholders +$trimmed_excerpt .= sprintf( + /* translators: 1: A URL to a post, 2: Hidden accessibility text: Post title */ + __( '… Read more: %2$s' ), + esc_url( $post_link ), + esc_html( $title ) +); + +// src/wp-admin/includes/class-plugin-upgrader.php:60 +// HTML span wrapping another placeholder (double sprintf) +$this->strings['downloading_package'] = sprintf( __( 'Downloading update from %s…' ), '%s' ); + +// src/wp-admin/includes/privacy-tools.php:404 +// Code tag wrapping technical reference +sprintf( __( 'The %s post meta must be an array.' ), '_export_data_grouped' ); + +// src/wp-admin/widgets.php:24 +// Full paragraph with embedded documentation link +wp_die( __( 'The theme you are currently using is not widget-aware, meaning that it has no sidebars that you are able to change. For information on making your theme widget-aware, please follow these instructions.' ) ); + +// src/wp-admin/revision.php:158 +// Link in translation without placeholders +$revisions_sidebar .= '

' . __( 'Revisions Management' ) . '

'; + + +/** + * ============================================================================= + * PATTERN 2: sprintf with manual escaping (non-translation) + * ============================================================================= + * + * These patterns require developers to choose the correct escape function + * for each context (esc_url, esc_attr, esc_html). + */ + +// src/wp-includes/blocks/post-title.php:41 +// Link with multiple escaped attributes +$rel = ! empty( $attributes['rel'] ) ? 'rel="' . esc_attr( $attributes['rel'] ) . '"' : ''; +$title = sprintf( + '%4$s', + esc_url( get_the_permalink( $block->context['postId'] ) ), + esc_attr( $attributes['linkTarget'] ), + $rel, // Note: $rel already has esc_attr inside + $title // Note: $title escaping unclear +); + +// src/wp-includes/blocks/avatar.php:68 +// Similar link pattern for avatar +$avatar_block = sprintf( + '%4$s', + esc_url( get_author_posts_url( $author_id ) ), + esc_attr( $attributes['linkTarget'] ), + $label, // aria-label attribute, already escaped + $avatar_block // Inner HTML +); + +// src/wp-includes/formatting.php:3476 +// Image tag with esc_url and esc_attr +return sprintf( + '%s', + esc_url( $src_url ), + esc_attr( $smiley ) +); + +// src/wp-includes/class-wp-styles.php:204-211 +// Link tag with nested sprintf for conditional attribute +$tag = sprintf( + "\n", + $rel, // Not escaped + esc_attr( $handle ), + $title ? sprintf( " title='%s'", esc_attr( $title ) ) : '', + $href, // Not escaped + esc_attr( $media ) +); + + +/** + * ============================================================================= + * PATTERN 3: Building aria-label attributes + * ============================================================================= + */ + +// src/wp-includes/blocks/avatar.php:65 +// Aria label with translation and escaping +$label = 'aria-label="' . esc_attr( sprintf( __( '(%s author archive, opens in a new tab)' ), $author_name ) ) . '"'; + + +/** + * ============================================================================= + * POTENTIAL TEMPLATING ALTERNATIVES + * ============================================================================= + * + * How these patterns could look with WP_HTML_Template. + */ + +/* + * OPTION A: Template wraps translation (structure in code, text translated) + * + * HTML structure stays in PHP code, only text content is translated. + */ + +// Instead of: __( 'Error: This is not a valid feed template.' ) +WP_HTML_Template::render( + ' ', + array( + 'label' => __( 'Error:' ), + 'message' => __( 'This is not a valid feed template.' ), + ) +); + +// Instead of: sprintf( __( 'Post scheduled for: %s.' ), '' . $date . '' ) +WP_HTML_Template::render( + __( 'Post scheduled for: %s.', 'template-placeholder' ), // Special handling? + // Or: + '', + array( + 'before' => __( 'Post scheduled for: ' ), + 'date' => $scheduled_date, + 'after' => '', + ) +); + +/* + * OPTION B: Translation contains template placeholders + * + * Translated string includes the syntax directly. + * This is closer to how WordPress translations work today. + */ + +// Instead of: sprintf( __( '... repaired.' ), $url ) +WP_HTML_Template::render( + __( 'One or more database tables are unavailable. The database may need to be repaired.' ), + array( 'url' => 'maint/repair.php?referrer=is_blog_installed' ) +); + +// Instead of: sprintf( __( '... href="%1$s" ... %2$s ...' ), esc_url($url), esc_html($title) ) +WP_HTML_Template::render( + __( '… Read more: ' ), + array( + 'url' => $post_link, // Auto-escaped as URL in href context + 'title' => $title, // Auto-escaped as text in text context + ) +); From b57bcd6d97413f9ec96a8e4fbd20535db3c370cf Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Mon, 2 Feb 2026 17:43:14 +0100 Subject: [PATCH 03/53] Introduce test suite based on existing examples --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 230 ++++++++++++++++++ 1 file changed, 230 insertions(+) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index c65eb13f0c803..e27c4ebb0ee2c 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -143,4 +143,234 @@ public static function data_template() { ), ); } + + /** + * Test real-world patterns from WordPress core. + * + * @dataProvider data_real_world_examples + * + * @ticket 60229 + * @covers ::sprintf + */ + public function test_real_world_examples( string $template_string, array $replacements, string $expected ) { + $result = WP_HTML_Template::sprintf( $template_string, $replacements ); + $this->assertEqualHTML( $expected, $result ); + } + + /** + * Data provider with real-world patterns from WordPress core. + * + * Each test case is based on actual code patterns found in WordPress core + * that could benefit from the WP_HTML_Template API. + * + * @return array[] + */ + public static function data_real_world_examples() { + return array( + /* + * Group 1: Simple sprintf patterns with manual escaping. + * + * These patterns currently require developers to manually choose + * the correct escape function (esc_url, esc_attr, esc_html). + */ + + // src/wp-includes/formatting.php:3476 - Smiley image + 'formatting.php:3476 - smiley image tag' => array( + '</%alt>', + array( + 'src' => 'https://example.com/smilies/:).png', + 'alt' => ':)', + ), + ':)', + ), + + // src/wp-includes/blocks/post-title.php:41 - Post title link + 'blocks/post-title.php:41 - post title link' => array( + '', + array( + 'url' => 'https://example.com/hello-world/', + 'target' => '_blank', + 'title' => 'Hello World', + ), + 'Hello World', + ), + + // Same pattern with escaping needed + 'blocks/post-title.php:41 - post title link with special chars' => array( + '', + array( + 'url' => 'https://example.com/hello-world/?foo=1&bar=2', + 'target' => '_blank', + 'title' => 'Hello & "Friends"', + ), + 'Hello <World> & "Friends"', + ), + + /* + * Group 2: Translation patterns with embedded HTML. + * + * These patterns have HTML directly in translatable strings. + */ + + // src/wp-includes/functions.php:1620 - Error message (static, no placeholders) + 'functions.php:1620 - static error message' => array( + 'Error: This is not a valid feed template.', + array(), + 'Error: This is not a valid feed template.', + ), + + // src/wp-includes/functions.php:1844-1845 - Database repair link + 'functions.php:1844 - database repair link' => array( + 'One or more database tables are unavailable. The database may need to be repaired.', + array( + 'url' => 'maint/repair.php?referrer=is_blog_installed', + ), + 'One or more database tables are unavailable. The database may need to be repaired.', + ), + + // src/wp-admin/edit-form-advanced.php:185 - Scheduled post date + 'edit-form-advanced.php:185 - scheduled post date' => array( + 'Post scheduled for: .', + array( + 'date' => 'March 15, 2025 at 10:30 am', + ), + 'Post scheduled for: March 15, 2025 at 10:30 am.', + ), + + // src/wp-includes/blocks/latest-posts.php:164-166 - Read more link with nested elements + 'blocks/latest-posts.php:164 - read more link with screen reader text' => array( + '… Read more: ', + array( + 'url' => 'https://example.com/my-post/', + 'title' => 'My Amazing Post', + ), + '… Read more: My Amazing Post', + ), + + // Same pattern with escaping needed + 'blocks/latest-posts.php:164 - read more with XSS attempt' => array( + '… Read more: ', + array( + 'url' => 'javascript:alert("xss")', + 'title' => '', + ), + '… Read more: <script>alert("xss")</script>', + ), + + // src/wp-includes/theme.php:978-979 - Theme error with name + 'theme.php:978 - theme error message' => array( + 'Error: Current WordPress and PHP versions do not meet minimum requirements for .', + array( + 'theme_name' => 'Twenty Twenty-Five', + ), + 'Error: Current WordPress and PHP versions do not meet minimum requirements for Twenty Twenty-Five.', + ), + + // src/wp-admin/includes/privacy-tools.php:404 - Code tag in error + 'privacy-tools.php:404 - code in error message' => array( + 'The post meta must be an array.', + array( + 'meta_key' => '_export_data_grouped', + ), + 'The _export_data_grouped post meta must be an array.', + ), + + /* + * Group 3: Edge cases. + */ + + // Placeholder reuse (same placeholder multiple times) + 'placeholder reuse' => array( + ' ', + array( + 'id' => 'user_name', + ), + ' ', + ), + + // Numeric placeholders like sprintf + 'numeric placeholders' => array( + ' by ', + array( + 'https://example.com/post/', + 'Post Title', + 'https://example.com/author/', + 'Author Name', + ), + 'Post Title by Author Name', + ), + + // Nested template (pre-escaped HTML) + 'nested template for complex structure' => array( + '
', + array( + 'icon' => WP_HTML_Template::from( '' ), + 'message' => 'Something went wrong.', + ), + '
Something went wrong.
', + ), + + // Empty replacement + 'empty replacement value' => array( + '

Hello

', + array( + 'suffix' => '', + ), + '

Hello

', + ), + + // HTML entities in template (should be preserved) + 'HTML entities in template' => array( + '

', + array( + 'quote' => 'Hello World', + ), + '

“Hello World”

', + ), + + // Multiple attributes on same element + 'multiple attributes on element' => array( + '', + array( + 'type' => 'text', + 'name' => 'user_email', + 'value' => 'test@example.com', + 'placeholder' => 'Enter your email', + ), + '', + ), + + // Attribute value with quotes and special characters + 'attribute with quotes and ampersands' => array( + 'Link', + array( + 'url' => 'https://example.com/?a=1&b=2', + 'title' => 'Click "here" for Tom & Jerry', + ), + 'Link', + ), + + // Self-closing void element + 'self-closing meta tag' => array( + '', + array( + 'name' => 'description', + 'content' => 'A page about "cats" & dogs', + ), + '', + ), + + // src/wp-includes/blocks/avatar.php:68 - Complex link with aria-label + 'blocks/avatar.php:68 - avatar link' => array( + '', + array( + 'url' => 'https://example.com/author/johndoe/', + 'target' => '_blank', + 'aria_label' => '(John Doe author archive, opens in a new tab)', + 'inner' => WP_HTML_Template::from( 'John Doe' ), + ), + 'John Doe', + ), + ); + } } From ad1f12ee8ab7551ac9a5506e190b91b301fb4243 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Mon, 2 Feb 2026 17:58:28 +0100 Subject: [PATCH 04/53] yield + nowdoc --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 370 ++++++++++-------- 1 file changed, 202 insertions(+), 168 deletions(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index e27c4ebb0ee2c..91eb966bf2512 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -166,211 +166,245 @@ public function test_real_world_examples( string $template_string, array $replac * @return array[] */ public static function data_real_world_examples() { - return array( - /* - * Group 1: Simple sprintf patterns with manual escaping. - * - * These patterns currently require developers to manually choose - * the correct escape function (esc_url, esc_attr, esc_html). - */ - - // src/wp-includes/formatting.php:3476 - Smiley image - 'formatting.php:3476 - smiley image tag' => array( - '</%alt>', - array( - 'src' => 'https://example.com/smilies/:).png', - 'alt' => ':)', - ), - ':)', + /* + * Group 1: Simple sprintf patterns with manual escaping. + * + * These patterns currently require developers to manually choose + * the correct escape function (esc_url, esc_attr, esc_html). + */ + + // src/wp-includes/formatting.php:3476 - Smiley image + yield 'formatting.php:3476 - smiley image tag' => array( + <<<'HTML' + </%alt> + HTML, + array( + 'src' => 'https://example.com/smilies/:).png', + 'alt' => ':)', ), + <<<'HTML' + :) + HTML, + ); - // src/wp-includes/blocks/post-title.php:41 - Post title link - 'blocks/post-title.php:41 - post title link' => array( - '', - array( - 'url' => 'https://example.com/hello-world/', - 'target' => '_blank', - 'title' => 'Hello World', - ), - 'Hello World', + // src/wp-includes/blocks/post-title.php:41 - Post title link + yield 'blocks/post-title.php:41 - post title link' => array( + '', + array( + 'url' => 'https://example.com/hello-world/', + 'target' => '_blank', + 'title' => 'Hello World', ), + 'Hello World', + ); - // Same pattern with escaping needed - 'blocks/post-title.php:41 - post title link with special chars' => array( - '', - array( - 'url' => 'https://example.com/hello-world/?foo=1&bar=2', - 'target' => '_blank', - 'title' => 'Hello & "Friends"', - ), - 'Hello <World> & "Friends"', + // Same pattern with escaping needed + yield 'blocks/post-title.php:41 - post title link with special chars' => array( + '', + array( + 'url' => 'https://example.com/hello-world/?foo=1&bar=2', + 'target' => '_blank', + 'title' => <<<'TEXT' + Hello & "Friends" + TEXT, ), + <<<'HTML' + Hello <World> & "Friends" + HTML, + ); - /* - * Group 2: Translation patterns with embedded HTML. - * - * These patterns have HTML directly in translatable strings. - */ - - // src/wp-includes/functions.php:1620 - Error message (static, no placeholders) - 'functions.php:1620 - static error message' => array( - 'Error: This is not a valid feed template.', - array(), - 'Error: This is not a valid feed template.', - ), + /* + * Group 2: Translation patterns with embedded HTML. + * + * These patterns have HTML directly in translatable strings. + */ + + // src/wp-includes/functions.php:1620 - Error message (static, no placeholders) + yield 'functions.php:1620 - static error message' => array( + 'Error: This is not a valid feed template.', + array(), + 'Error: This is not a valid feed template.', + ); - // src/wp-includes/functions.php:1844-1845 - Database repair link - 'functions.php:1844 - database repair link' => array( - 'One or more database tables are unavailable. The database may need to be repaired.', - array( - 'url' => 'maint/repair.php?referrer=is_blog_installed', - ), - 'One or more database tables are unavailable. The database may need to be repaired.', + // src/wp-includes/functions.php:1844-1845 - Database repair link + yield 'functions.php:1844 - database repair link' => array( + <<<'HTML' + One or more database tables are unavailable. The database may need to be repaired. + HTML, + array( + 'url' => 'maint/repair.php?referrer=is_blog_installed', ), + <<<'HTML' + One or more database tables are unavailable. The database may need to be repaired. + HTML, + ); - // src/wp-admin/edit-form-advanced.php:185 - Scheduled post date - 'edit-form-advanced.php:185 - scheduled post date' => array( - 'Post scheduled for: .', - array( - 'date' => 'March 15, 2025 at 10:30 am', - ), - 'Post scheduled for: March 15, 2025 at 10:30 am.', + // src/wp-admin/edit-form-advanced.php:185 - Scheduled post date + yield 'edit-form-advanced.php:185 - scheduled post date' => array( + 'Post scheduled for: .', + array( + 'date' => 'March 15, 2025 at 10:30 am', ), + 'Post scheduled for: March 15, 2025 at 10:30 am.', + ); - // src/wp-includes/blocks/latest-posts.php:164-166 - Read more link with nested elements - 'blocks/latest-posts.php:164 - read more link with screen reader text' => array( - '… Read more: ', - array( - 'url' => 'https://example.com/my-post/', - 'title' => 'My Amazing Post', - ), - '… Read more: My Amazing Post', + // src/wp-includes/blocks/latest-posts.php:164-166 - Read more link with nested elements + yield 'blocks/latest-posts.php:164 - read more link with screen reader text' => array( + <<<'HTML' + … Read more: + HTML, + array( + 'url' => 'https://example.com/my-post/', + 'title' => 'My Amazing Post', ), + <<<'HTML' + … Read more: My Amazing Post + HTML, + ); - // Same pattern with escaping needed - 'blocks/latest-posts.php:164 - read more with XSS attempt' => array( - '… Read more: ', - array( - 'url' => 'javascript:alert("xss")', - 'title' => '', - ), - '… Read more: <script>alert("xss")</script>', + // Same pattern with escaping needed + yield 'blocks/latest-posts.php:164 - read more with XSS attempt' => array( + <<<'HTML' + … Read more: + HTML, + array( + 'url' => 'javascript:alert("xss")', + 'title' => '', ), + <<<'HTML' + … Read more: <script>alert("xss")</script> + HTML, + ); - // src/wp-includes/theme.php:978-979 - Theme error with name - 'theme.php:978 - theme error message' => array( - 'Error: Current WordPress and PHP versions do not meet minimum requirements for .', - array( - 'theme_name' => 'Twenty Twenty-Five', - ), - 'Error: Current WordPress and PHP versions do not meet minimum requirements for Twenty Twenty-Five.', + // src/wp-includes/theme.php:978-979 - Theme error with name + yield 'theme.php:978 - theme error message' => array( + <<<'HTML' + Error: Current WordPress and PHP versions do not meet minimum requirements for . + HTML, + array( + 'theme_name' => 'Twenty Twenty-Five', ), + <<<'HTML' + Error: Current WordPress and PHP versions do not meet minimum requirements for Twenty Twenty-Five. + HTML, + ); - // src/wp-admin/includes/privacy-tools.php:404 - Code tag in error - 'privacy-tools.php:404 - code in error message' => array( - 'The post meta must be an array.', - array( - 'meta_key' => '_export_data_grouped', - ), - 'The _export_data_grouped post meta must be an array.', + // src/wp-admin/includes/privacy-tools.php:404 - Code tag in error + yield 'privacy-tools.php:404 - code in error message' => array( + 'The post meta must be an array.', + array( + 'meta_key' => '_export_data_grouped', ), + 'The _export_data_grouped post meta must be an array.', + ); - /* - * Group 3: Edge cases. - */ + /* + * Group 3: Edge cases. + */ - // Placeholder reuse (same placeholder multiple times) - 'placeholder reuse' => array( - ' ', - array( - 'id' => 'user_name', - ), - ' ', + // Placeholder reuse (same placeholder multiple times) + yield 'placeholder reuse' => array( + ' ', + array( + 'id' => 'user_name', ), + ' ', + ); - // Numeric placeholders like sprintf - 'numeric placeholders' => array( - ' by ', - array( - 'https://example.com/post/', - 'Post Title', - 'https://example.com/author/', - 'Author Name', - ), - 'Post Title by Author Name', + // Numeric placeholders like sprintf + yield 'numeric placeholders' => array( + ' by ', + array( + 'https://example.com/post/', + 'Post Title', + 'https://example.com/author/', + 'Author Name', ), + 'Post Title by Author Name', + ); - // Nested template (pre-escaped HTML) - 'nested template for complex structure' => array( - '
', - array( - 'icon' => WP_HTML_Template::from( '' ), - 'message' => 'Something went wrong.', - ), - '
Something went wrong.
', + // Nested template (pre-escaped HTML) + yield 'nested template for complex structure' => array( + '
', + array( + 'icon' => WP_HTML_Template::from( '' ), + 'message' => 'Something went wrong.', ), + '
Something went wrong.
', + ); - // Empty replacement - 'empty replacement value' => array( - '

Hello

', - array( - 'suffix' => '', - ), - '

Hello

', + // Empty replacement + yield 'empty replacement value' => array( + '

Hello

', + array( + 'suffix' => '', ), + '

Hello

', + ); - // HTML entities in template (should be preserved) - 'HTML entities in template' => array( - '

', - array( - 'quote' => 'Hello World', - ), - '

“Hello World”

', + // HTML entities in template (should be preserved) + yield 'HTML entities in template' => array( + '

', + array( + 'quote' => 'Hello World', ), + '

“Hello World”

', + ); - // Multiple attributes on same element - 'multiple attributes on element' => array( - '', - array( - 'type' => 'text', - 'name' => 'user_email', - 'value' => 'test@example.com', - 'placeholder' => 'Enter your email', - ), - '', + // Multiple attributes on same element + yield 'multiple attributes on element' => array( + '', + array( + 'type' => 'text', + 'name' => 'user_email', + 'value' => 'test@example.com', + 'placeholder' => 'Enter your email', ), + '', + ); - // Attribute value with quotes and special characters - 'attribute with quotes and ampersands' => array( - 'Link', - array( - 'url' => 'https://example.com/?a=1&b=2', - 'title' => 'Click "here" for Tom & Jerry', - ), - 'Link', + // Attribute value with quotes and special characters + yield 'attribute with quotes and ampersands' => array( + 'Link', + array( + 'url' => 'https://example.com/?a=1&b=2', + 'title' => <<<'TEXT' + Click "here" for Tom & Jerry + TEXT, ), + <<<'HTML' + Link + HTML, + ); - // Self-closing void element - 'self-closing meta tag' => array( - '', - array( - 'name' => 'description', - 'content' => 'A page about "cats" & dogs', - ), - '', + // Self-closing void element + yield 'self-closing meta tag' => array( + '', + array( + 'name' => 'description', + 'content' => <<<'TEXT' + A page about "cats" & dogs + TEXT, ), + <<<'HTML' + + HTML, + ); - // src/wp-includes/blocks/avatar.php:68 - Complex link with aria-label - 'blocks/avatar.php:68 - avatar link' => array( - '', - array( - 'url' => 'https://example.com/author/johndoe/', - 'target' => '_blank', - 'aria_label' => '(John Doe author archive, opens in a new tab)', - 'inner' => WP_HTML_Template::from( 'John Doe' ), - ), - 'John Doe', + // src/wp-includes/blocks/avatar.php:68 - Complex link with aria-label + yield 'blocks/avatar.php:68 - avatar link' => array( + <<<'HTML' + + HTML, + array( + 'url' => 'https://example.com/author/johndoe/', + 'target' => '_blank', + 'aria_label' => '(John Doe author archive, opens in a new tab)', + 'inner' => WP_HTML_Template::from( 'John Doe' ), ), + <<<'HTML' + John Doe + HTML, ); } } From b37b72ca0c2cd4291e8e5c8fa590bd36e7fc8e01 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Mon, 2 Feb 2026 17:58:42 +0100 Subject: [PATCH 05/53] lints --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 91eb966bf2512..67fb2dc3ba419 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -17,7 +17,7 @@ class Tests_HtmlApi_WpHtmlTemplate extends WP_UnitTestCase { public function test_1() { - $t = T::from( '

Hello, !

' ); + $t = T::from( '

Hello, !

' ); $result = $t->render( array( 'name' => 'World' ) ); $this->assertSame( $result, T::sprintf( '

Hello, !

', array( 'name' => 'World' ) ) ); @@ -30,9 +30,9 @@ public function test_1() { public function test_2() { $template_string = '

Hello, !

'; - $replacements = array( 'placeholder' => 'Alice & Bob' ); + $replacements = array( 'placeholder' => 'Alice & Bob' ); - $t = T::from( $template_string ); + $t = T::from( $template_string ); $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); @@ -45,9 +45,9 @@ public function test_2() { public function test_3() { $template_string = '

Hello, , , , & !

'; - $replacements = array( 'Alice', 'Bob' ); + $replacements = array( 'Alice', 'Bob' ); - $t = T::from( $template_string ); + $t = T::from( $template_string ); $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); @@ -60,9 +60,9 @@ public function test_3() { public function test_4() { $template_string = '

Hello, '; - $replacements = array( 'html' => T::from( 'Alice & Bob' ) ); + $replacements = array( 'html' => T::from( 'Alice & Bob' ) ); - $t = T::from( $template_string ); + $t = T::from( $template_string ); $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); @@ -75,12 +75,12 @@ public function test_4() { public function test_attr() { $template_string = ''; - $replacements = array( + $replacements = array( 'n' => 'the name', 'c' => 'the "content" & whatever else', ); - $t = T::from( $template_string ); + $t = T::from( $template_string ); $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); @@ -96,8 +96,8 @@ public function test_attr() { */ public function test_attr_rejects_html() { $template_string = ''; - $replacements = array( - 'html' => T::from( 'This is not allowed!') , + $replacements = array( + 'html' => T::from( 'This is not allowed!' ), ); $this->assertFalse( T::sprintf( $template_string, $replacements ) ); } @@ -116,13 +116,13 @@ public function xtest_template( string $template_string, array $replacements, st public static function data_template() { return array( - 'Basic template' => array( + 'Basic template' => array( '

Hi!

', array(), '

Hi!

', ), - 'HTML text replacement (basic)' => array( + 'HTML text replacement (basic)' => array( '

Hello, !

', array( 'name' => 'World!' ), '

Hello, World!

', @@ -134,10 +134,10 @@ public static function data_template() { '

Hello, <little-bobby-tags>

', ), - 'HTML replacement with template' => array( + 'HTML replacement with template' => array( '

Hello, !

', array( - 'name' => WP_HTML_Template::from( 'World' ) + 'name' => WP_HTML_Template::from( 'World' ), ), '

Hello, World!

', ), From 883c87ef3e2189f86b4a7575a4d86fb37f02fad3 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Mon, 2 Feb 2026 18:50:50 +0100 Subject: [PATCH 06/53] test tweaks --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 67fb2dc3ba419..93454db93ae1c 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -86,7 +86,25 @@ public function test_attr() { $expected = <<<'HTML' - + + HTML; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_attribute_with_spaces() { + $template_string = ""; + $replacements = array( + 'n' => 'the name', + 'c' => 'the "content" & whatever else', + ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = + <<<'HTML' + HTML; $this->assertEqualHTML( $expected, $result ); } From 8fb6235704429c2231e3915fcecdc6b6d88236ee Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 3 Feb 2026 16:10:15 +0100 Subject: [PATCH 07/53] Fix numeric array indexes --- tests/phpunit/tests/html-api/wpHtmlTemplate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 93454db93ae1c..27855dec0dc48 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -44,7 +44,7 @@ public function test_2() { } public function test_3() { - $template_string = '

Hello, , , , & !

'; + $template_string = '

Hello, , , , & !

'; $replacements = array( 'Alice', 'Bob' ); $t = T::from( $template_string ); From d3370a2e297a2fe4efc4f77d33c7de4f9021d70c Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 3 Feb 2026 16:12:06 +0100 Subject: [PATCH 08/53] Add test for HTML that could produce a tag after modification --- tests/phpunit/tests/html-api/wpHtmlTemplate.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 27855dec0dc48..74e9e80226eae 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -73,6 +73,16 @@ public function test_4() { $this->assertEqualHTML( $expected, $result ); } + public function test_prevent_sneaky_tag_in_html() { + $template_string = 'a<>s'; + $replacements = array( 'tag-name' => 'i' ); + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + + $expected = 'a<i>s'; + $this->assertEqualHTML( $expected, $result ); + } + public function test_attr() { $template_string = ''; $replacements = array( From 379e7c493436cdc71a6faf8704c647245d1a2ee6 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 3 Feb 2026 16:15:57 +0100 Subject: [PATCH 09/53] Add test to prevent attribute mis-interpretation after replacement --- tests/phpunit/tests/html-api/wpHtmlTemplate.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 74e9e80226eae..f93c8062427b7 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -119,6 +119,20 @@ public function test_attribute_with_spaces() { $this->assertEqualHTML( $expected, $result ); } + public function test_attr_no_produce_character_reference() { + $template_string = ''; + $replacements = array( 'placeholder' => 'not' ); + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = + <<<'HTML' + + HTML; + $this->assertEqualHTML( $expected, $result ); + } + /** * @expectedIncorrectUsage WP_HTML_Template::render */ From 9e38ff9fa4549e25ebb91939b8999c52143e9ac0 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 3 Feb 2026 16:17:31 +0100 Subject: [PATCH 10/53] Move serialize_token to tag processor class (for normalization of text nodes) --- .../html-api/class-wp-html-processor.php | 126 ----------------- .../html-api/class-wp-html-tag-processor.php | 127 ++++++++++++++++++ 2 files changed, 127 insertions(+), 126 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-processor.php b/src/wp-includes/html-api/class-wp-html-processor.php index 55f955f2c1a9a..d363e8d27484e 100644 --- a/src/wp-includes/html-api/class-wp-html-processor.php +++ b/src/wp-includes/html-api/class-wp-html-processor.php @@ -1311,132 +1311,6 @@ public function serialize(): ?string { return $html; } - /** - * Serializes the currently-matched token. - * - * This method produces a fully-normative HTML string for the currently-matched token, - * if able. If not matched at any token or if the token doesn't correspond to any HTML - * it will return an empty string (for example, presumptuous end tags are ignored). - * - * @see static::serialize() - * - * @since 6.7.0 - * @since 6.9.0 Converted from protected to public method. - * - * @return string Serialization of token, or empty string if no serialization exists. - */ - public function serialize_token(): string { - $html = ''; - $token_type = $this->get_token_type(); - - switch ( $token_type ) { - case '#doctype': - $doctype = $this->get_doctype_info(); - if ( null === $doctype ) { - break; - } - - $html .= 'name ) { - $html .= " {$doctype->name}"; - } - - if ( null !== $doctype->public_identifier ) { - $quote = str_contains( $doctype->public_identifier, '"' ) ? "'" : '"'; - $html .= " PUBLIC {$quote}{$doctype->public_identifier}{$quote}"; - } - if ( null !== $doctype->system_identifier ) { - if ( null === $doctype->public_identifier ) { - $html .= ' SYSTEM'; - } - $quote = str_contains( $doctype->system_identifier, '"' ) ? "'" : '"'; - $html .= " {$quote}{$doctype->system_identifier}{$quote}"; - } - - $html .= '>'; - break; - - case '#text': - $html .= htmlspecialchars( $this->get_modifiable_text(), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' ); - break; - - // Unlike the `<>` which is interpreted as plaintext, this is ignored entirely. - case '#presumptuous-tag': - break; - - case '#funky-comment': - case '#comment': - $html .= ""; - break; - - case '#cdata-section': - $html .= "get_modifiable_text()}]]>"; - break; - } - - if ( '#tag' !== $token_type ) { - return $html; - } - - $tag_name = str_replace( "\x00", "\u{FFFD}", $this->get_tag() ); - $in_html = 'html' === $this->get_namespace(); - $qualified_name = $in_html ? strtolower( $tag_name ) : $this->get_qualified_tag_name(); - - if ( $this->is_tag_closer() ) { - $html .= ""; - return $html; - } - - $attribute_names = $this->get_attribute_names_with_prefix( '' ); - if ( ! isset( $attribute_names ) ) { - $html .= "<{$qualified_name}>"; - return $html; - } - - $html .= "<{$qualified_name}"; - foreach ( $attribute_names as $attribute_name ) { - $html .= " {$this->get_qualified_attribute_name( $attribute_name )}"; - $value = $this->get_attribute( $attribute_name ); - - if ( is_string( $value ) ) { - $html .= '="' . htmlspecialchars( $value, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5 ) . '"'; - } - - $html = str_replace( "\x00", "\u{FFFD}", $html ); - } - - if ( ! $in_html && $this->has_self_closing_flag() ) { - $html .= ' /'; - } - - $html .= '>'; - - // Flush out self-contained elements. - if ( $in_html && in_array( $tag_name, array( 'IFRAME', 'NOEMBED', 'NOFRAMES', 'SCRIPT', 'STYLE', 'TEXTAREA', 'TITLE', 'XMP' ), true ) ) { - $text = $this->get_modifiable_text(); - - switch ( $tag_name ) { - case 'IFRAME': - case 'NOEMBED': - case 'NOFRAMES': - $text = ''; - break; - - case 'SCRIPT': - case 'STYLE': - break; - - default: - $text = htmlspecialchars( $text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' ); - } - - $html .= "{$text}"; - } - - return $html; - } - /** * Parses next element in the 'initial' insertion mode. * diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php index 69e3e5d2c7557..7c7d986ac1d5c 100644 --- a/src/wp-includes/html-api/class-wp-html-tag-processor.php +++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php @@ -4766,6 +4766,133 @@ public function get_doctype_info(): ?WP_HTML_Doctype_Info { return WP_HTML_Doctype_Info::from_doctype_token( substr( $this->html, $this->token_starts_at, $this->token_length ) ); } + /** + * Serializes the currently-matched token. + * + * This method produces a fully-normative HTML string for the currently-matched token, + * if able. If not matched at any token or if the token doesn't correspond to any HTML + * it will return an empty string (for example, presumptuous end tags are ignored). + * + * @see static::serialize() + * + * @since 6.7.0 + * @since 6.9.0 Converted from protected to public method. + * + * @return string Serialization of token, or empty string if no serialization exists. + */ + public function serialize_token(): string { + $html = ''; + $token_type = $this->get_token_type(); + + switch ( $token_type ) { + case '#doctype': + $doctype = $this->get_doctype_info(); + if ( null === $doctype ) { + break; + } + + $html .= 'name ) { + $html .= " {$doctype->name}"; + } + + if ( null !== $doctype->public_identifier ) { + $quote = str_contains( $doctype->public_identifier, '"' ) ? "'" : '"'; + $html .= " PUBLIC {$quote}{$doctype->public_identifier}{$quote}"; + } + if ( null !== $doctype->system_identifier ) { + if ( null === $doctype->public_identifier ) { + $html .= ' SYSTEM'; + } + $quote = str_contains( $doctype->system_identifier, '"' ) ? "'" : '"'; + $html .= " {$quote}{$doctype->system_identifier}{$quote}"; + } + + $html .= '>'; + break; + + case '#text': + $html .= htmlspecialchars( $this->get_modifiable_text(), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' ); + break; + + // Unlike the `<>` which is interpreted as plaintext, this is ignored entirely. + case '#presumptuous-tag': + break; + + case '#funky-comment': + case '#comment': + $html .= ""; + break; + + case '#cdata-section': + $html .= "get_modifiable_text()}]]>"; + break; + } + + if ( '#tag' !== $token_type ) { + return $html; + } + + $tag_name = str_replace( "\x00", "\u{FFFD}", $this->get_tag() ); + $in_html = 'html' === $this->get_namespace(); + $qualified_name = $in_html ? strtolower( $tag_name ) : $this->get_qualified_tag_name(); + + if ( $this->is_tag_closer() ) { + $html .= ""; + return $html; + } + + $attribute_names = $this->get_attribute_names_with_prefix( '' ); + if ( ! isset( $attribute_names ) ) { + $html .= "<{$qualified_name}>"; + return $html; + } + + $html .= "<{$qualified_name}"; + foreach ( $attribute_names as $attribute_name ) { + $html .= " {$this->get_qualified_attribute_name( $attribute_name )}"; + $value = $this->get_attribute( $attribute_name ); + + if ( is_string( $value ) ) { + $html .= '="' . htmlspecialchars( $value, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5 ) . '"'; + } + + $html = str_replace( "\x00", "\u{FFFD}", $html ); + } + + if ( ! $in_html && $this->has_self_closing_flag() ) { + $html .= ' /'; + } + + $html .= '>'; + + // Flush out self-contained elements. + if ( $in_html && in_array( $tag_name, array( 'IFRAME', 'NOEMBED', 'NOFRAMES', 'SCRIPT', 'STYLE', 'TEXTAREA', 'TITLE', 'XMP' ), true ) ) { + $text = $this->get_modifiable_text(); + + switch ( $tag_name ) { + case 'IFRAME': + case 'NOEMBED': + case 'NOFRAMES': + $text = ''; + break; + + case 'SCRIPT': + case 'STYLE': + break; + + default: + $text = htmlspecialchars( $text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' ); + } + + $html .= "{$text}"; + } + + return $html; + } + + /** * Parser Ready State. * From 64835c436781a147bd328a1a76993b1ba71ab683 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 3 Feb 2026 17:50:42 +0100 Subject: [PATCH 11/53] Add attribute behavior testing --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index f93c8062427b7..75e853e95b9ff 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -83,6 +83,36 @@ public function test_prevent_sneaky_tag_in_html() { $this->assertEqualHTML( $expected, $result ); } + public function test_attr_repeat() { + $template_string = ''; + $replacements = array( + 'replace' => 'O', + 'replace-2' => 'K', + 'no-replace' => 'FAIL', + ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = ''; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_attr_no_recursive_replacement() { + $template_string = ''; + $replacements = array( + 'replace' => '<%/replace>', + ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = ''; + $this->assertEqualHTML( $expected, $result ); + } + public function test_attr() { $template_string = ''; $replacements = array( From 3fb0c0f4d96056769f28d23bb6d30198bd2c4897 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Tue, 3 Feb 2026 18:14:54 +0100 Subject: [PATCH 12/53] working proof-of-concept --- .../html-api/class-wp-html-tag-processor.php | 2 +- .../html-api/class-wp-html-template.php | 246 ++++++++++++++++-- .../phpunit/tests/html-api/wpHtmlTemplate.php | 16 +- 3 files changed, 243 insertions(+), 21 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php index 7c7d986ac1d5c..4a675acdf8d3f 100644 --- a/src/wp-includes/html-api/class-wp-html-tag-processor.php +++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php @@ -708,7 +708,7 @@ class WP_HTML_Tag_Processor { * @since 6.2.0 * @var WP_HTML_Attribute_Token[] */ - private $attributes = array(); + protected $attributes = array(); /** * Tracks spans of duplicate attributes on a given tag, used for removing diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 5cd17a19d4a20..4c286d2b7244c 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -7,7 +7,7 @@ * @since 7.0.0 */ -class WP_HTML_Template { +class WP_HTML_Template extends WP_HTML_Tag_Processor { /** * The template string. * @@ -17,22 +17,31 @@ class WP_HTML_Template { */ private string $template_string; - private function __construct( string $template_string ) { + private array $replacements = array(); + + private function __construct( string $template_string, array $replacements ) { $this->template_string = $template_string; + $this->replacements = $replacements; } /** - * @todo remove type hint from argument. - * @todo obviously bad name… + * Render a template string with the given replacements. + * + * @since 7.0.0 + * + * @param string $template_string The template string with placeholders. + * @param array $replacements The replacement values. + * @return string|false The rendered HTML, or false on error. */ - public static function sprintf( string $template_string, array $replacements = array() ): string { - return self::from( $template_string )->render( $replacements ); + public static function sprintf( string $template_string, array $replacements = array() ) { + return self::from( $template_string, $replacements )->render(); } /** - * @todo remove type hint from argument. + * @param string $template_string The template string with placeholders. + * @param array $replacements The replacement values. */ - public static function from( string $template_string ): static { + public static function from( string $template_string, array $replacements = array() ): static { if ( ! is_string( $template_string ) ) { _doing_it_wrong( __METHOD__, @@ -41,23 +50,230 @@ public static function from( string $template_string ): static { ); $template_string = ''; } - - return new static( $template_string ); + return new static( $template_string, $replacements ); } /** - * @todo remove type hint from argument. + * Render the template with the given replacements. + * + * @since 7.0.0 + * + * @param array $replacements Optional. The replacement values. They may be provided at template creation time. + * @return string|false The rendered HTML, or false on error. */ - public function render( array $replacements ): string { - if ( ! is_array( $replacements ) ) { + public function render( ?array $replacements = null ) { + if ( \is_array( $replacements ) ) { + $this->replacements = $replacements; + } elseif ( null !== $replacements ) { _doing_it_wrong( __METHOD__, __( 'The replacements must be an array.' ), '7.0.0' ); - $replacements = array(); } - return WP_HTML_Processor::normalize( $this->template_string ); + if ( empty( $this->replacements ) ) { + return WP_HTML_Processor::normalize( $this->template_string ) ?? $this->template_string; + } + + + $processor = new WP_HTML_Tag_Processor( $this->template_string ); + $error_occurred = false; + + while ( $processor->next_token() ) { + switch ( $processor->get_token_type() ) { + /* + * It's important that #text be normalized to prevent something like + * `i<u` from becoming `iu` after replacement and altering HTML. + */ + case '#text': + $processor->set_bookmark( 'text' ); + $mark = $processor->bookmarks['text'] ?? null; + assert( null !== $mark ); + $normalized = $processor->serialize_token(); + if ( 0 !== substr_compare( $processor->html, $normalized, $mark->start, min( $mark->length, strlen( $normalized ) ) ) ) { + $processor->lexical_updates[] = new WP_HTML_Text_Replacement( + $mark->start, + $mark->length, + $normalized + ); + } + break; + + case '#funky-comment': + // Does it look like a placeholder? + $processor->set_bookmark( 'placeholder' ); + $mark = $processor->bookmarks['placeholder'] ?? null; + assert( null !== $mark ); + // A funky comment looks at least like + $start = $mark->start; + $length = $mark->length; + // This is not the funky comment we're looking for. + if ( $length < 5 || ! $processor->html[ $start + 2 ] === '%' ) { + break; + } + $placeholder = trim( \substr( $processor->html, $start + 3, $length - 4 ), " \t\n\r\f" ); + // var_dump( substr( $processor->html, $start, $length ), $start, $length, $placeholder ); + + // Valid placeholders match `/a-z0-9_-/i`. + if ( \strlen( $placeholder ) !== \strspn( $placeholder, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-') ) { + break; + } + + $replacement = $this->get_replacement( $placeholder ); + if ( is_string( $replacement ) ) { + $processor->lexical_updates[] = new WP_HTML_Text_Replacement( + $start, + $length, + strtr( + $replacement, + array( + '<' => '<', + '>' => '>', + "'" => ''', + '"' => '"', + '&' => '&', + ) + ) + ); + } + if ( $replacement instanceof WP_HTML_Template ) { + $processor->lexical_updates[] = new WP_HTML_Text_Replacement( + $start, + $length, + $replacement->render() + ); + } + break; + + case '#tag': + if ( $processor->is_tag_closer() ) { + break; + } + + foreach ( $processor->attributes as $attribute ) { + // Boolean attributes cannot contain placeholders. + if ( $attribute->is_true ) { + continue; + } + // At least `` to contain a placeholder. + if ( $attribute->value_length < 5 ) { + continue; + } + + $last_offset = $attribute->value_starts_at; + $offset = $attribute->value_starts_at; + $end = $offset + $attribute->value_length; + /** + * @todo preg_match does not accept length, so this will happily search + * beyond the attribute value. + */ + while( + 1 === preg_match( + '##i', + $processor->html, + $matches, + PREG_OFFSET_CAPTURE, + $offset + ) + && $matches[0][1] < $end + ) { + $replacement = $this->get_replacement( $matches[1][0] ); + if ( is_string( $replacement ) ) { + $match_at = $matches[0][1]; + $match_length = strlen( $matches[0][0] ); + + // Capture and clean the preceding attribute text. + $processor->lexical_updates[] = new WP_HTML_Text_Replacement( + $last_offset, + $match_at - $last_offset, + strtr( + substr( $processor->html, $last_offset, $match_at - $last_offset ), + array( + '<' => '<', + '>' => '>', + "'" => ''', + '"' => '"', + '&' => '&', + ) + ) + ); + + $processor->lexical_updates[] = new WP_HTML_Text_Replacement( + $match_at, + strlen( $matches[0][0] ), + strtr( + $replacement, + array( + '<' => '<', + '>' => '>', + "'" => ''', + '"' => '"', + '&' => '&', + ) + ) + ); + $last_offset = $match_at + $match_length; + } elseif ( $replacement instanceof self ) { + _doing_it_wrong( + __METHOD__, + // @todo improve this message, include the placeholder in the string. + __( 'Attribute values cannot contain HTML. Use a plain string.' ), + '7.0.0' + ); + return false; + } + + $offset = $matches[0][1] + strlen( $matches[0][0] ); + } + } + } + } + + $html = $processor->get_updated_html(); + + return WP_HTML_Processor::normalize( $html ) ?? $html; + } + + private function preg_attribute_replace_callback( $matches ) { + $key = $matches[1]; + + $replacement = $this->get_replacement( $key ); + + // Keep placeholder if no replacement found. + if ( null === $replacement ) { + return $matches[0]; + } + + // HTML cannot be embedded in attribute values. + if ( $replacement instanceof self ) { + _doing_it_wrong( + __METHOD__, + // @todo improve this message, include the placeholder in the string. + __( 'Attribute values cannot contain HTML. Use a plain string.' ), + '7.0.0' + ); + return ''; + } + + return $replacement; + } + + /** + * Get the replacement value for a placeholder key. + * + * Handles both named keys (like 'name') and numeric keys (like 0). + * + * @since 7.0.0 + * + * @param string $key The placeholder key. + * @return mixed|null The replacement value, or null if not found. + */ + private function get_replacement( string $key ): self|string|null { + $replacement = $this->replacements[ $key ] ?? null; + if ( \is_string( $replacement ) || ( $replacement instanceof WP_HTML_Template ) ) { + return $replacement; + } + return null; } } diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 75e853e95b9ff..9ec70f5703d0a 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -272,16 +272,22 @@ public static function data_real_world_examples() { // Same pattern with escaping needed yield 'blocks/post-title.php:41 - post title link with special chars' => array( - '', + "\n\n", array( 'url' => 'https://example.com/hello-world/?foo=1&bar=2', 'target' => '_blank', - 'title' => <<<'TEXT' - Hello & "Friends" - TEXT, + 'title' => WP_HTML_Template::from( + '\'\' & ""', + array( + 'italic' => 'This', + 'bold' => 'That', + ) + ), ), <<<'HTML' - Hello <World> & "Friends" + + 'This' & "That" + HTML, ); From 3ad02bd7562c9d919da48e18ffaa6ddc56c5785c Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 13:16:56 +0100 Subject: [PATCH 13/53] class cleanup and lints --- .../html-api/class-wp-html-template.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 4c286d2b7244c..d2d5f701b868d 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -21,7 +21,7 @@ class WP_HTML_Template extends WP_HTML_Tag_Processor { private function __construct( string $template_string, array $replacements ) { $this->template_string = $template_string; - $this->replacements = $replacements; + $this->replacements = $replacements; } /** @@ -34,7 +34,7 @@ private function __construct( string $template_string, array $replacements ) { * @return string|false The rendered HTML, or false on error. */ public static function sprintf( string $template_string, array $replacements = array() ) { - return self::from( $template_string, $replacements )->render(); + return self::from( $template_string, $replacements )->render(); } /** @@ -76,7 +76,6 @@ public function render( ?array $replacements = null ) { return WP_HTML_Processor::normalize( $this->template_string ) ?? $this->template_string; } - $processor = new WP_HTML_Tag_Processor( $this->template_string ); $error_occurred = false; @@ -113,15 +112,14 @@ public function render( ?array $replacements = null ) { break; } $placeholder = trim( \substr( $processor->html, $start + 3, $length - 4 ), " \t\n\r\f" ); - // var_dump( substr( $processor->html, $start, $length ), $start, $length, $placeholder ); // Valid placeholders match `/a-z0-9_-/i`. - if ( \strlen( $placeholder ) !== \strspn( $placeholder, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-') ) { + if ( \strlen( $placeholder ) !== \strspn( $placeholder, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-' ) ) { break; } $replacement = $this->get_replacement( $placeholder ); - if ( is_string( $replacement ) ) { + if ( \is_string( $replacement ) ) { $processor->lexical_updates[] = new WP_HTML_Text_Replacement( $start, $length, @@ -162,13 +160,13 @@ public function render( ?array $replacements = null ) { } $last_offset = $attribute->value_starts_at; - $offset = $attribute->value_starts_at; - $end = $offset + $attribute->value_length; + $offset = $attribute->value_starts_at; + $end = $offset + $attribute->value_length; /** * @todo preg_match does not accept length, so this will happily search * beyond the attribute value. */ - while( + while ( 1 === preg_match( '##i', $processor->html, @@ -213,7 +211,7 @@ public function render( ?array $replacements = null ) { ) ) ); - $last_offset = $match_at + $match_length; + $last_offset = $match_at + $match_length; } elseif ( $replacement instanceof self ) { _doing_it_wrong( __METHOD__, From 9def00a754e7c6d4265c8d6029313e409fddce43 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 13:17:14 +0100 Subject: [PATCH 14/53] Add message on disallowed type --- .../html-api/class-wp-html-template.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index d2d5f701b868d..08ce503043b4f 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -134,8 +134,7 @@ public function render( ?array $replacements = null ) { ) ) ); - } - if ( $replacement instanceof WP_HTML_Template ) { + } elseif ( $replacement instanceof WP_HTML_Template ) { $processor->lexical_updates[] = new WP_HTML_Text_Replacement( $start, $length, @@ -272,6 +271,17 @@ private function get_replacement( string $key ): self|string|null { if ( \is_string( $replacement ) || ( $replacement instanceof WP_HTML_Template ) ) { return $replacement; } + + _doing_it_wrong( + __METHOD__, + sprintf( + __( 'Invalid replacement for %1$s of type `%2$s`. Must be a string or template.' ), + esc_html( $key ), + esc_html( gettype( $replacement ) ) + ), + '7.0.0' + ); + return null; } } From a954bcff60c4ee600550988cd3d6b0f8160e9d8f Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 13:24:41 +0100 Subject: [PATCH 15/53] Cleanup test + lints --- tests/phpunit/tests/html-api/wpHtmlTemplate.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 9ec70f5703d0a..a1bc49b1732df 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -73,11 +73,12 @@ public function test_4() { $this->assertEqualHTML( $expected, $result ); } + public function test_prevent_sneaky_tag_in_html() { $template_string = 'a<>s'; $replacements = array( 'tag-name' => 'i' ); - $t = T::from( $template_string ); - $result = $t->render( $replacements ); + $t = T::from( $template_string ); + $result = $t->render( $replacements ); $expected = 'a<i>s'; $this->assertEqualHTML( $expected, $result ); @@ -86,8 +87,8 @@ public function test_prevent_sneaky_tag_in_html() { public function test_attr_repeat() { $template_string = ''; $replacements = array( - 'replace' => 'O', - 'replace-2' => 'K', + 'replace' => 'O', + 'replace-2' => 'K', 'no-replace' => 'FAIL', ); @@ -152,8 +153,8 @@ public function test_attribute_with_spaces() { public function test_attr_no_produce_character_reference() { $template_string = ''; $replacements = array( 'placeholder' => 'not' ); - $t = T::from( $template_string ); - $result = $t->render( $replacements ); + $t = T::from( $template_string ); + $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); $expected = From 379678b8858bddb27ffdcd9b6f52e162a5e086a6 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 13:24:56 +0100 Subject: [PATCH 16/53] Add multiple template tests --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index a1bc49b1732df..6e4d2a9430552 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -486,4 +486,103 @@ public static function data_real_world_examples() { HTML, ); } + + public function test_multi_replace() { + $row_template_string = "
\n
"; + + // @todo It should be possible to produce templates from an original. + $row_replacements = array(); + for ( $i = 0; $i <= 3; $i++ ) { + $row_replacements[ "row-{$i}" ] = WP_HTML_Template::from( + $row_template_string, + array( + 'term' => "Term \"{$i}\"", + 'definition' => WP_HTML_Template::from( + 'IYKYK: ', + array( + 'i' => (string) $i, + 'expansion' => '"If You Know You Know"', + ) + ), + ) + ); + } + + $result = WP_HTML_Template::sprintf( + <<<'HTML' +
+ + + +
+ HTML, + $row_replacements + ); + + $expected = + <<<'HTML' +
+
Term "1"
+
IYKYK: 1
+
Term "2"
+
IYKYK: 2
+
Term "3"
+
IYKYK: 3
+
+ HTML; + + $this->assertEqualHTML( $expected, $result ); + } + + public function test_multi_replace_table() { + $this->markTestSkipped( 'IN TABLE templates are not supported yet.' ); + $header_tpl = WP_HTML_Template::from( + '', + array( + 'ID' => 'ID', + 'name' => 'Name', + 'value' => 'Value', + 'link' => 'Link', + ) + ); + $row_tpl = WP_HTML_Template::from( '' ); + + $row_gen = ( function () { + static $i = 1; + yield array( + 'ID' => $i, + 'name' => 'Name {$i}', + 'value' => WP_HTML_Template::from( 'Value {$i}', array( 'i' => $i ) ), + 'link' => WP_HTML_Template::from( + '', + array( + 'url' => '/example/1', + 'link-name' => 'Click here', + ), + ), + ); + } )(); + + $result = WP_HTML_Template::sprintf( + <<<'HTML' + + + + + + + HTML, + array( + 'header' => $header_tpl, + 'row-1' => $row_tpl->render( $row_gen->next() ), + 'row-2' => $row_tpl->render( $row_gen->next() ), + 'row-3' => $row_tpl->render( $row_gen->next() ), + ) + ); + + $expected = + <<<'HTML' + HTML; + $this->assertEqualHTML( $expected, $result ); + } } From 58cbcf84fddfcfadbbf879eda3b84814700d9ab3 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 14:05:04 +0100 Subject: [PATCH 17/53] Improve test names and specificity --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 51 ++++++++++++++----- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 6e4d2a9430552..fbf4282194330 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -16,7 +16,7 @@ use WP_HTML_Template as T; class Tests_HtmlApi_WpHtmlTemplate extends WP_UnitTestCase { - public function test_1() { + public function test_basic_text_replacement() { $t = T::from( '

Hello, !

' ); $result = $t->render( array( 'name' => 'World' ) ); $this->assertSame( $result, T::sprintf( '

Hello, !

', array( 'name' => 'World' ) ) ); @@ -28,7 +28,7 @@ public function test_1() { $this->assertEqualHTML( $expected, $result ); } - public function test_2() { + public function test_escapes_special_characters() { $template_string = '

Hello, !

'; $replacements = array( 'placeholder' => 'Alice & Bob' ); @@ -43,22 +43,34 @@ public function test_2() { $this->assertEqualHTML( $expected, $result ); } - public function test_3() { - $template_string = '

Hello, , , , & !

'; + public function test_numeric_placeholders() { + $template_string = '

Hello, and !

'; $replacements = array( 'Alice', 'Bob' ); $t = T::from( $template_string ); $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - $expected = - <<<'HTML' -

Hello, Alice, Alice, Bob, & Bob!

- HTML; + $expected = '

Hello, Alice and Bob!

'; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_repeated_placeholders() { + $template_string = '

, , , & !

'; + $replacements = array( + 'Alice', + 'name' => 'Bob', + ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = '

Alice, Alice, Bob, & Bob!

'; $this->assertEqualHTML( $expected, $result ); } - public function test_4() { + public function test_nested_template_replacement() { $template_string = '

Hello, '; $replacements = array( 'html' => T::from( 'Alice & Bob' ) ); @@ -114,10 +126,24 @@ public function test_attr_no_recursive_replacement() { $this->assertEqualHTML( $expected, $result ); } - public function test_attr() { + public function test_replaces_attribute_values() { $template_string = ''; $replacements = array( 'n' => 'the name', + 'c' => 'the content', + ); + + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + + $expected = ''; + $this->assertEqualHTML( $expected, $result ); + } + + public function test_escapes_attribute_values() { + $template_string = ''; + $replacements = array( 'c' => 'the "content" & whatever else', ); @@ -125,10 +151,7 @@ public function test_attr() { $result = $t->render( $replacements ); $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - $expected = - <<<'HTML' - - HTML; + $expected = ''; $this->assertEqualHTML( $expected, $result ); } From 0b472ddeb16b1870cd4dd3ffbf5b4eee254c84b3 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 15:35:34 +0100 Subject: [PATCH 18/53] Improve test structure and names --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 246 +++++++++--------- 1 file changed, 128 insertions(+), 118 deletions(-) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index fbf4282194330..ab01e33b64cce 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -16,77 +16,15 @@ use WP_HTML_Template as T; class Tests_HtmlApi_WpHtmlTemplate extends WP_UnitTestCase { - public function test_basic_text_replacement() { - $t = T::from( '

Hello, !

' ); - $result = $t->render( array( 'name' => 'World' ) ); - $this->assertSame( $result, T::sprintf( '

Hello, !

', array( 'name' => 'World' ) ) ); - - $expected = - <<<'HTML' -

Hello, World!

- HTML; - $this->assertEqualHTML( $expected, $result ); - } - - public function test_escapes_special_characters() { - $template_string = '

Hello, !

'; - $replacements = array( 'placeholder' => 'Alice & Bob' ); - - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - - $expected = - <<<'HTML' -

Hello, Alice & Bob!

- HTML; - $this->assertEqualHTML( $expected, $result ); - } - - public function test_numeric_placeholders() { - $template_string = '

Hello, and !

'; - $replacements = array( 'Alice', 'Bob' ); - - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - - $expected = '

Hello, Alice and Bob!

'; - $this->assertEqualHTML( $expected, $result ); - } - - public function test_repeated_placeholders() { - $template_string = '

, , , & !

'; - $replacements = array( - 'Alice', - 'name' => 'Bob', - ); - - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - - $expected = '

Alice, Alice, Bob, & Bob!

'; - $this->assertEqualHTML( $expected, $result ); - } - - public function test_nested_template_replacement() { - $template_string = '

Hello, '; - $replacements = array( 'html' => T::from( 'Alice & Bob' ) ); - - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - - $expected = - <<<'HTML' -

Hello, Alice & Bob

- HTML; - $this->assertEqualHTML( $expected, $result ); - } - - - public function test_prevent_sneaky_tag_in_html() { + /** + * Verifies that replacement text adjacent to angle brackets is escaped. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + */ + public function test_escapes_text_adjacent_to_angle_brackets() { $template_string = 'a<>s'; $replacements = array( 'tag-name' => 'i' ); $t = T::from( $template_string ); @@ -96,7 +34,16 @@ public function test_prevent_sneaky_tag_in_html() { $this->assertEqualHTML( $expected, $result ); } - public function test_attr_repeat() { + /** + * Verifies that only the first of duplicate attributes is replaced. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_replaces_only_in_first_duplicate_attribute() { $template_string = ''; $replacements = array( 'replace' => 'O', @@ -112,7 +59,16 @@ public function test_attr_repeat() { $this->assertEqualHTML( $expected, $result ); } - public function test_attr_no_recursive_replacement() { + /** + * Verifies that attribute replacement is not recursive. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_attribute_replacement_is_not_recursive() { $template_string = ''; $replacements = array( 'replace' => '<%/replace>', @@ -126,36 +82,16 @@ public function test_attr_no_recursive_replacement() { $this->assertEqualHTML( $expected, $result ); } - public function test_replaces_attribute_values() { - $template_string = ''; - $replacements = array( - 'n' => 'the name', - 'c' => 'the content', - ); - - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - - $expected = ''; - $this->assertEqualHTML( $expected, $result ); - } - - public function test_escapes_attribute_values() { - $template_string = ''; - $replacements = array( - 'c' => 'the "content" & whatever else', - ); - - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); - - $expected = ''; - $this->assertEqualHTML( $expected, $result ); - } - - public function test_attribute_with_spaces() { + /** + * Verifies that placeholder names allow surrounding whitespace. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_placeholder_names_allow_surrounding_whitespace() { $template_string = ""; $replacements = array( 'n' => 'the name', @@ -173,7 +109,16 @@ public function test_attribute_with_spaces() { $this->assertEqualHTML( $expected, $result ); } - public function test_attr_no_produce_character_reference() { + /** + * Verifies that ampersands are escaped to prevent character reference injection. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_escapes_ampersand_to_prevent_character_reference_injection() { $template_string = ''; $replacements = array( 'placeholder' => 'not' ); $t = T::from( $template_string ); @@ -188,9 +133,15 @@ public function test_attr_no_produce_character_reference() { } /** + * Verifies that nested templates are rejected in attribute values. + * + * @ticket 60229 + * + * @covers ::sprintf + * * @expectedIncorrectUsage WP_HTML_Template::render */ - public function test_attr_rejects_html() { + public function test_rejects_nested_template_in_attribute_value() { $template_string = ''; $replacements = array( 'html' => T::from( 'This is not allowed!' ), @@ -202,40 +153,80 @@ public function test_attr_rejects_html() { * @dataProvider data_template * * @ticket 60229 + * * @covers ::from * @covers ::render + * @covers ::sprintf */ - public function xtest_template( string $template_string, array $replacements, string $expected ) { - $result = WP_HTML_Template::sprintf( $template_string, $replacements ); + public function test_template( string $template_string, array $replacements, string $expected ) { + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); $this->assertEqualHTML( $expected, $result ); } public static function data_template() { return array( - 'Basic template' => array( + 'basic template (no placeholders)' => array( '

Hi!

', array(), '

Hi!

', ), - 'HTML text replacement (basic)' => array( + 'basic text replacement' => array( '

Hello, !

', - array( 'name' => 'World!' ), + array( 'name' => 'World' ), '

Hello, World!

', ), - 'HTML text replacement (escaped)' => array( + 'escapes special characters in text' => array( + '

Hello, !

', + array( 'placeholder' => 'Alice & Bob' ), + '

Hello, Alice & Bob!

', + ), + + 'escapes angle brackets in text' => array( '

Hello, !

', array( 'name' => '' ), - '

Hello, <little-bobby-tags>

', + '

Hello, <little-bobby-tags>!

', ), - 'HTML replacement with template' => array( - '

Hello, !

', + 'numeric placeholders' => array( + '

Hello, and !

', + array( 'Alice', 'Bob' ), + '

Hello, Alice and Bob!

', + ), + + 'repeated placeholders' => array( + '

, , , & !

', + array( + 'Alice', + 'name' => 'Bob', + ), + '

Alice, Alice, Bob, & Bob!

', + ), + + 'nested template replacement' => array( + '

Hello, ', + array( 'html' => WP_HTML_Template::from( 'Alice & Bob' ) ), + '

Hello, Alice & Bob

', + ), + + 'replaces attribute values' => array( + '', + array( + 'n' => 'the name', + 'c' => 'the content', + ), + '', + ), + + 'escapes attribute values' => array( + '', array( - 'name' => WP_HTML_Template::from( 'World' ), + 'c' => 'the "content" & whatever else', ), - '

Hello, World!

', + '', ), ); } @@ -246,6 +237,7 @@ public static function data_template() { * @dataProvider data_real_world_examples * * @ticket 60229 + * * @covers ::sprintf */ public function test_real_world_examples( string $template_string, array $replacements, string $expected ) { @@ -510,7 +502,16 @@ public static function data_real_world_examples() { ); } - public function test_multi_replace() { + /** + * Verifies nested templates work correctly in a definition list. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_nested_templates_in_definition_list() { $row_template_string = "
\n
"; // @todo It should be possible to produce templates from an original. @@ -557,7 +558,16 @@ public function test_multi_replace() { $this->assertEqualHTML( $expected, $result ); } - public function test_multi_replace_table() { + /** + * Verifies table templates are not yet supported. + * + * @ticket 60229 + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_table_templates_not_yet_supported() { $this->markTestSkipped( 'IN TABLE templates are not supported yet.' ); $header_tpl = WP_HTML_Template::from( '
', From 7a67db251fbecbfc1530b408c3d1a74ce6dee46a Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 15:39:44 +0100 Subject: [PATCH 19/53] Refactor WP_HTML_Template to use composition over inheritance Replace `extends WP_HTML_Tag_Processor` with an internal anonymous class that provides accessor methods for the protected properties needed during template rendering. This improves encapsulation by not exposing the tag processor's public API on the template class. --- .../html-api/class-wp-html-template.php | 149 ++++++++++++------ 1 file changed, 99 insertions(+), 50 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 08ce503043b4f..99ef3c6fcaeb4 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -7,7 +7,7 @@ * @since 7.0.0 */ -class WP_HTML_Template extends WP_HTML_Tag_Processor { +class WP_HTML_Template { /** * The template string. * @@ -76,7 +76,44 @@ public function render( ?array $replacements = null ) { return WP_HTML_Processor::normalize( $this->template_string ) ?? $this->template_string; } - $processor = new WP_HTML_Tag_Processor( $this->template_string ); + $processor = new class( $this->template_string ) extends WP_HTML_Tag_Processor { + /** + * Returns the HTML string being processed. + * + * @return string The HTML string. + */ + public function get_html(): string { + return $this->html; + } + + /** + * Returns a bookmark by name. + * + * @param string $name The bookmark name. + * @return WP_HTML_Span|null The bookmark span, or null if not found. + */ + public function get_bookmark( string $name ) { + return $this->bookmarks[ $name ] ?? null; + } + + /** + * Returns the tag attributes array. + * + * @return array The attributes array. + */ + public function get_tag_attributes(): array { + return $this->attributes; + } + + /** + * Adds a lexical update. + * + * @param WP_HTML_Text_Replacement $update The text replacement to add. + */ + public function add_lexical_update( WP_HTML_Text_Replacement $update ): void { + $this->lexical_updates[] = $update; + } + }; $error_occurred = false; while ( $processor->next_token() ) { @@ -87,14 +124,16 @@ public function render( ?array $replacements = null ) { */ case '#text': $processor->set_bookmark( 'text' ); - $mark = $processor->bookmarks['text'] ?? null; + $mark = $processor->get_bookmark( 'text' ); assert( null !== $mark ); $normalized = $processor->serialize_token(); - if ( 0 !== substr_compare( $processor->html, $normalized, $mark->start, min( $mark->length, strlen( $normalized ) ) ) ) { - $processor->lexical_updates[] = new WP_HTML_Text_Replacement( - $mark->start, - $mark->length, - $normalized + if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, min( $mark->length, strlen( $normalized ) ) ) ) { + $processor->add_lexical_update( + new WP_HTML_Text_Replacement( + $mark->start, + $mark->length, + $normalized + ) ); } break; @@ -102,16 +141,17 @@ public function render( ?array $replacements = null ) { case '#funky-comment': // Does it look like a placeholder? $processor->set_bookmark( 'placeholder' ); - $mark = $processor->bookmarks['placeholder'] ?? null; + $mark = $processor->get_bookmark( 'placeholder' ); assert( null !== $mark ); // A funky comment looks at least like $start = $mark->start; $length = $mark->length; + $html = $processor->get_html(); // This is not the funky comment we're looking for. - if ( $length < 5 || ! $processor->html[ $start + 2 ] === '%' ) { + if ( $length < 5 || ! $html[ $start + 2 ] === '%' ) { break; } - $placeholder = trim( \substr( $processor->html, $start + 3, $length - 4 ), " \t\n\r\f" ); + $placeholder = trim( \substr( $html, $start + 3, $length - 4 ), " \t\n\r\f" ); // Valid placeholders match `/a-z0-9_-/i`. if ( \strlen( $placeholder ) !== \strspn( $placeholder, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-' ) ) { @@ -120,25 +160,29 @@ public function render( ?array $replacements = null ) { $replacement = $this->get_replacement( $placeholder ); if ( \is_string( $replacement ) ) { - $processor->lexical_updates[] = new WP_HTML_Text_Replacement( - $start, - $length, - strtr( - $replacement, - array( - '<' => '<', - '>' => '>', - "'" => ''', - '"' => '"', - '&' => '&', + $processor->add_lexical_update( + new WP_HTML_Text_Replacement( + $start, + $length, + strtr( + $replacement, + array( + '<' => '<', + '>' => '>', + "'" => ''', + '"' => '"', + '&' => '&', + ) ) ) ); } elseif ( $replacement instanceof WP_HTML_Template ) { - $processor->lexical_updates[] = new WP_HTML_Text_Replacement( - $start, - $length, - $replacement->render() + $processor->add_lexical_update( + new WP_HTML_Text_Replacement( + $start, + $length, + $replacement->render() + ) ); } break; @@ -148,7 +192,8 @@ public function render( ?array $replacements = null ) { break; } - foreach ( $processor->attributes as $attribute ) { + $html = $processor->get_html(); + foreach ( $processor->get_tag_attributes() as $attribute ) { // Boolean attributes cannot contain placeholders. if ( $attribute->is_true ) { continue; @@ -168,7 +213,7 @@ public function render( ?array $replacements = null ) { while ( 1 === preg_match( '##i', - $processor->html, + $html, $matches, PREG_OFFSET_CAPTURE, $offset @@ -181,32 +226,36 @@ public function render( ?array $replacements = null ) { $match_length = strlen( $matches[0][0] ); // Capture and clean the preceding attribute text. - $processor->lexical_updates[] = new WP_HTML_Text_Replacement( - $last_offset, - $match_at - $last_offset, - strtr( - substr( $processor->html, $last_offset, $match_at - $last_offset ), - array( - '<' => '<', - '>' => '>', - "'" => ''', - '"' => '"', - '&' => '&', + $processor->add_lexical_update( + new WP_HTML_Text_Replacement( + $last_offset, + $match_at - $last_offset, + strtr( + substr( $html, $last_offset, $match_at - $last_offset ), + array( + '<' => '<', + '>' => '>', + "'" => ''', + '"' => '"', + '&' => '&', + ) ) ) ); - $processor->lexical_updates[] = new WP_HTML_Text_Replacement( - $match_at, - strlen( $matches[0][0] ), - strtr( - $replacement, - array( - '<' => '<', - '>' => '>', - "'" => ''', - '"' => '"', - '&' => '&', + $processor->add_lexical_update( + new WP_HTML_Text_Replacement( + $match_at, + strlen( $matches[0][0] ), + strtr( + $replacement, + array( + '<' => '<', + '>' => '>', + "'" => ''', + '"' => '"', + '&' => '&', + ) ) ) ); From dd7d70dcd679cb6b562a2befbfa0ebabf9c9e7e0 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 15:42:31 +0100 Subject: [PATCH 20/53] Remove unused preg_attribute_replace_callback method from WP_HTML_Template --- .../html-api/class-wp-html-template.php | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 99ef3c6fcaeb4..0db4455e55a5d 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -281,30 +281,6 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void { return WP_HTML_Processor::normalize( $html ) ?? $html; } - private function preg_attribute_replace_callback( $matches ) { - $key = $matches[1]; - - $replacement = $this->get_replacement( $key ); - - // Keep placeholder if no replacement found. - if ( null === $replacement ) { - return $matches[0]; - } - - // HTML cannot be embedded in attribute values. - if ( $replacement instanceof self ) { - _doing_it_wrong( - __METHOD__, - // @todo improve this message, include the placeholder in the string. - __( 'Attribute values cannot contain HTML. Use a plain string.' ), - '7.0.0' - ); - return ''; - } - - return $replacement; - } - /** * Get the replacement value for a placeholder key. * From 78baca2af004e0bf7db0f827cfcf0a003d7dfec8 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 15:54:51 +0100 Subject: [PATCH 21/53] Add notes for next steps --- docs/brainstorming/template-compile.md | 21 +++++++++++++++++++++ docs/brainstorming/template-html-context.md | 17 +++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 docs/brainstorming/template-compile.md create mode 100644 docs/brainstorming/template-html-context.md diff --git a/docs/brainstorming/template-compile.md b/docs/brainstorming/template-compile.md new file mode 100644 index 0000000000000..908c95a82138f --- /dev/null +++ b/docs/brainstorming/template-compile.md @@ -0,0 +1,21 @@ +# Template Compile Mode + +**Date:** 2026-02-04 +**Status:** Brainstorming + +--- + +## Two Modes of Template Usage + +### 1. Flush Mode (current) +- One-shot rendering, like `::sprintf` +- Parse and render in a single pass + +### 2. Compile Mode (new idea) +- A `compile()` method that: + - Captures placeholder offsets + - Returns a compiled/prepared template + - Accepts an array of replacements at render time + - Can be rendered multiple times efficiently from a single compilation + +**Use case:** When you need to render the same template structure repeatedly with different data, avoid re-parsing the template each time. diff --git a/docs/brainstorming/template-html-context.md b/docs/brainstorming/template-html-context.md new file mode 100644 index 0000000000000..c0691b0913335 --- /dev/null +++ b/docs/brainstorming/template-html-context.md @@ -0,0 +1,17 @@ +# Template HTML Context + +**Date:** 2026-02-04 +**Status:** Brainstorming + +--- + +## HTML Context Constraints + +### Problem +The HTML processor cannot normalize certain templates like `` because `` cannot exist outside of a `` element. Context matters for valid HTML. + +### Potential Solutions +- Use HTML processor instead of TAG processor +- Add private methods for rendering nested templates +- Processor creates a **fragment parser** at the template replacement location + - Fragment parser handles the child template with proper parent context From 0dbf70cd24fe5d9b3ac2c4e84d8e84524c90bfff Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 16:26:27 +0100 Subject: [PATCH 22/53] Add more tests --- .../phpunit/tests/html-api/wpHtmlTemplate.php | 151 ++++++++++++++++++ 1 file changed, 151 insertions(+) diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index ab01e33b64cce..ef217c3d3e6e8 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -618,4 +618,155 @@ public function test_table_templates_not_yet_supported() { HTML; $this->assertEqualHTML( $expected, $result ); } + + /** + * Verifies that attributes are replaced in atomic elements (SCRIPT, STYLE, TITLE). + * + * These elements have special parsing rules that skip their content, + * but attributes should still be processed normally. + * + * @ticket 60229 + * + * @dataProvider data_atomic_element_attributes + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_atomic_element_attributes_are_replaced( string $template_string, array $replacements, string $expected ) { + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + $this->assertSame( $expected, $result ); + } + + public static function data_atomic_element_attributes() { + return array( + 'SCRIPT element attributes' => array( + '', + array( 'src' => '/js/app.js' ), + '', + ), + + 'STYLE element attributes' => array( + '', + array( 'media' => 'screen' ), + '', + ), + + 'TITLE element attributes' => array( + 'Page Title', + array( 'lang' => 'en' ), + 'Page Title', + ), + + 'TEXTAREA element attributes' => array( + '', + array( 'name' => 'my-textarea' ), + '', + ), + ); + } + + /** + * Verifies content placeholder behavior in elements with special parsing. + * + * - RAWTEXT elements (SCRIPT, STYLE): Content is skipped, placeholders preserved literally. + * - RCDATA elements (TITLE, TEXTAREA): Content is processed but placeholders are not + * recognized - they're treated as literal text and HTML-escaped. + * + * @ticket 60229 + * + * @dataProvider data_atomic_element_content_placeholders + * + * @covers ::from + * @covers ::render + * @covers ::sprintf + */ + public function test_special_element_content_placeholder_behavior( string $template_string, array $replacements, string $expected ) { + $t = T::from( $template_string ); + $result = $t->render( $replacements ); + $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + $this->assertSame( $expected, $result ); + } + + public static function data_atomic_element_content_placeholders() { + return array( + // RAWTEXT elements (SCRIPT, STYLE): Content is truly skipped, placeholders preserved literally. + 'SCRIPT content placeholder ignored' => array( + '', + array( 'name' => 'SHOULD NOT APPEAR' ), + '', + ), + + 'STYLE content placeholder ignored' => array( + '', + array( 'content' => 'SHOULD NOT APPEAR' ), + '', + ), + + // RCDATA elements (TITLE, TEXTAREA): Content is processed but placeholder + // patterns are not recognized - they're treated as literal text and escaped. + 'TITLE content placeholder not recognized' => array( + 'Hello </%name>', + array( 'name' => 'SHOULD NOT APPEAR' ), + 'Hello </%name>', + ), + + 'TEXTAREA content placeholder not recognized' => array( + '', + array( 'placeholder' => 'SHOULD NOT APPEAR' ), + '', + ), + ); + } + + /** + * Verifies leading newline behavior in PRE elements. + * + * HTML5 specifies that a single leading newline immediately after the + * 
 start tag is ignored. This test documents the template behavior.
+	 *
+	 * @ticket 60229
+	 *
+	 * @dataProvider data_pre_element_leading_newline
+	 *
+	 * @covers ::from
+	 * @covers ::render
+	 * @covers ::sprintf
+	 */
+	public function test_pre_element_leading_newline_behavior( string $template_string, array $replacements, string $expected ) {
+		$t      = T::from( $template_string );
+		$result = $t->render( $replacements );
+		$this->assertSame( $result, T::sprintf( $template_string, $replacements ) );
+		$this->assertSame( $expected, $result );
+	}
+
+	public static function data_pre_element_leading_newline() {
+		return array(
+			'PRE without newline'        => array(
+				"
",
+				array( 'code' => "line1\nline2"),
+				"
line1\nline2
",
+			),
+
+			'PRE with newline' => array(
+				"
\n
",
+				array( 'code' =>  "line1\nline2"),
+				"
line1\nline2
",
+			),
+
+			'PRE with newline in replacement' => array(
+				"
\n
",
+				array( 'code' =>   "line1\nline2"),
+				"
line1\nline2
",
+			),
+
+			'PRE with newline and newline in replacement' => array(
+				"
\n
",
+				array( 'code' =>    "\nline1\nline2"),
+				"
\nline1\nline2
",
+			),
+		);
+	}
 }

From 2e7aad84a299813e4fa6a5a6940d3dadc7e2d9c9 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Wed, 4 Feb 2026 16:33:31 +0100
Subject: [PATCH 23/53] lints

---
 .../html-api/class-wp-html-template.php        |  2 +-
 .../phpunit/tests/html-api/wpHtmlTemplate.php  | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 0db4455e55a5d..3d873c65792f9 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -259,7 +259,7 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 										)
 									)
 								);
-								$last_offset                  = $match_at + $match_length;
+								$last_offset = $match_at + $match_length;
 							} elseif ( $replacement instanceof self ) {
 								_doing_it_wrong(
 									__METHOD__,
diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index ef217c3d3e6e8..05f95864afe12 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -167,37 +167,37 @@ public function test_template( string $template_string, array $replacements, str
 
 	public static function data_template() {
 		return array(
-			'basic template (no placeholders)'    => array(
+			'basic template (no placeholders)'   => array(
 				'
Hi!
',
 				array(),
 				'
Hi!
',
 			),
 
-			'basic text replacement'              => array(
+			'basic text replacement'             => array(
 				'
Hello, !
',
 				array( 'name' => 'World' ),
 				'
Hello, World!
',
 			),
 
-			'escapes special characters in text'  => array(
+			'escapes special characters in text' => array(
 				'
Hello, !
',
 				array( 'placeholder' => 'Alice & Bob' ),
 				'
Hello, Alice & Bob!
',
 			),
 
-			'escapes angle brackets in text'      => array(
+			'escapes angle brackets in text'     => array(
 				'
Hello, !
',
 				array( 'name' => '' ),
 				'
Hello, <little-bobby-tags>!
',
 			),
 
-			'numeric placeholders'                => array(
+			'numeric placeholders'               => array(
 				'
Hello,  and !
',
 				array( 'Alice', 'Bob' ),
 				'
Hello, Alice and Bob!
',
 			),
 
-			'repeated placeholders'               => array(
+			'repeated placeholders'              => array(
 				'
, , , & !
',
 				array(
 					'Alice',
@@ -206,13 +206,13 @@ public static function data_template() {
 				'
Alice, Alice, Bob, & Bob!
',
 			),
 
-			'nested template replacement'         => array(
+			'nested template replacement'        => array(
 				'
Hello, ',
 				array( 'html' => WP_HTML_Template::from( 'Alice & Bob' ) ),
 				'
Hello, Alice & Bob
',
 			),
 
-			'replaces attribute values'           => array(
+			'replaces attribute values'          => array(
 				'',
 				array(
 					'n' => 'the name',
@@ -221,7 +221,7 @@ public static function data_template() {
 				'',
 			),
 
-			'escapes attribute values'            => array(
+			'escapes attribute values'           => array(
 				'',
 				array(
 					'c' => 'the "content" & whatever else',

From d323a9a12e1e80eb0acb38c46fe36536e22f8dfa Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Wed, 4 Feb 2026 18:03:08 +0100
Subject: [PATCH 24/53] Add design document for WP_HTML_Template API redesign

Documents the new two-class API (WP_HTML_Template + WP_HTML_Bound_Template)
that enables efficient repeated rendering through lazy compilation and
lightweight bind operations.
---
 .../plans/2026-02-04-template-api-redesign.md | 153 ++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 docs/plans/2026-02-04-template-api-redesign.md

diff --git a/docs/plans/2026-02-04-template-api-redesign.md b/docs/plans/2026-02-04-template-api-redesign.md
new file mode 100644
index 0000000000000..874815b42399d
--- /dev/null
+++ b/docs/plans/2026-02-04-template-api-redesign.md
@@ -0,0 +1,153 @@
+# WP_HTML_Template API Redesign
+
+**Date:** 2026-02-04
+**Status:** Design Complete
+
+---
+
+## Overview
+
+Redesign the `WP_HTML_Template` API to support efficient repeated rendering. The key insight: parse once, bind many times, render on demand.
+
+## Classes
+
+### WP_HTML_Template
+
+The parsed template. Reusable across multiple bind operations.
+
+```php
+class WP_HTML_Template {
+    public static function render(string $template, array $replacements): string|false;
+    public static function from(string $template): self;
+    public function bind(array $replacements): WP_HTML_Bound_Template;
+}
+```
+
+### WP_HTML_Bound_Template
+
+A template with replacements bound. Ready to render.
+
+```php
+class WP_HTML_Bound_Template {
+    public function render(): string|false;
+}
+```
+
+## Usage Patterns
+
+### One-shot rendering
+
+For simple cases where you render once:
+
+```php
+echo WP_HTML_Template::render('
', ['name' => 'Alice']);
+```
+
+### Reusable templates
+
+For loops or repeated use:
+
+```php
+$template = WP_HTML_Template::from('
    • ');
+
+foreach ($items as $item) {
+    echo $template->bind(['item' => $item])->render();
+}
+```
+
+### Nested templates
+
+Templates can contain other bound templates as replacements:
+
+```php
+$icon = WP_HTML_Template::from('');
+$message = WP_HTML_Template::from('
     
    ');
+
+echo $message->bind([
+    'icon' => $icon->bind(['class' => 'warning']),
+    'text' => 'Something went wrong',
+])->render();
+```
+
+## Replacement Values
+
+Valid replacement types depend on context:
+
+| Context   | String | WP_HTML_Bound_Template |
+|-----------|--------|------------------------|
+| Text      | Yes    | Yes                    |
+| Attribute | Yes    | No (error)             |
+
+## Lazy Compilation
+
+`from()` stores the template string but does not parse it immediately. Compilation happens on the first `bind()` call and is cached for subsequent calls.
+
+```php
+// Just stores the string
+$template = WP_HTML_Template::from('
    ');
+
+// First bind() triggers compilation, caches result
+$bound1 = $template->bind(['name' => 'Alice']);
+
+// Subsequent bind() reuses cached compilation
+$bound2 = $template->bind(['name' => 'Bob']);
+```
+
+## Compilation Output
+
+Compilation produces a list of placeholders with their positions and contexts:
+
+```php
+[
+    'template' => '
    ',
+    'placeholders' => [
+        'class'   => ['start' => 11, 'length' => 10, 'context' => 'attribute'],
+        'content' => ['start' => 23, 'length' => 12, 'context' => 'text'],
+    ],
+]
+```
+
+This allows `bind()` to validate replacements and `render()` to efficiently build the output string.
+
+## Error Handling
+
+Validation occurs at `bind()` time using the compiled placeholder information:
+
+### Missing key
+
+```php
+$t = WP_HTML_Template::from('
     
    ');
+$t->bind(['name' => 'Alice']);
+// Warning: Missing replacement key 'age'
+```
+
+Rendering continues with missing placeholders removed.
+
+### Unused key
+
+```php
+$t->bind(['name' => 'Alice', 'age' => '30', 'extra' => 'ignored']);
+// Warning: Unused replacement key 'extra'
+```
+
+Rendering continues with unused keys ignored.
+
+### Wrong type for attribute
+
+```php
+$t = WP_HTML_Template::from('
    text
    ');
+$t->bind(['class' => $otherTemplate->bind([...])]);
+// Warning: Replacement 'class' must be a string (attribute context)
+```
+
+`render()` returns `false`.
+
+## Migration from Current API
+
+| Old | New |
+|-----|-----|
+| `T::sprintf($tpl, $r)` | `T::render($tpl, $r)` |
+| `T::from($tpl, $r)->render()` | `T::from($tpl)->bind($r)->render()` |
+| `T::from($tpl)->render($r)` | `T::from($tpl)->bind($r)->render()` |
+
+Breaking changes are acceptable since this is pre-release code (`@since 7.0.0`).

From b15c1699b460b39cd0d756664f703fe2d3380445 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Wed, 4 Feb 2026 21:04:39 +0100
Subject: [PATCH 25/53] Add v2 design document for WP_HTML_Template API

Single-class API with strict error handling:
- from() / bind() / render() essential interface
- Immutable bind() returns new instance
- All error conditions return false
- Templates usable as replacement values for HTML injection
---
 .../2026-02-04-template-api-redesign-v2.md    | 125 ++++++++++++++++++
 1 file changed, 125 insertions(+)
 create mode 100644 docs/plans/2026-02-04-template-api-redesign-v2.md

diff --git a/docs/plans/2026-02-04-template-api-redesign-v2.md b/docs/plans/2026-02-04-template-api-redesign-v2.md
new file mode 100644
index 0000000000000..75621fb65d1fe
--- /dev/null
+++ b/docs/plans/2026-02-04-template-api-redesign-v2.md
@@ -0,0 +1,125 @@
+# WP_HTML_Template API Redesign v2
+
+**Date:** 2026-02-04
+**Status:** Design Complete
+
+---
+
+## Overview
+
+A single-class template API with strict error handling. Parse once, bind values, render on demand.
+
+## Essential Interface
+
+```php
+class WP_HTML_Template {
+    public static function from(string $template): static;
+    public function bind(array $replacements): static;
+    public function render(): string|false;
+}
+```
+
+### Methods
+
+**`from(string $template): static`**
+
+Creates a template from a string.
+
+**`bind(array $replacements): static`**
+
+Returns a new immutable instance with replacements bound.
+
+**`render(): string|false`**
+
+Renders the template to an HTML string. Returns `false` on any error.
+
+## Usage Patterns
+
+### One-shot rendering
+
+```php
+$html = WP_HTML_Template::from('
    Hello, !
    ')
+    ->bind(['name' => 'World'])
+    ->render();
+```
+
+### Nested templates (HTML injection)
+
+A template instance can be used as a replacement value. It will be rendered and injected as HTML (not escaped).
+
+```php
+$html = WP_HTML_Template::from('
     
    ')
+    ->bind([
+        'icon' => WP_HTML_Template::from(''),
+        'message' => 'Something went wrong.',
+    ])
+    ->render();
+```
+
+### Nested templates with their own placeholders
+
+```php
+$html = WP_HTML_Template::from('
    ')
+    ->bind([
+        'content' => WP_HTML_Template::from('')
+            ->bind(['url' => '/help', 'text' => 'Learn more']),
+    ])
+    ->render();
+```
+
+### Loop rendering
+
+Parse once, bind and render with different values each iteration.
+
+```php
+$item_template = WP_HTML_Template::from('
    • ');
+
+foreach ($items as $item) {
+    echo $item_template->bind(['item' => $item])->render();
+}
+```
+
+## Replacement Values
+
+| Replacement Type | Text Context | Attribute Context |
+|------------------|--------------|-------------------|
+| String | Escaped | Escaped |
+| WP_HTML_Template | Rendered (HTML preserved) | `false` (error) |
+
+## Error Handling
+
+All error conditions cause `render()` to return `false`:
+
+| Condition | Result |
+|-----------|--------|
+| Missing replacement key | `false` |
+| Unused replacement key | `false` |
+| Template in attribute context | `false` |
+| HTML processing/normalization failure | `false` |
+
+Replacements must match placeholders exactly—no more, no less.
+
+## Immutability
+
+`bind()` always returns a new instance. Templates are safe to reuse:
+
+```php
+$tpl = WP_HTML_Template::from('
    ');
+
+$a = $tpl->bind(['text' => 'Hello']);
+$b = $tpl->bind(['text' => 'World']);
+
+// $a and $b are independent
+echo $a->render(); // 
    Hello
    
+echo $b->render(); // 
    World
    
+```
+
+## Migration from Current API
+
+| Old | New |
+|-----|-----|
+| `T::sprintf($tpl, $r)` | `T::from($tpl)->bind($r)->render()` |
+| `T::from($tpl, $r)->render()` | `T::from($tpl)->bind($r)->render()` |
+| `T::from($tpl)->render($r)` | `T::from($tpl)->bind($r)->render()` |
+
+Breaking changes are acceptable since this is pre-release code (`@since 7.0.0`).

From 1056bfa77d1187f4e6302b204516c0b0ee421803 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Wed, 4 Feb 2026 21:54:31 +0100
Subject: [PATCH 26/53] Rework interface

---
 .../html-api/class-wp-html-template.php       | 120 ++++++++++--------
 1 file changed, 66 insertions(+), 54 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 3d873c65792f9..ce471ff57ebfd 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -25,57 +25,48 @@ private function __construct( string $template_string, array $replacements ) {
 	}
 
 	/**
-	 * Render a template string with the given replacements.
+	 * Creates a template from a string.
 	 *
 	 * @since 7.0.0
 	 *
-	 * @param string $template_string The template string with placeholders.
-	 * @param array  $replacements    The replacement values.
-	 * @return string|false The rendered HTML, or false on error.
+	 * @param string $template The template string with placeholders.
+	 * @return static The template instance.
 	 */
-	public static function sprintf( string $template_string, array $replacements = array() ) {
-		return self::from( $template_string, $replacements )->render();
+	public static function from( string $template ): static {
+		return new static( $template, array() );
 	}
 
 	/**
-	 * @param string $template_string The template string with placeholders.
-	 * @param array  $replacements    The replacement values.
+	 * Returns a new immutable instance with replacements bound.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @param array $replacements The replacement values.
+	 * @return static A new template instance with the replacements bound.
 	 */
-	public static function from( string $template_string, array $replacements = array() ): static {
-		if ( ! is_string( $template_string ) ) {
-			_doing_it_wrong(
-				__METHOD__,
-				__( 'The template string must be a string.' ),
-				'7.0.0'
-			);
-			$template_string = '';
-		}
-		return new static( $template_string, $replacements );
+	public function bind( array $replacements ): static {
+		return new static( $this->template_string, $replacements );
 	}
 
 	/**
-	 * Render the template with the given replacements.
+	 * Renders the template to an HTML string.
+	 *
+	 * Returns false on any error:
+	 * - Missing replacement key (placeholder without corresponding replacement)
+	 * - Unused replacement key (replacement without corresponding placeholder)
+	 * - Template in attribute context
+	 * - HTML processing/normalization failure
 	 *
 	 * @since 7.0.0
 	 *
-	 * @param array $replacements Optional. The replacement values. They may be provided at template creation time.
 	 * @return string|false The rendered HTML, or false on error.
 	 */
-	public function render( ?array $replacements = null ) {
-		if ( \is_array( $replacements ) ) {
-			$this->replacements = $replacements;
-		} elseif ( null !== $replacements ) {
-			_doing_it_wrong(
-				__METHOD__,
-				__( 'The replacements must be an array.' ),
-				'7.0.0'
-			);
-		}
-
+	public function render(): string|false {
 		if ( empty( $this->replacements ) ) {
 			return WP_HTML_Processor::normalize( $this->template_string ) ?? $this->template_string;
 		}
 
+		$used_keys      = array();
 		$processor      = new class( $this->template_string ) extends WP_HTML_Tag_Processor {
 			/**
 			 * Returns the HTML string being processed.
@@ -158,7 +149,11 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 						break;
 					}
 
-					$replacement = $this->get_replacement( $placeholder );
+					$replacement = $this->get_replacement( $placeholder, $used_keys );
+					if ( null === $replacement ) {
+						$error_occurred = true;
+						break;
+					}
 					if ( \is_string( $replacement ) ) {
 						$processor->add_lexical_update(
 							new WP_HTML_Text_Replacement(
@@ -177,11 +172,16 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 							)
 						);
 					} elseif ( $replacement instanceof WP_HTML_Template ) {
+						$rendered = $replacement->render();
+						if ( false === $rendered ) {
+							$error_occurred = true;
+							break;
+						}
 						$processor->add_lexical_update(
 							new WP_HTML_Text_Replacement(
 								$start,
 								$length,
-								$replacement->render()
+								$rendered
 							)
 						);
 					}
@@ -220,7 +220,11 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 							)
 							&& $matches[0][1] < $end
 						) {
-							$replacement = $this->get_replacement( $matches[1][0] );
+							$replacement = $this->get_replacement( $matches[1][0], $used_keys );
+							if ( null === $replacement ) {
+								$error_occurred = true;
+								break 2; // Break out of while and foreach.
+							}
 							if ( is_string( $replacement ) ) {
 								$match_at     = $matches[0][1];
 								$match_length = strlen( $matches[0][0] );
@@ -261,12 +265,7 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 								);
 								$last_offset = $match_at + $match_length;
 							} elseif ( $replacement instanceof self ) {
-								_doing_it_wrong(
-									__METHOD__,
-									// @todo improve this message, include the placeholder in the string.
-									__( 'Attribute values cannot contain HTML. Use a plain string.' ),
-									'7.0.0'
-								);
+								// Template in attribute context is an error.
 								return false;
 							}
 
@@ -276,6 +275,16 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 			}
 		}
 
+		// Return false if any placeholder was missing a replacement.
+		if ( $error_occurred ) {
+			return false;
+		}
+
+		// Return false if any replacement key was not used.
+		if ( count( $used_keys ) !== count( $this->replacements ) ) {
+			return false;
+		}
+
 		$html = $processor->get_updated_html();
 
 		return WP_HTML_Processor::normalize( $html ) ?? $html;
@@ -285,28 +294,31 @@ public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
 	 * Get the replacement value for a placeholder key.
 	 *
 	 * Handles both named keys (like 'name') and numeric keys (like 0).
+	 * Tracks which keys are used for validation.
 	 *
 	 * @since 7.0.0
 	 *
-	 * @param string $key          The placeholder key.
-	 * @return mixed|null The replacement value, or null if not found.
+	 * @param string $key       The placeholder key.
+	 * @param array  $used_keys Reference to array tracking used keys.
+	 * @return self|string|null The replacement value, or null if not found.
 	 */
-	private function get_replacement( string $key ): self|string|null {
-		$replacement = $this->replacements[ $key ] ?? null;
+	private function get_replacement( string $key, array &$used_keys ): self|string|null {
+		// Try string key first, then numeric if the key looks numeric.
+		if ( array_key_exists( $key, $this->replacements ) ) {
+			$replacement = $this->replacements[ $key ];
+		} elseif ( ctype_digit( $key ) && array_key_exists( (int) $key, $this->replacements ) ) {
+			$key         = (int) $key;
+			$replacement = $this->replacements[ $key ];
+		} else {
+			return null;
+		}
+
+		$used_keys[ $key ] = true;
+
 		if ( \is_string( $replacement ) || ( $replacement instanceof WP_HTML_Template ) ) {
 			return $replacement;
 		}
 
-		_doing_it_wrong(
-			__METHOD__,
-			sprintf(
-				__( 'Invalid replacement for %1$s of type `%2$s`. Must be a string or template.' ),
-				esc_html( $key ),
-				esc_html( gettype( $replacement ) )
-			),
-			'7.0.0'
-		);
-
 		return null;
 	}
 }

From 2a995254f461dcefbe0e1ca76ed89aca6f7e5f1a Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Wed, 4 Feb 2026 21:59:10 +0100
Subject: [PATCH 27/53] Update tests for new API

---
 .../phpunit/tests/html-api/wpHtmlTemplate.php | 183 ++++++++----------
 1 file changed, 84 insertions(+), 99 deletions(-)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index 05f95864afe12..a9e9f1f060445 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -22,13 +22,13 @@ class Tests_HtmlApi_WpHtmlTemplate extends WP_UnitTestCase {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
 	 */
 	public function test_escapes_text_adjacent_to_angle_brackets() {
 		$template_string = 'a<>s';
 		$replacements    = array( 'tag-name' => 'i' );
-		$t               = T::from( $template_string );
-		$result          = $t->render( $replacements );
+		$result          = T::from( $template_string )->bind( $replacements )->render();
 
 		$expected = 'a<i>s';
 		$this->assertEqualHTML( $expected, $result );
@@ -37,23 +37,24 @@ public function test_escapes_text_adjacent_to_angle_brackets() {
 	/**
 	 * Verifies that only the first of duplicate attributes is replaced.
 	 *
+	 * Note: Duplicate attributes are stripped per HTML spec, so placeholders
+	 * in duplicate attributes are ignored. Providing a replacement for such
+	 * placeholders would be an unused key error.
+	 *
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_replaces_only_in_first_duplicate_attribute() {
 		$template_string = '';
 		$replacements    = array(
-			'replace'    => 'O',
-			'replace-2'  => 'K',
-			'no-replace' => 'FAIL',
+			'replace'   => 'O',
+			'replace-2' => 'K',
 		);
 
-		$t      = T::from( $template_string );
-		$result = $t->render( $replacements );
-		$this->assertSame( $result, T::sprintf( $template_string, $replacements ) );
+		$result = T::from( $template_string )->bind( $replacements )->render();
 
 		$expected = '';
 		$this->assertEqualHTML( $expected, $result );
@@ -65,8 +66,8 @@ public function test_replaces_only_in_first_duplicate_attribute() {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_attribute_replacement_is_not_recursive() {
 		$template_string = '';
@@ -74,9 +75,7 @@ public function test_attribute_replacement_is_not_recursive() {
 			'replace' => '<%/replace>',
 		);
 
-		$t      = T::from( $template_string );
-		$result = $t->render( $replacements );
-		$this->assertSame( $result, T::sprintf( $template_string, $replacements ) );
+		$result = T::from( $template_string )->bind( $replacements )->render();
 
 		$expected = '';
 		$this->assertEqualHTML( $expected, $result );
@@ -88,8 +87,8 @@ public function test_attribute_replacement_is_not_recursive() {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_placeholder_names_allow_surrounding_whitespace() {
 		$template_string = "";
@@ -98,9 +97,7 @@ public function test_placeholder_names_allow_surrounding_whitespace() {
 			'c' => 'the "content" & whatever else',
 		);
 
-		$t      = T::from( $template_string );
-		$result = $t->render( $replacements );
-		$this->assertSame( $result, T::sprintf( $template_string, $replacements ) );
+		$result = T::from( $template_string )->bind( $replacements )->render();
 
 		$expected =
 			<<<'HTML'
@@ -115,15 +112,13 @@ public function test_placeholder_names_allow_surrounding_whitespace() {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_escapes_ampersand_to_prevent_character_reference_injection() {
 		$template_string = '';
 		$replacements    = array( 'placeholder' => 'not' );
-		$t               = T::from( $template_string );
-		$result          = $t->render( $replacements );
-		$this->assertSame( $result, T::sprintf( $template_string, $replacements ) );
+		$result          = T::from( $template_string )->bind( $replacements )->render();
 
 		$expected =
 			<<<'HTML'
@@ -137,16 +132,16 @@ public function test_escapes_ampersand_to_prevent_character_reference_injection(
 	 *
 	 * @ticket 60229
 	 *
-	 * @covers ::sprintf
-	 *
-	 * @expectedIncorrectUsage WP_HTML_Template::render
+	 * @covers ::from
+	 * @covers ::bind
+	 * @covers ::render
 	 */
 	public function test_rejects_nested_template_in_attribute_value() {
 		$template_string = '';
 		$replacements    = array(
 			'html' => T::from( 'This is not allowed!' ),
 		);
-		$this->assertFalse( T::sprintf( $template_string, $replacements ) );
+		$this->assertFalse( T::from( $template_string )->bind( $replacements )->render() );
 	}
 
 	/**
@@ -155,13 +150,11 @@ public function test_rejects_nested_template_in_attribute_value() {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_template( string $template_string, array $replacements, string $expected ) {
-		$t      = T::from( $template_string );
-		$result = $t->render( $replacements );
-		$this->assertSame( $result, T::sprintf( $template_string, $replacements ) );
+		$result = T::from( $template_string )->bind( $replacements )->render();
 		$this->assertEqualHTML( $expected, $result );
 	}
 
@@ -238,10 +231,12 @@ public static function data_template() {
 	 *
 	 * @ticket 60229
 	 *
-	 * @covers ::sprintf
+	 * @covers ::from
+	 * @covers ::bind
+	 * @covers ::render
 	 */
 	public function test_real_world_examples( string $template_string, array $replacements, string $expected ) {
-		$result = WP_HTML_Template::sprintf( $template_string, $replacements );
+		$result = WP_HTML_Template::from( $template_string )->bind( $replacements )->render();
 		$this->assertEqualHTML( $expected, $result );
 	}
 
@@ -292,13 +287,13 @@ public static function data_real_world_examples() {
 			array(
 				'url'    => 'https://example.com/hello-world/?foo=1&bar=2',
 				'target' => '_blank',
-				'title'  => WP_HTML_Template::from(
-					'\'\' & ""',
-					array(
-						'italic' => 'This',
-						'bold'   => 'That',
-					)
-				),
+				'title'  => WP_HTML_Template::from( '\'\' & ""' )
+					->bind(
+						array(
+							'italic' => 'This',
+							'bold'   => 'That',
+						)
+					),
 			),
 			<<<'HTML'
 			
@@ -508,40 +503,37 @@ public static function data_real_world_examples() {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_nested_templates_in_definition_list() {
-		$row_template_string = "
    \n
    ";
+		$row_template = WP_HTML_Template::from( "
    \n
    " );
 
-		// @todo It should be possible to produce templates from an original.
 		$row_replacements = array();
-		for ( $i = 0; $i <= 3; $i++ ) {
-			$row_replacements[ "row-{$i}" ] = WP_HTML_Template::from(
-				$row_template_string,
+		for ( $i = 1; $i <= 3; $i++ ) {
+			$row_replacements[ "row-{$i}" ] = $row_template->bind(
 				array(
 					'term'       => "Term \"{$i}\"",
-					'definition' => WP_HTML_Template::from(
-						'IYKYK: ',
-						array(
-							'i'         => (string) $i,
-							'expansion' => '"If You Know You Know"',
-						)
-					),
+					'definition' => WP_HTML_Template::from( 'IYKYK: ' )
+						->bind(
+							array(
+								'i'         => (string) $i,
+								'expansion' => '"If You Know You Know"',
+							)
+						),
 				)
 			);
 		}
 
-		$result = WP_HTML_Template::sprintf(
+		$result = WP_HTML_Template::from(
 			<<<'HTML'
 			
    
 			
 			
 			
 			
    
-			HTML,
-			$row_replacements
-		);
+			HTML
+		)->bind( $row_replacements )->render();
 
 		$expected =
 			<<<'HTML'
@@ -564,20 +556,20 @@ public function test_nested_templates_in_definition_list() {
 	 * @ticket 60229
 	 *
 	 * @covers ::from
+	 * @covers ::bind
 	 * @covers ::render
-	 * @covers ::sprintf
 	 */
 	public function test_table_templates_not_yet_supported() {
 		$this->markTestSkipped( 'IN TABLE templates are not supported yet.' );
-		$header_tpl = WP_HTML_Template::from(
-			'
    ', - array( - 'ID' => 'ID', - 'name' => 'Name', - 'value' => 'Value', - 'link' => 'Link', - ) - ); + $header_tpl = WP_HTML_Template::from( '
    ' ) + ->bind( + array( + 'ID' => 'ID', + 'name' => 'Name', + 'value' => 'Value', + 'link' => 'Link', + ) + ); $row_tpl = WP_HTML_Template::from( '
    ' ); $row_gen = ( function () { @@ -585,18 +577,18 @@ public function test_table_templates_not_yet_supported() { yield array( 'ID' => $i, 'name' => 'Name {$i}', - 'value' => WP_HTML_Template::from( 'Value {$i}', array( 'i' => $i ) ), - 'link' => WP_HTML_Template::from( - '', - array( - 'url' => '/example/1', - 'link-name' => 'Click here', + 'value' => WP_HTML_Template::from( 'Value {$i}' )->bind( array( 'i' => $i ) ), + 'link' => WP_HTML_Template::from( '' ) + ->bind( + array( + 'url' => '/example/1', + 'link-name' => 'Click here', + ) ), - ), ); } )(); - $result = WP_HTML_Template::sprintf( + $result = WP_HTML_Template::from( <<<'HTML' @@ -604,14 +596,15 @@ public function test_table_templates_not_yet_supported() { - HTML, + HTML + )->bind( array( 'header' => $header_tpl, - 'row-1' => $row_tpl->render( $row_gen->next() ), - 'row-2' => $row_tpl->render( $row_gen->next() ), - 'row-3' => $row_tpl->render( $row_gen->next() ), + 'row-1' => $row_tpl->bind( $row_gen->next() ), + 'row-2' => $row_tpl->bind( $row_gen->next() ), + 'row-3' => $row_tpl->bind( $row_gen->next() ), ) - ); + )->render(); $expected = <<<'HTML' @@ -630,13 +623,11 @@ public function test_table_templates_not_yet_supported() { * @dataProvider data_atomic_element_attributes * * @covers ::from + * @covers ::bind * @covers ::render - * @covers ::sprintf */ public function test_atomic_element_attributes_are_replaced( string $template_string, array $replacements, string $expected ) { - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + $result = T::from( $template_string )->bind( $replacements )->render(); $this->assertSame( $expected, $result ); } @@ -675,47 +666,43 @@ public static function data_atomic_element_attributes() { * - RCDATA elements (TITLE, TEXTAREA): Content is processed but placeholders are not * recognized - they're treated as literal text and HTML-escaped. * + * With strict validation, providing a replacement for a placeholder that won't be + * processed (inside SCRIPT/STYLE/TITLE/TEXTAREA) is an unused key error. + * * @ticket 60229 * * @dataProvider data_atomic_element_content_placeholders * * @covers ::from * @covers ::render - * @covers ::sprintf */ - public function test_special_element_content_placeholder_behavior( string $template_string, array $replacements, string $expected ) { - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + public function test_special_element_content_placeholder_behavior( string $template_string, string $expected ) { + $result = T::from( $template_string )->render(); $this->assertSame( $expected, $result ); } public static function data_atomic_element_content_placeholders() { return array( // RAWTEXT elements (SCRIPT, STYLE): Content is truly skipped, placeholders preserved literally. - 'SCRIPT content placeholder ignored' => array( + 'SCRIPT content placeholder preserved' => array( '', - array( 'name' => 'SHOULD NOT APPEAR' ), '', ), - 'STYLE content placeholder ignored' => array( + 'STYLE content placeholder preserved' => array( '', - array( 'content' => 'SHOULD NOT APPEAR' ), '', ), // RCDATA elements (TITLE, TEXTAREA): Content is processed but placeholder // patterns are not recognized - they're treated as literal text and escaped. - 'TITLE content placeholder not recognized' => array( + 'TITLE content placeholder escaped' => array( 'Hello </%name>', - array( 'name' => 'SHOULD NOT APPEAR' ), 'Hello </%name>', ), - 'TEXTAREA content placeholder not recognized' => array( + 'TEXTAREA content placeholder escaped' => array( '', - array( 'placeholder' => 'SHOULD NOT APPEAR' ), '', ), ); @@ -732,13 +719,11 @@ public static function data_atomic_element_content_placeholders() { * @dataProvider data_pre_element_leading_newline * * @covers ::from + * @covers ::bind * @covers ::render - * @covers ::sprintf */ public function test_pre_element_leading_newline_behavior( string $template_string, array $replacements, string $expected ) { - $t = T::from( $template_string ); - $result = $t->render( $replacements ); - $this->assertSame( $result, T::sprintf( $template_string, $replacements ) ); + $result = T::from( $template_string )->bind( $replacements )->render(); $this->assertSame( $expected, $result ); } From 763e901e94cdb3a000ce6c4bca60e0552344d24f Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 22:10:26 +0100 Subject: [PATCH 28/53] Add placeholder compilation skeleton to WP_HTML_Template Add $compiled property and get_placeholders() accessor. The compile() method is stubbed and will be implemented to extract placeholder positions, lengths, and contexts from the template. --- .../html-api/class-wp-html-template.php | 38 +++++++++++++++++++ .../phpunit/tests/html-api/wpHtmlTemplate.php | 18 +++++++++ 2 files changed, 56 insertions(+) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index ce471ff57ebfd..100779c590b2d 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -19,6 +19,44 @@ class WP_HTML_Template { private array $replacements = array(); + /** + * Compiled placeholder metadata. + * + * Array of placeholder_name => array with keys: + * - 'offsets': array of [start, length] pairs for each occurrence + * - 'context': 'text' or 'attribute' (attribute takes precedence) + * + * @since 7.0.0 + * @var array|null + */ + private ?array $compiled = null; + + /** + * Returns the compiled placeholder metadata. + * + * Triggers compilation if not already done. + * + * @since 7.0.0 + * + * @return array Associative array of placeholder_name => metadata. + */ + public function get_placeholders(): array { + $this->compile(); + return $this->compiled; + } + + /** + * Compiles the template to extract placeholder metadata. + * + * @since 7.0.0 + */ + private function compile(): void { + if ( null !== $this->compiled ) { + return; + } + $this->compiled = array(); + } + private function __construct( string $template_string, array $replacements ) { $this->template_string = $template_string; $this->replacements = $replacements; diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index a9e9f1f060445..ba5971bde45c3 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -754,4 +754,22 @@ public static function data_pre_element_leading_newline() { ), ); } + + /** + * Verifies that get_placeholders returns placeholder metadata. + * + * @ticket 60229 + * + * @covers ::get_placeholders + */ + public function test_get_placeholders_returns_metadata() { + $template = T::from( '

    ' ); + + $placeholders = $template->get_placeholders(); + + $this->assertArrayHasKey( 'class', $placeholders ); + $this->assertArrayHasKey( 'content', $placeholders ); + $this->assertSame( 'attribute', $placeholders['class']['context'] ); + $this->assertSame( 'text', $placeholders['content']['context'] ); + } } From 644dfb3af957925dbcc01504cea2bab25ccf0e2a Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 22:14:44 +0100 Subject: [PATCH 29/53] Implement text placeholder extraction in compile() Parse funky comments () to extract text placeholders. Store each placeholder's offsets (start position and length) and context. Repeated placeholders are captured as multiple offset entries. --- .../html-api/class-wp-html-template.php | 56 +++++++++++++++++++ .../phpunit/tests/html-api/wpHtmlTemplate.php | 37 ++++++++++++ 2 files changed, 93 insertions(+) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 100779c590b2d..394d8d5c446be 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -48,13 +48,69 @@ public function get_placeholders(): array { /** * Compiles the template to extract placeholder metadata. * + * Parses the template once and caches placeholder positions, lengths, + * and contexts. If a placeholder appears in both text and attribute + * contexts, the attribute context takes precedence (more restrictive). + * * @since 7.0.0 */ private function compile(): void { if ( null !== $this->compiled ) { return; } + $this->compiled = array(); + + $processor = new class( $this->template_string ) extends WP_HTML_Tag_Processor { + public function get_html(): string { + return $this->html; + } + + public function get_bookmark( string $name ) { + return $this->bookmarks[ $name ] ?? null; + } + + public function get_tag_attributes(): array { + return $this->attributes; + } + }; + + while ( $processor->next_token() ) { + switch ( $processor->get_token_type() ) { + case '#funky-comment': + $processor->set_bookmark( 'placeholder' ); + $mark = $processor->get_bookmark( 'placeholder' ); + if ( null === $mark ) { + break; + } + + $start = $mark->start; + $length = $mark->length; + $html = $processor->get_html(); + + // Must be at least `` (5 chars) and start with `compiled[ $placeholder ] ) ) { + $this->compiled[ $placeholder ] = array( + 'offsets' => array(), + 'context' => 'text', + ); + } + + $this->compiled[ $placeholder ]['offsets'][] = array( $start, $length ); + break; + } + } } private function __construct( string $template_string, array $replacements ) { diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index ba5971bde45c3..811f47debe97b 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -772,4 +772,41 @@ public function test_get_placeholders_returns_metadata() { $this->assertSame( 'attribute', $placeholders['class']['context'] ); $this->assertSame( 'text', $placeholders['content']['context'] ); } + + /** + * Verifies text placeholders are extracted with correct offsets. + * + * @ticket 60229 + * + * @covers ::get_placeholders + */ + public function test_extracts_text_placeholders_with_offsets() { + $template = T::from( '

    ' ); + + $placeholders = $template->get_placeholders(); + + $this->assertArrayHasKey( 'name', $placeholders ); + $this->assertSame( 'text', $placeholders['name']['context'] ); + $this->assertCount( 1, $placeholders['name']['offsets'] ); + //

    is 3 chars, so starts at offset 3 + $this->assertSame( 3, $placeholders['name']['offsets'][0][0] ); + // is 8 chars + $this->assertSame( 8, $placeholders['name']['offsets'][0][1] ); + } + + /** + * Verifies repeated text placeholders are captured. + * + * @ticket 60229 + * + * @covers ::get_placeholders + */ + public function test_extracts_repeated_text_placeholders() { + $template = T::from( '

    and

    ' ); + + $placeholders = $template->get_placeholders(); + + $this->assertArrayHasKey( 'name', $placeholders ); + $this->assertCount( 2, $placeholders['name']['offsets'] ); + } } From cc6ae519130da7d367e117a5590eb36ecf45f568 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 22:16:15 +0100 Subject: [PATCH 30/53] Add attribute placeholder extraction with context promotion Extract placeholders from attribute values using regex. When a placeholder appears in both text and attribute contexts, promote to attribute context (more restrictive escaping applies everywhere). --- .../html-api/class-wp-html-template.php | 50 +++++++++++++++++++ .../phpunit/tests/html-api/wpHtmlTemplate.php | 39 +++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 394d8d5c446be..0a0aed9c8eef2 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -109,6 +109,56 @@ public function get_tag_attributes(): array { $this->compiled[ $placeholder ]['offsets'][] = array( $start, $length ); break; + + case '#tag': + if ( $processor->is_tag_closer() ) { + break; + } + + $html = $processor->get_html(); + foreach ( $processor->get_tag_attributes() as $attribute ) { + // Boolean attributes cannot contain placeholders. + if ( $attribute->is_true ) { + continue; + } + // At least `` to contain a placeholder. + if ( $attribute->value_length < 5 ) { + continue; + } + + $offset = $attribute->value_starts_at; + $end = $offset + $attribute->value_length; + + while ( + 1 === preg_match( + '##i', + $html, + $matches, + PREG_OFFSET_CAPTURE, + $offset + ) + && $matches[0][1] < $end + ) { + $placeholder = $matches[1][0]; + $match_start = $matches[0][1]; + $match_length = strlen( $matches[0][0] ); + + if ( ! isset( $this->compiled[ $placeholder ] ) ) { + $this->compiled[ $placeholder ] = array( + 'offsets' => array(), + 'context' => 'attribute', + ); + } else { + // Promote text context to attribute context. + $this->compiled[ $placeholder ]['context'] = 'attribute'; + } + + $this->compiled[ $placeholder ]['offsets'][] = array( $match_start, $match_length ); + + $offset = $match_start + $match_length; + } + } + break; } } } diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 811f47debe97b..3706d390dd087 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -809,4 +809,43 @@ public function test_extracts_repeated_text_placeholders() { $this->assertArrayHasKey( 'name', $placeholders ); $this->assertCount( 2, $placeholders['name']['offsets'] ); } + + /** + * Verifies attribute placeholders are extracted. + * + * @ticket 60229 + * + * @covers ::get_placeholders + */ + public function test_extracts_attribute_placeholders() { + $template = T::from( '' ); + + $placeholders = $template->get_placeholders(); + + $this->assertArrayHasKey( 'n', $placeholders ); + $this->assertArrayHasKey( 'c', $placeholders ); + $this->assertSame( 'attribute', $placeholders['n']['context'] ); + $this->assertSame( 'attribute', $placeholders['c']['context'] ); + } + + /** + * Verifies context promotion from text to attribute. + * + * When a placeholder appears in both text and attribute contexts, + * the attribute context takes precedence (more restrictive escaping). + * + * @ticket 60229 + * + * @covers ::get_placeholders + */ + public function test_context_promotion_text_to_attribute() { + $template = T::from( '' ); + + $placeholders = $template->get_placeholders(); + + $this->assertArrayHasKey( 'url', $placeholders ); + // Both occurrences should use attribute context + $this->assertSame( 'attribute', $placeholders['url']['context'] ); + $this->assertCount( 2, $placeholders['url']['offsets'] ); + } } From e9c8b1b40bedf63b6351b8f30f6a793671413d37 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 22:20:23 +0100 Subject: [PATCH 31/53] Add validation warnings to bind() Trigger _doing_it_wrong() for: - Missing replacement keys (placeholder without value) - Unused replacement keys (value without placeholder) - Template values in attribute context Share compiled data between original and bound template instances for efficiency. --- .../html-api/class-wp-html-template.php | 87 ++++++++++++++++++- .../phpunit/tests/html-api/wpHtmlTemplate.php | 44 ++++++++++ 2 files changed, 130 insertions(+), 1 deletion(-) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 0a0aed9c8eef2..7c9884904f48d 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -183,13 +183,98 @@ public static function from( string $template ): static { /** * Returns a new immutable instance with replacements bound. * + * Triggers compilation if not already done. Validates replacements: + * - Warns if a placeholder has no corresponding replacement + * - Warns if a replacement key has no corresponding placeholder + * - Warns if a template is used in attribute context + * * @since 7.0.0 * * @param array $replacements The replacement values. * @return static A new template instance with the replacements bound. */ public function bind( array $replacements ): static { - return new static( $this->template_string, $replacements ); + $this->compile(); + + // Build a lookup of placeholder keys from compiled data. + $placeholder_keys = array(); + foreach ( $this->compiled as $placeholder => $info ) { + $placeholder = (string) $placeholder; + $placeholder_keys[ $placeholder ] = true; + if ( ctype_digit( $placeholder ) ) { + $placeholder_keys[ (int) $placeholder ] = true; + } + } + + // Build a lookup of replacement keys. + $replacement_keys = array(); + foreach ( $replacements as $key => $value ) { + $replacement_keys[ (string) $key ] = true; + if ( is_int( $key ) ) { + $replacement_keys[ $key ] = true; + } + } + + // Check for missing keys (placeholder without replacement). + foreach ( $this->compiled as $placeholder => $info ) { + $placeholder = (string) $placeholder; + $found = isset( $replacement_keys[ $placeholder ] ); + if ( ! $found && ctype_digit( $placeholder ) ) { + $found = isset( $replacement_keys[ (int) $placeholder ] ) || array_key_exists( (int) $placeholder, $replacements ); + } + if ( ! $found ) { + _doing_it_wrong( + __METHOD__, + sprintf( + 'Missing replacement for placeholder: %s', + $placeholder + ), + '7.0.0' + ); + } + } + + // Check for unused keys (replacement without placeholder). + foreach ( $replacements as $key => $value ) { + $str_key = (string) $key; + $found = isset( $placeholder_keys[ $key ] ) || isset( $placeholder_keys[ $str_key ] ); + if ( ! $found ) { + _doing_it_wrong( + __METHOD__, + sprintf( + 'Unused replacement key: %s', + $key + ), + '7.0.0' + ); + } + } + + // Check for templates in attribute context. + foreach ( $this->compiled as $placeholder => $info ) { + $placeholder = (string) $placeholder; + if ( 'attribute' !== $info['context'] ) { + continue; + } + + $key = ctype_digit( $placeholder ) ? (int) $placeholder : $placeholder; + $value = $replacements[ $key ] ?? $replacements[ $placeholder ] ?? null; + + if ( $value instanceof self ) { + _doing_it_wrong( + __METHOD__, + sprintf( + 'Template cannot be used in attribute context: %s', + $placeholder + ), + '7.0.0' + ); + } + } + + $new = new static( $this->template_string, $replacements ); + $new->compiled = $this->compiled; + return $new; } /** diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php index 3706d390dd087..c71e8284c2133 100644 --- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php +++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php @@ -135,6 +135,8 @@ public function test_escapes_ampersand_to_prevent_character_reference_injection( * @covers ::from * @covers ::bind * @covers ::render + * + * @expectedIncorrectUsage WP_HTML_Template::bind */ public function test_rejects_nested_template_in_attribute_value() { $template_string = ''; @@ -755,6 +757,48 @@ public static function data_pre_element_leading_newline() { ); } + /** + * Verifies bind() warns on missing replacement key. + * + * @ticket 60229 + * + * @covers ::bind + * + * @expectedIncorrectUsage WP_HTML_Template::bind + */ + public function test_bind_warns_on_missing_key() { + $template = T::from( '

    ' ); + $template->bind( array( 'name' => 'Alice' ) ); + } + + /** + * Verifies bind() warns on unused replacement key. + * + * @ticket 60229 + * + * @covers ::bind + * + * @expectedIncorrectUsage WP_HTML_Template::bind + */ + public function test_bind_warns_on_unused_key() { + $template = T::from( '

    ' ); + $template->bind( array( 'name' => 'Alice', 'extra' => 'ignored' ) ); + } + + /** + * Verifies bind() warns when template used in attribute context. + * + * @ticket 60229 + * + * @covers ::bind + * + * @expectedIncorrectUsage WP_HTML_Template::bind + */ + public function test_bind_warns_on_template_in_attribute_context() { + $template = T::from( '' ); + $template->bind( array( 'html' => T::from( 'nested' ) ) ); + } + /** * Verifies that get_placeholders returns placeholder metadata. * From a802982ee0fd71c307ef6e64e3e943c251b664a6 Mon Sep 17 00:00:00 2001 From: Jon Surrell Date: Wed, 4 Feb 2026 23:07:20 +0100 Subject: [PATCH 32/53] Refactor render() to use compiled placeholder data Replace inline parsing with a render loop that uses pre-compiled placeholder metadata. Track text normalizations and attribute text segments during compilation. Apply all updates from end to start using substr_replace() to preserve positions. This completes the lazy compilation refactor: compile once on first use, then reuse cached metadata for subsequent bind/render calls. --- .../html-api/class-wp-html-template.php | 371 +++++++----------- 1 file changed, 132 insertions(+), 239 deletions(-) diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php index 7c9884904f48d..04d0841ce5722 100644 --- a/src/wp-includes/html-api/class-wp-html-template.php +++ b/src/wp-includes/html-api/class-wp-html-template.php @@ -31,6 +31,28 @@ class WP_HTML_Template { */ private ?array $compiled = null; + /** + * Text normalizations discovered during compilation. + * + * Array of [start, length, normalized_text] tuples for #text tokens + * whose serialized form differs from the original HTML. + * + * @since 7.0.0 + * @var array + */ + private array $text_normalizations = array(); + + /** + * Attribute text segments needing escaping. + * + * Array of [start, length] pairs for text between/before placeholders + * within attribute values. + * + * @since 7.0.0 + * @var array + */ + private array $attr_escapes = array(); + /** * Returns the compiled placeholder metadata. * @@ -59,7 +81,9 @@ private function compile(): void { return; } - $this->compiled = array(); + $this->compiled = array(); + $this->text_normalizations = array(); + $this->attr_escapes = array(); $processor = new class( $this->template_string ) extends WP_HTML_Tag_Processor { public function get_html(): string { @@ -77,6 +101,29 @@ public function get_tag_attributes(): array { while ( $processor->next_token() ) { switch ( $processor->get_token_type() ) { + /* + * Track text normalizations to prevent something like + * `a<u` from becoming `au` after replacement. + */ + case '#text': + $processor->set_bookmark( 'text' ); + $mark = $processor->get_bookmark( 'text' ); + if ( null === $mark ) { + break; + } + $normalized = $processor->serialize_token(); + /* + * Compare using substr_compare with min length to match + * the original behavior: when serialize_token() returns + * empty (e.g. leading newline after 
    ), the comparison
+					 * length is 0, which always matches. This leaves the text
+					 * unchanged for normalize() to handle at the end.
+					 */
+					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, min( $mark->length, strlen( $normalized ) ) ) ) {
+						$this->text_normalizations[] = array( $mark->start, $mark->length, $normalized );
+					}
+					break;
+
 				case '#funky-comment':
 					$processor->set_bookmark( 'placeholder' );
 					$mark = $processor->get_bookmark( 'placeholder' );
@@ -126,8 +173,9 @@ public function get_tag_attributes(): array {
 							continue;
 						}
 
-						$offset = $attribute->value_starts_at;
-						$end    = $offset + $attribute->value_length;
+						$last_offset = $attribute->value_starts_at;
+						$offset      = $attribute->value_starts_at;
+						$end         = $offset + $attribute->value_length;
 
 						while (
 							1 === preg_match(
@@ -143,6 +191,11 @@ public function get_tag_attributes(): array {
 							$match_start  = $matches[0][1];
 							$match_length = strlen( $matches[0][0] );
 
+							// Track text segment before this placeholder for escaping.
+							if ( $match_start > $last_offset ) {
+								$this->attr_escapes[] = array( $last_offset, $match_start - $last_offset );
+							}
+
 							if ( ! isset( $this->compiled[ $placeholder ] ) ) {
 								$this->compiled[ $placeholder ] = array(
 									'offsets' => array(),
@@ -155,7 +208,8 @@ public function get_tag_attributes(): array {
 
 							$this->compiled[ $placeholder ]['offsets'][] = array( $match_start, $match_length );
 
-							$offset = $match_start + $match_length;
+							$last_offset = $match_start + $match_length;
+							$offset      = $last_offset;
 						}
 					}
 					break;
@@ -273,13 +327,20 @@ public function bind( array $replacements ): static {
 		}
 
 		$new = new static( $this->template_string, $replacements );
-		$new->compiled = $this->compiled;
+		$new->compiled            = $this->compiled;
+		$new->text_normalizations = $this->text_normalizations;
+		$new->attr_escapes        = $this->attr_escapes;
 		return $new;
 	}
 
 	/**
 	 * Renders the template to an HTML string.
 	 *
+	 * Uses pre-compiled placeholder metadata to perform replacements
+	 * without re-parsing. Collects all updates (placeholder replacements,
+	 * text normalizations, attribute text escaping) and applies them
+	 * from end to start using substr_replace() to preserve positions.
+	 *
 	 * Returns false on any error:
 	 * - Missing replacement key (placeholder without corresponding replacement)
 	 * - Unused replacement key (replacement without corresponding placeholder)
@@ -291,263 +352,95 @@ public function bind( array $replacements ): static {
 	 * @return string|false The rendered HTML, or false on error.
 	 */
 	public function render(): string|false {
+		$this->compile();
+
 		if ( empty( $this->replacements ) ) {
 			return WP_HTML_Processor::normalize( $this->template_string ) ?? $this->template_string;
 		}
 
-		$used_keys      = array();
-		$processor      = new class( $this->template_string ) extends WP_HTML_Tag_Processor {
-			/**
-			 * Returns the HTML string being processed.
-			 *
-			 * @return string The HTML string.
-			 */
-			public function get_html(): string {
-				return $this->html;
-			}
+		$escape_map = array(
+			'&' => '&',
+			'<' => '<',
+			'>' => '>',
+			"'" => ''',
+			'"' => '"',
+		);
 
-			/**
-			 * Returns a bookmark by name.
-			 *
-			 * @param string $name The bookmark name.
-			 * @return WP_HTML_Span|null The bookmark span, or null if not found.
-			 */
-			public function get_bookmark( string $name ) {
-				return $this->bookmarks[ $name ] ?? null;
-			}
+		$html      = $this->template_string;
+		$used_keys = array();
 
-			/**
-			 * Returns the tag attributes array.
-			 *
-			 * @return array The attributes array.
-			 */
-			public function get_tag_attributes(): array {
-				return $this->attributes;
-			}
+		/*
+		 * Collect all updates as [start, length, replacement_text] tuples.
+		 */
+		$updates = array();
 
-			/**
-			 * Adds a lexical update.
-			 *
-			 * @param WP_HTML_Text_Replacement $update The text replacement to add.
-			 */
-			public function add_lexical_update( WP_HTML_Text_Replacement $update ): void {
-				$this->lexical_updates[] = $update;
-			}
-		};
-		$error_occurred = false;
-
-		while ( $processor->next_token() ) {
-			switch ( $processor->get_token_type() ) {
-				/*
-				 * It's important that #text be normalized to prevent something like
-				 * `i<u` from becoming `iu` after replacement and altering HTML.
-				 */
-				case '#text':
-					$processor->set_bookmark( 'text' );
-					$mark = $processor->get_bookmark( 'text' );
-					assert( null !== $mark );
-					$normalized = $processor->serialize_token();
-					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, min( $mark->length, strlen( $normalized ) ) ) ) {
-						$processor->add_lexical_update(
-							new WP_HTML_Text_Replacement(
-								$mark->start,
-								$mark->length,
-								$normalized
-							)
-						);
-					}
-					break;
-
-				case '#funky-comment':
-					// Does it look like a placeholder?
-					$processor->set_bookmark( 'placeholder' );
-					$mark = $processor->get_bookmark( 'placeholder' );
-					assert( null !== $mark );
-					// A funky comment looks at least like 
-					$start  = $mark->start;
-					$length = $mark->length;
-					$html   = $processor->get_html();
-					// This is not the funky comment we're looking for.
-					if ( $length < 5 || ! $html[ $start + 2 ] === '%' ) {
-						break;
-					}
-					$placeholder = trim( \substr( $html, $start + 3, $length - 4 ), " \t\n\r\f" );
-
-					// Valid placeholders match `/a-z0-9_-/i`.
-					if ( \strlen( $placeholder ) !== \strspn( $placeholder, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-' ) ) {
-						break;
-					}
-
-					$replacement = $this->get_replacement( $placeholder, $used_keys );
-					if ( null === $replacement ) {
-						$error_occurred = true;
-						break;
-					}
-					if ( \is_string( $replacement ) ) {
-						$processor->add_lexical_update(
-							new WP_HTML_Text_Replacement(
-								$start,
-								$length,
-								strtr(
-									$replacement,
-									array(
-										'<' => '<',
-										'>' => '>',
-										"'" => ''',
-										'"' => '"',
-										'&' => '&',
-									)
-								)
-							)
-						);
-					} elseif ( $replacement instanceof WP_HTML_Template ) {
-						$rendered = $replacement->render();
-						if ( false === $rendered ) {
-							$error_occurred = true;
-							break;
-						}
-						$processor->add_lexical_update(
-							new WP_HTML_Text_Replacement(
-								$start,
-								$length,
-								$rendered
-							)
-						);
-					}
-					break;
-
-				case '#tag':
-					if ( $processor->is_tag_closer() ) {
-						break;
-					}
-
-					$html = $processor->get_html();
-					foreach ( $processor->get_tag_attributes() as $attribute ) {
-						// Boolean attributes cannot contain placeholders.
-						if ( $attribute->is_true ) {
-							continue;
-						}
-						// At least `` to contain a placeholder.
-						if ( $attribute->value_length < 5 ) {
-							continue;
-						}
+		// 1. Placeholder replacements.
+		foreach ( $this->compiled as $placeholder => $info ) {
+			$placeholder = (string) $placeholder;
 
-						$last_offset = $attribute->value_starts_at;
-						$offset      = $attribute->value_starts_at;
-						$end         = $offset + $attribute->value_length;
-						/**
-						 * @todo preg_match does not accept length, so this will happily search
-						 * beyond the attribute value.
-						 */
-						while (
-							1 === preg_match(
-								'##i',
-								$html,
-								$matches,
-								PREG_OFFSET_CAPTURE,
-								$offset
-							)
-							&& $matches[0][1] < $end
-						) {
-							$replacement = $this->get_replacement( $matches[1][0], $used_keys );
-							if ( null === $replacement ) {
-								$error_occurred = true;
-								break 2; // Break out of while and foreach.
-							}
-							if ( is_string( $replacement ) ) {
-								$match_at     = $matches[0][1];
-								$match_length = strlen( $matches[0][0] );
-
-								// Capture and clean the preceding attribute text.
-								$processor->add_lexical_update(
-									new WP_HTML_Text_Replacement(
-										$last_offset,
-										$match_at - $last_offset,
-										strtr(
-											substr( $html, $last_offset, $match_at - $last_offset ),
-											array(
-												'<' => '<',
-												'>' => '>',
-												"'" => ''',
-												'"' => '"',
-												'&' => '&',
-											)
-										)
-									)
-								);
+			// Look up the replacement value.
+			if ( array_key_exists( $placeholder, $this->replacements ) ) {
+				$key = $placeholder;
+			} elseif ( ctype_digit( $placeholder ) && array_key_exists( (int) $placeholder, $this->replacements ) ) {
+				$key = (int) $placeholder;
+			} else {
+				return false;
+			}
 
-								$processor->add_lexical_update(
-									new WP_HTML_Text_Replacement(
-										$match_at,
-										strlen( $matches[0][0] ),
-										strtr(
-											$replacement,
-											array(
-												'<' => '<',
-												'>' => '>',
-												"'" => ''',
-												'"' => '"',
-												'&' => '&',
-											)
-										)
-									)
-								);
-								$last_offset = $match_at + $match_length;
-							} elseif ( $replacement instanceof self ) {
-								// Template in attribute context is an error.
-								return false;
-							}
+			$used_keys[ $key ] = true;
+			$value             = $this->replacements[ $key ];
 
-							$offset = $matches[0][1] + strlen( $matches[0][0] );
-						}
-					}
+			if ( $value instanceof self ) {
+				// Templates in attribute context are an error.
+				if ( 'attribute' === $info['context'] ) {
+					return false;
+				}
+
+				$rendered = $value->render();
+				if ( false === $rendered ) {
+					return false;
+				}
+
+				foreach ( $info['offsets'] as list( $start, $length ) ) {
+					$updates[] = array( $start, $length, $rendered );
+				}
+			} elseif ( is_string( $value ) ) {
+				$escaped = strtr( $value, $escape_map );
+
+				foreach ( $info['offsets'] as list( $start, $length ) ) {
+					$updates[] = array( $start, $length, $escaped );
+				}
+			} else {
+				return false;
 			}
 		}
 
-		// Return false if any placeholder was missing a replacement.
-		if ( $error_occurred ) {
-			return false;
-		}
-
 		// Return false if any replacement key was not used.
 		if ( count( $used_keys ) !== count( $this->replacements ) ) {
 			return false;
 		}
 
-		$html = $processor->get_updated_html();
-
-		return WP_HTML_Processor::normalize( $html ) ?? $html;
-	}
+		// 2. Text normalizations.
+		foreach ( $this->text_normalizations as list( $start, $length, $normalized ) ) {
+			$updates[] = array( $start, $length, $normalized );
+		}
 
-	/**
-	 * Get the replacement value for a placeholder key.
-	 *
-	 * Handles both named keys (like 'name') and numeric keys (like 0).
-	 * Tracks which keys are used for validation.
-	 *
-	 * @since 7.0.0
-	 *
-	 * @param string $key       The placeholder key.
-	 * @param array  $used_keys Reference to array tracking used keys.
-	 * @return self|string|null The replacement value, or null if not found.
-	 */
-	private function get_replacement( string $key, array &$used_keys ): self|string|null {
-		// Try string key first, then numeric if the key looks numeric.
-		if ( array_key_exists( $key, $this->replacements ) ) {
-			$replacement = $this->replacements[ $key ];
-		} elseif ( ctype_digit( $key ) && array_key_exists( (int) $key, $this->replacements ) ) {
-			$key         = (int) $key;
-			$replacement = $this->replacements[ $key ];
-		} else {
-			return null;
+		// 3. Attribute text escaping.
+		foreach ( $this->attr_escapes as list( $start, $length ) ) {
+			$original  = substr( $html, $start, $length );
+			$updates[] = array( $start, $length, strtr( $original, $escape_map ) );
 		}
 
-		$used_keys[ $key ] = true;
+		// Sort by start position descending so replacements don't shift positions.
+		usort( $updates, static function ( $a, $b ) {
+			return $b[0] <=> $a[0];
+		} );
 
-		if ( \is_string( $replacement ) || ( $replacement instanceof WP_HTML_Template ) ) {
-			return $replacement;
+		// Apply all replacements from end to start.
+		foreach ( $updates as list( $start, $length, $replacement ) ) {
+			$html = substr_replace( $html, $replacement, $start, $length );
 		}
 
-		return null;
+		return WP_HTML_Processor::normalize( $html ) ?? $html;
 	}
 }

From 67cff97ed88b1a825dc0755ab0ef6db2e909e8d0 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Wed, 4 Feb 2026 23:22:07 +0100
Subject: [PATCH 33/53] Fix attribute text escaping and add trailing segment
 handling

Use WP_HTML_Decoder::decode_attribute to decode static attribute text
before re-encoding, preventing double-escaping of existing character
references (e.g. & staying & instead of becoming &amp;).

Also track trailing text segments after the last placeholder within
attribute values, not just leading/inter-placeholder segments.
---
 .../html-api/class-wp-html-template.php       | 14 ++++++-
 .../phpunit/tests/html-api/wpHtmlTemplate.php | 41 +++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 04d0841ce5722..6d676c92fdad0 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -211,6 +211,11 @@ public function get_tag_attributes(): array {
 							$last_offset = $match_start + $match_length;
 							$offset      = $last_offset;
 						}
+
+						// Track trailing text segment after last placeholder.
+						if ( $last_offset < $end ) {
+							$this->attr_escapes[] = array( $last_offset, $end - $last_offset );
+						}
 					}
 					break;
 			}
@@ -426,9 +431,14 @@ public function render(): string|false {
 		}
 
 		// 3. Attribute text escaping.
+		// Static text in attribute values needs escaping to prevent character
+		// reference injection (e.g. "&" + "not" = "¬" = "¬"). Decode
+		// existing character references first, then re-encode to avoid
+		// double-escaping (e.g. "&" should stay "&", not become "&amp;").
 		foreach ( $this->attr_escapes as list( $start, $length ) ) {
-			$original  = substr( $html, $start, $length );
-			$updates[] = array( $start, $length, strtr( $original, $escape_map ) );
+			$original = substr( $html, $start, $length );
+			$decoded  = WP_HTML_Decoder::decode_attribute( $original );
+			$updates[] = array( $start, $length, strtr( $decoded, $escape_map ) );
 		}
 
 		// Sort by start position descending so replacements don't shift positions.
diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index c71e8284c2133..5e1be8acb20b3 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -882,6 +882,47 @@ public function test_extracts_attribute_placeholders() {
 	 *
 	 * @covers ::get_placeholders
 	 */
+	/**
+	 * Verifies that static text around placeholders in attributes is escaped.
+	 *
+	 * @ticket 60229
+	 *
+	 * @covers ::from
+	 * @covers ::bind
+	 * @covers ::render
+	 */
+	public function test_escapes_static_text_around_placeholder_in_attribute() {
+		// Leading static text (prefix before placeholder)
+		$result = T::from( 'Link' )
+			->bind( array( 'slug' => 'hello' ) )
+			->render();
+		$this->assertEqualHTML( 'Link', $result );
+
+		// Trailing static text (suffix after placeholder)
+		$result = T::from( 'Link' )
+			->bind( array( 'slug' => 'hello' ) )
+			->render();
+		$this->assertEqualHTML( 'Link', $result );
+
+		// Ampersand in trailing static text must be escaped
+		$result = T::from( 'Link' )
+			->bind( array( 'base' => '/search?q=test' ) )
+			->render();
+		$this->assertEqualHTML( 'Link', $result );
+
+		// Ampersand entity in leading static text must not be double-escaped
+		$result = T::from( 'Link' )
+			->bind( array( 'val' => '2' ) )
+			->render();
+		$this->assertEqualHTML( 'Link', $result );
+
+		// Character reference in trailing static text is preserved (not double-escaped)
+		$result = T::from( '' )
+			->bind( array( 'placeholder' => '' ) )
+			->render();
+		$this->assertEqualHTML( '', $result );
+	}
+
 	public function test_context_promotion_text_to_attribute() {
 		$template = T::from( '' );
 

From 5fb3f3ddea51060134cc3ec611366213a670f660 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Thu, 5 Feb 2026 11:39:09 +0100
Subject: [PATCH 34/53] Revert "Move serialize_token to tag processor class
 (for normalization of text nodes)"

This reverts commit 3fdf1887aa5836986ca1cb56791d7c3745ed5768.
---
 .../html-api/class-wp-html-processor.php      | 126 +++++++++++++++++
 .../html-api/class-wp-html-tag-processor.php  | 127 ------------------
 2 files changed, 126 insertions(+), 127 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-processor.php b/src/wp-includes/html-api/class-wp-html-processor.php
index d363e8d27484e..55f955f2c1a9a 100644
--- a/src/wp-includes/html-api/class-wp-html-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-processor.php
@@ -1311,6 +1311,132 @@ public function serialize(): ?string {
 		return $html;
 	}
 
+	/**
+	 * Serializes the currently-matched token.
+	 *
+	 * This method produces a fully-normative HTML string for the currently-matched token,
+	 * if able. If not matched at any token or if the token doesn't correspond to any HTML
+	 * it will return an empty string (for example, presumptuous end tags are ignored).
+	 *
+	 * @see static::serialize()
+	 *
+	 * @since 6.7.0
+	 * @since 6.9.0 Converted from protected to public method.
+	 *
+	 * @return string Serialization of token, or empty string if no serialization exists.
+	 */
+	public function serialize_token(): string {
+		$html       = '';
+		$token_type = $this->get_token_type();
+
+		switch ( $token_type ) {
+			case '#doctype':
+				$doctype = $this->get_doctype_info();
+				if ( null === $doctype ) {
+					break;
+				}
+
+				$html .= 'name ) {
+					$html .= " {$doctype->name}";
+				}
+
+				if ( null !== $doctype->public_identifier ) {
+					$quote = str_contains( $doctype->public_identifier, '"' ) ? "'" : '"';
+					$html .= " PUBLIC {$quote}{$doctype->public_identifier}{$quote}";
+				}
+				if ( null !== $doctype->system_identifier ) {
+					if ( null === $doctype->public_identifier ) {
+						$html .= ' SYSTEM';
+					}
+					$quote = str_contains( $doctype->system_identifier, '"' ) ? "'" : '"';
+					$html .= " {$quote}{$doctype->system_identifier}{$quote}";
+				}
+
+				$html .= '>';
+				break;
+
+			case '#text':
+				$html .= htmlspecialchars( $this->get_modifiable_text(), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' );
+				break;
+
+			// Unlike the `<>` which is interpreted as plaintext, this is ignored entirely.
+			case '#presumptuous-tag':
+				break;
+
+			case '#funky-comment':
+			case '#comment':
+				$html .= "";
+				break;
+
+			case '#cdata-section':
+				$html .= "get_modifiable_text()}]]>";
+				break;
+		}
+
+		if ( '#tag' !== $token_type ) {
+			return $html;
+		}
+
+		$tag_name       = str_replace( "\x00", "\u{FFFD}", $this->get_tag() );
+		$in_html        = 'html' === $this->get_namespace();
+		$qualified_name = $in_html ? strtolower( $tag_name ) : $this->get_qualified_tag_name();
+
+		if ( $this->is_tag_closer() ) {
+			$html .= "";
+			return $html;
+		}
+
+		$attribute_names = $this->get_attribute_names_with_prefix( '' );
+		if ( ! isset( $attribute_names ) ) {
+			$html .= "<{$qualified_name}>";
+			return $html;
+		}
+
+		$html .= "<{$qualified_name}";
+		foreach ( $attribute_names as $attribute_name ) {
+			$html .= " {$this->get_qualified_attribute_name( $attribute_name )}";
+			$value = $this->get_attribute( $attribute_name );
+
+			if ( is_string( $value ) ) {
+				$html .= '="' . htmlspecialchars( $value, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5 ) . '"';
+			}
+
+			$html = str_replace( "\x00", "\u{FFFD}", $html );
+		}
+
+		if ( ! $in_html && $this->has_self_closing_flag() ) {
+			$html .= ' /';
+		}
+
+		$html .= '>';
+
+		// Flush out self-contained elements.
+		if ( $in_html && in_array( $tag_name, array( 'IFRAME', 'NOEMBED', 'NOFRAMES', 'SCRIPT', 'STYLE', 'TEXTAREA', 'TITLE', 'XMP' ), true ) ) {
+			$text = $this->get_modifiable_text();
+
+			switch ( $tag_name ) {
+				case 'IFRAME':
+				case 'NOEMBED':
+				case 'NOFRAMES':
+					$text = '';
+					break;
+
+				case 'SCRIPT':
+				case 'STYLE':
+					break;
+
+				default:
+					$text = htmlspecialchars( $text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' );
+			}
+
+			$html .= "{$text}";
+		}
+
+		return $html;
+	}
+
 	/**
 	 * Parses next element in the 'initial' insertion mode.
 	 *
diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 4a675acdf8d3f..214e06502260a 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -4766,133 +4766,6 @@ public function get_doctype_info(): ?WP_HTML_Doctype_Info {
 		return WP_HTML_Doctype_Info::from_doctype_token( substr( $this->html, $this->token_starts_at, $this->token_length ) );
 	}
 
-	/**
-	 * Serializes the currently-matched token.
-	 *
-	 * This method produces a fully-normative HTML string for the currently-matched token,
-	 * if able. If not matched at any token or if the token doesn't correspond to any HTML
-	 * it will return an empty string (for example, presumptuous end tags are ignored).
-	 *
-	 * @see static::serialize()
-	 *
-	 * @since 6.7.0
-	 * @since 6.9.0 Converted from protected to public method.
-	 *
-	 * @return string Serialization of token, or empty string if no serialization exists.
-	 */
-	public function serialize_token(): string {
-		$html       = '';
-		$token_type = $this->get_token_type();
-
-		switch ( $token_type ) {
-			case '#doctype':
-				$doctype = $this->get_doctype_info();
-				if ( null === $doctype ) {
-					break;
-				}
-
-				$html .= 'name ) {
-					$html .= " {$doctype->name}";
-				}
-
-				if ( null !== $doctype->public_identifier ) {
-					$quote = str_contains( $doctype->public_identifier, '"' ) ? "'" : '"';
-					$html .= " PUBLIC {$quote}{$doctype->public_identifier}{$quote}";
-				}
-				if ( null !== $doctype->system_identifier ) {
-					if ( null === $doctype->public_identifier ) {
-						$html .= ' SYSTEM';
-					}
-					$quote = str_contains( $doctype->system_identifier, '"' ) ? "'" : '"';
-					$html .= " {$quote}{$doctype->system_identifier}{$quote}";
-				}
-
-				$html .= '>';
-				break;
-
-			case '#text':
-				$html .= htmlspecialchars( $this->get_modifiable_text(), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' );
-				break;
-
-			// Unlike the `<>` which is interpreted as plaintext, this is ignored entirely.
-			case '#presumptuous-tag':
-				break;
-
-			case '#funky-comment':
-			case '#comment':
-				$html .= "";
-				break;
-
-			case '#cdata-section':
-				$html .= "get_modifiable_text()}]]>";
-				break;
-		}
-
-		if ( '#tag' !== $token_type ) {
-			return $html;
-		}
-
-		$tag_name       = str_replace( "\x00", "\u{FFFD}", $this->get_tag() );
-		$in_html        = 'html' === $this->get_namespace();
-		$qualified_name = $in_html ? strtolower( $tag_name ) : $this->get_qualified_tag_name();
-
-		if ( $this->is_tag_closer() ) {
-			$html .= "";
-			return $html;
-		}
-
-		$attribute_names = $this->get_attribute_names_with_prefix( '' );
-		if ( ! isset( $attribute_names ) ) {
-			$html .= "<{$qualified_name}>";
-			return $html;
-		}
-
-		$html .= "<{$qualified_name}";
-		foreach ( $attribute_names as $attribute_name ) {
-			$html .= " {$this->get_qualified_attribute_name( $attribute_name )}";
-			$value = $this->get_attribute( $attribute_name );
-
-			if ( is_string( $value ) ) {
-				$html .= '="' . htmlspecialchars( $value, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5 ) . '"';
-			}
-
-			$html = str_replace( "\x00", "\u{FFFD}", $html );
-		}
-
-		if ( ! $in_html && $this->has_self_closing_flag() ) {
-			$html .= ' /';
-		}
-
-		$html .= '>';
-
-		// Flush out self-contained elements.
-		if ( $in_html && in_array( $tag_name, array( 'IFRAME', 'NOEMBED', 'NOFRAMES', 'SCRIPT', 'STYLE', 'TEXTAREA', 'TITLE', 'XMP' ), true ) ) {
-			$text = $this->get_modifiable_text();
-
-			switch ( $tag_name ) {
-				case 'IFRAME':
-				case 'NOEMBED':
-				case 'NOFRAMES':
-					$text = '';
-					break;
-
-				case 'SCRIPT':
-				case 'STYLE':
-					break;
-
-				default:
-					$text = htmlspecialchars( $text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8' );
-			}
-
-			$html .= "{$text}";
-		}
-
-		return $html;
-	}
-
-
 	/**
 	 * Parser Ready State.
 	 *

From ab27234d6f580326957ae9348ba24a6523a44896 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Thu, 5 Feb 2026 11:39:41 +0100
Subject: [PATCH 35/53] Switch to use HTML Processor

---
 src/wp-includes/html-api/class-wp-html-template.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 6d676c92fdad0..4afe298740462 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -85,19 +85,23 @@ private function compile(): void {
 		$this->text_normalizations = array();
 		$this->attr_escapes        = array();
 
-		$processor = new class( $this->template_string ) extends WP_HTML_Tag_Processor {
+		$processor = ( new class( '', WP_HTML_Processor::CONSTRUCTOR_UNLOCK_CODE ) extends WP_HTML_Processor {
 			public function get_html(): string {
 				return $this->html;
 			}
 
 			public function get_bookmark( string $name ) {
-				return $this->bookmarks[ $name ] ?? null;
+				return $this->bookmarks[ "_{$name}" ] ?? null;
 			}
 
 			public function get_tag_attributes(): array {
 				return $this->attributes;
 			}
-		};
+		} )::create_fragment( $this->template_string );
+
+		if ( null === $processor ) {
+			return;
+		}
 
 		while ( $processor->next_token() ) {
 			switch ( $processor->get_token_type() ) {

From ce8781870605f642f54a0b7d59cebb26d8f22dd9 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 16:42:30 +0100
Subject: [PATCH 36/53] Use assertEqualHTML in tests

---
 tests/phpunit/tests/html-api/wpHtmlTemplate.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index 5e1be8acb20b3..22f4f17ed8c56 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -630,7 +630,7 @@ public function test_table_templates_not_yet_supported() {
 	 */
 	public function test_atomic_element_attributes_are_replaced( string $template_string, array $replacements, string $expected ) {
 		$result = T::from( $template_string )->bind( $replacements )->render();
-		$this->assertSame( $expected, $result );
+		$this->assertEqualHTML( $expected, $result );
 	}
 
 	public static function data_atomic_element_attributes() {
@@ -680,7 +680,7 @@ public static function data_atomic_element_attributes() {
 	 */
 	public function test_special_element_content_placeholder_behavior( string $template_string, string $expected ) {
 		$result = T::from( $template_string )->render();
-		$this->assertSame( $expected, $result );
+		$this->assertEqualHTML( $expected, $result );
 	}
 
 	public static function data_atomic_element_content_placeholders() {
@@ -726,7 +726,7 @@ public static function data_atomic_element_content_placeholders() {
 	 */
 	public function test_pre_element_leading_newline_behavior( string $template_string, array $replacements, string $expected ) {
 		$result = T::from( $template_string )->bind( $replacements )->render();
-		$this->assertSame( $expected, $result );
+		$this->assertEqualHTML( $expected, $result );
 	}
 
 	public static function data_pre_element_leading_newline() {

From 993fe2bc743d0956c60b943c02dd50bc60f74eca Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 16:44:16 +0100
Subject: [PATCH 37/53] Add newline in PRE tests

---
 .../phpunit/tests/html-api/wpHtmlTemplate.php | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index 22f4f17ed8c56..af32b7efd6204 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -749,10 +749,27 @@ public static function data_pre_element_leading_newline() {
 				"
    line1\nline2
    ",
 			),
 
+			/*
+			 * This may seem wrong, but the template is processed like HTML. The leading newline
+			 * is removed.
+			 * The newline inside the replacement is rendered as HTML and is also removed.
+			 *
+			 * The correct way to do this for a PRE tag is:
+			 * - Leading newline in template is irrelevant.
+			 * - Replacement must include an extra newline to lead with a newline in the output.
+			 *
+			 * See the next case.
+			 */
 			'PRE with newline and newline in replacement' => array(
 				"
    \n
    ",
-				array( 'code' =>    "\nline1\nline2"),
-				"
    \nline1\nline2
    ",
+				array( 'code' => "\nline1\nline2" ),
+				"
    \n\nline1\nline2
    ",
+			),
+
+			'PRE with newline and double-newline in replacement' => array(
+				"
    \n
    ",
+				array( 'code' => "\nline1\nline2" ),
+				"
    \n\nline1\nline2
    ",
 			),
 		);
 	}

From df9d8c963d1c6c5986353dc3ef61f7b54fb136a2 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 16:45:53 +0100
Subject: [PATCH 38/53] Update PRE leading newline test

---
 tests/phpunit/tests/html-api/wpHtmlTemplate.php | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index af32b7efd6204..38a39fb899019 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -749,28 +749,11 @@ public static function data_pre_element_leading_newline() {
 				"
    line1\nline2
    ",
 			),
 
-			/*
-			 * This may seem wrong, but the template is processed like HTML. The leading newline
-			 * is removed.
-			 * The newline inside the replacement is rendered as HTML and is also removed.
-			 *
-			 * The correct way to do this for a PRE tag is:
-			 * - Leading newline in template is irrelevant.
-			 * - Replacement must include an extra newline to lead with a newline in the output.
-			 *
-			 * See the next case.
-			 */
 			'PRE with newline and newline in replacement' => array(
 				"
    \n
    ",
 				array( 'code' => "\nline1\nline2" ),
 				"
    \n\nline1\nline2
    ",
 			),
-
-			'PRE with newline and double-newline in replacement' => array(
-				"
    \n
    ",
-				array( 'code' => "\nline1\nline2" ),
-				"
    \n\nline1\nline2
    ",
-			),
 		);
 	}
 

From d90142bd12a6b03039d6882716b8fe2db3188ea4 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 16:53:12 +0100
Subject: [PATCH 39/53] Add more test cases

---
 tests/phpunit/tests/html-api/wpHtmlTemplate.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index 38a39fb899019..12459087f8644 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -70,14 +70,14 @@ public function test_replaces_only_in_first_duplicate_attribute() {
 	 * @covers ::render
 	 */
 	public function test_attribute_replacement_is_not_recursive() {
-		$template_string = '';
+		$template_string = '
    <%/replace>
    ';
 		$replacements    = array(
 			'replace' => '<%/replace>',
 		);
 
 		$result = T::from( $template_string )->bind( $replacements )->render();
 
-		$expected = '';
+		$expected = '
    </%replace>
    ';
 		$this->assertEqualHTML( $expected, $result );
 	}
 
@@ -754,6 +754,12 @@ public static function data_pre_element_leading_newline() {
 				array( 'code' => "\nline1\nline2" ),
 				"
    \n\nline1\nline2
    ",
 			),
+
+			'PRE with newline, newline replacement, and additional contents' => array(
+				"
    \n
    ",
+				array( 'code' => "\nline1" ),
+				"
    \n\nline1
    ",
+			),
 		);
 	}
 

From ecec350100327068bcde3f58f7f7d9cd3626054f Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 17:10:18 +0100
Subject: [PATCH 40/53] Remove special handling for PRE, LISTING tags

---
 src/wp-includes/html-api/class-wp-html-template.php | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 4afe298740462..d1f492e866567 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -116,14 +116,8 @@ public function get_tag_attributes(): array {
 						break;
 					}
 					$normalized = $processor->serialize_token();
-					/*
-					 * Compare using substr_compare with min length to match
-					 * the original behavior: when serialize_token() returns
-					 * empty (e.g. leading newline after 
    ), the comparison
-					 * length is 0, which always matches. This leaves the text
-					 * unchanged for normalize() to handle at the end.
-					 */
-					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, min( $mark->length, strlen( $normalized ) ) ) ) {
+					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, $mark->length )
+						) {
 						$this->text_normalizations[] = array( $mark->start, $mark->length, $normalized );
 					}
 					break;

From 8a2609e75564233753334731fdabaf2ddfd150f3 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 17:11:55 +0100
Subject: [PATCH 41/53] Test tweaks and notes

---
 tests/phpunit/tests/html-api/wpHtmlTemplate.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index 12459087f8644..8d70d6ebdd7ff 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -675,6 +675,8 @@ public static function data_atomic_element_attributes() {
 	 *
 	 * @dataProvider data_atomic_element_content_placeholders
 	 *
+	 * @todo Implement correct handling of atomic elements.
+	 *
 	 * @covers ::from
 	 * @covers ::render
 	 */
@@ -725,6 +727,8 @@ public static function data_atomic_element_content_placeholders() {
 	 * @covers ::render
 	 */
 	public function test_pre_element_leading_newline_behavior( string $template_string, array $replacements, string $expected ) {
+		$this->markTestSkipped( 'PRE newline handling is not yet correct.' );
+
 		$result = T::from( $template_string )->bind( $replacements )->render();
 		$this->assertEqualHTML( $expected, $result );
 	}

From bfdec2162db18ff904be10bb94d0816a9a638f9d Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 18:10:39 +0100
Subject: [PATCH 42/53] Add design doc for unified edits array in
 WP_HTML_Template

Documents a proposed refactor to consolidate three separate arrays
(compiled, text_normalizations, attr_escapes) into a unified $edits
array with a separate $placeholder_names index for validation.
---
 .../2026-02-06-unified-edits-array-design.md  | 106 ++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 docs/plans/2026-02-06-unified-edits-array-design.md

diff --git a/docs/plans/2026-02-06-unified-edits-array-design.md b/docs/plans/2026-02-06-unified-edits-array-design.md
new file mode 100644
index 0000000000000..c5752fd227061
--- /dev/null
+++ b/docs/plans/2026-02-06-unified-edits-array-design.md
@@ -0,0 +1,106 @@
+# Unified Edits Array Design
+
+## Problem
+
+`WP_HTML_Template` currently uses three separate arrays to track compiled data:
+
+- `$compiled` — placeholder offsets, keyed by name, with context
+- `$text_normalizations` — `[start, length, normalized_text]` tuples
+- `$attr_escapes` — `[start, length]` tuples (computed at render time)
+
+These serve similar purposes (tracking spans to replace) but have different shapes and processing logic. The render method builds an intermediate `$updates` array from all three, sorts it, then applies replacements.
+
+Additionally, `attr_escapes` defers computation to render time unnecessarily — the template string is immutable, so decode→re-encode can happen at compile time.
+
+## Design
+
+Replace all three arrays with two:
+
+### `$edits` — unified edit list
+
+A flat array of edit operations, naturally ordered by ascending offset (the processor walks the document linearly). Each entry is one of:
+
+**Pre-computed replacement** (normalizations and escapes):
+```php
+['start' => 100, 'length' => 5, 'replacement' => '&']
+```
+
+**Placeholder reference** (needs render-time lookup):
+```php
+['start' => 200, 'length' => 12, 'placeholder' => 'username', 'context' => 'text']
+```
+
+The `context` field is `'text'` or `'attribute'`, used to validate that templates aren't inserted into attribute values.
+
+### `$placeholder_names` — validation index
+
+A set of placeholder names for O(1) lookup during `bind()`:
+
+```php
+['username' => true, 'title' => true]
+```
+
+This replaces the current pattern of iterating `$compiled` to build a lookup on every `bind()` call.
+
+## Compile-time changes
+
+1. **Pre-compute attribute escapes**: Move the decode→re-encode logic from `render()` to `compile()`. Store only if the result differs from the original span (same redundancy check as text normalizations).
+
+2. **Single array population**: As the processor encounters normalizations, escapes, or placeholders, append to `$edits` in document order.
+
+3. **Build placeholder index**: When encountering a placeholder, also add its name to `$placeholder_names`.
+
+## Render-time changes
+
+The render loop becomes a single reverse iteration:
+
+```php
+foreach (array_reverse($this->edits) as $edit) {
+    if (isset($edit['placeholder'])) {
+        // Look up replacement value
+        // Validate template-in-attribute
+        // Escape and apply
+    } else {
+        // Pre-computed, apply directly
+        $html = substr_replace($html, $edit['replacement'], $edit['start'], $edit['length']);
+    }
+}
+```
+
+No intermediate `$updates` array. No `usort()`.
+
+## Bind-time changes
+
+Validation uses `$placeholder_names` directly instead of building a lookup:
+
+```php
+// Check for missing keys
+foreach ($this->placeholder_names as $name => $_) {
+    // ... validate $name exists in $replacements
+}
+
+// Check for unused keys
+foreach ($replacements as $key => $_) {
+    // ... validate $key exists in $placeholder_names
+}
+```
+
+## Invariants
+
+- Offsets in `$edits` are strictly ascending (document order)
+- No overlapping spans
+- Entries have either `replacement` (pre-computed) or `placeholder` + `context` (render-time)
+- Every name in an edit with `placeholder` key exists in `$placeholder_names`
+
+## Trade-offs
+
+**Gains:**
+- Three properties → two properties
+- Render: three foreach loops + sort → one reverse iteration
+- Attribute escapes pre-computed (less render-time work)
+- Redundant escapes filtered out (fewer edits when template is well-formed)
+- Clearer mental model: "edits" are things to replace, "placeholder_names" is the validation index
+
+**Costs:**
+- Slightly more memory per placeholder entry (storing `context` per offset instead of once per name)
+- Loses grouping by placeholder name (negligible — hash lookups are cheap)

From 76e6297d2589cf38269774dbabf77296f90d12e4 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 18:35:45 +0100
Subject: [PATCH 43/53] HTML API: Add $edits and $placeholder_names properties
 to WP_HTML_Template

Preparation for unifying $compiled, $text_normalizations, and $attr_escapes
into a single edits array with a separate placeholder name index.

See docs/plans/2026-02-06-unified-edits-array-design.md
---
 .../html-api/class-wp-html-template.php       | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index d1f492e866567..8ef9ff1aefffd 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -53,6 +53,30 @@ class WP_HTML_Template {
 	 */
 	private array $attr_escapes = array();
 
+	/**
+	 * Unified edit operations list.
+	 *
+	 * Flat array in document order (ascending offsets). Each entry is one of:
+	 *
+	 * Pre-computed replacement (normalizations, escapes):
+	 *   ['start' => int, 'length' => int, 'replacement' => string]
+	 *
+	 * Placeholder reference (render-time lookup):
+	 *   ['start' => int, 'length' => int, 'placeholder' => string, 'context' => 'text'|'attribute']
+	 *
+	 * @since 7.0.0
+	 * @var array
+	 */
+	private array $edits = array();
+
+	/**
+	 * Placeholder names for O(1) validation.
+	 *
+	 * @since 7.0.0
+	 * @var array
+	 */
+	private array $placeholder_names = array();
+
 	/**
 	 * Returns the compiled placeholder metadata.
 	 *

From d1cff79757273ace3f0bdcbea9b0ed6add12050d Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 18:41:27 +0100
Subject: [PATCH 44/53] HTML API: Populate $edits with text normalizations
 during compile

Text normalizations are now appended to the unified edits array as
pre-computed replacements. The legacy $text_normalizations array is
retained temporarily for parallel validation during migration.
---
 src/wp-includes/html-api/class-wp-html-template.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 8ef9ff1aefffd..1749659035360 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -108,6 +108,8 @@ private function compile(): void {
 		$this->compiled            = array();
 		$this->text_normalizations = array();
 		$this->attr_escapes        = array();
+		$this->edits               = array();
+		$this->placeholder_names   = array();
 
 		$processor = ( new class( '', WP_HTML_Processor::CONSTRUCTOR_UNLOCK_CODE ) extends WP_HTML_Processor {
 			public function get_html(): string {
@@ -140,9 +142,15 @@ public function get_tag_attributes(): array {
 						break;
 					}
 					$normalized = $processor->serialize_token();
-					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, $mark->length )
-						) {
+					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, $mark->length ) ) {
+						// Legacy: keep text_normalizations for now (parallel arrays during migration).
 						$this->text_normalizations[] = array( $mark->start, $mark->length, $normalized );
+						// New: append pre-computed replacement to edits.
+						$this->edits[] = array(
+							'start'       => $mark->start,
+							'length'      => $mark->length,
+							'replacement' => $normalized,
+						);
 					}
 					break;
 

From aaae9350a560681e43c6503881240c957e43ec86 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 18:54:48 +0100
Subject: [PATCH 45/53] HTML API: Populate $edits with text placeholders during
 compile

Text placeholders are now appended to the unified edits array with
context='text'. Placeholder names are also registered in $placeholder_names
for O(1) validation during bind().
---
 src/wp-includes/html-api/class-wp-html-template.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 1749659035360..e6518ce7dbb43 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -185,6 +185,15 @@ public function get_tag_attributes(): array {
 					}
 
 					$this->compiled[ $placeholder ]['offsets'][] = array( $start, $length );
+
+					// New: append placeholder edit and register name.
+					$this->edits[] = array(
+						'start'       => $start,
+						'length'      => $length,
+						'placeholder' => $placeholder,
+						'context'     => 'text',
+					);
+					$this->placeholder_names[ $placeholder ] = true;
 					break;
 
 				case '#tag':

From 6415041dd9f8868b638154358d7fd6c51bc8af3c Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 19:01:48 +0100
Subject: [PATCH 46/53] HTML API: Pre-compute attribute escapes at compile time

Static text segments in attribute values are now decoded and re-encoded
during compilation. Only segments that actually change are added to $edits.
This moves escape computation from render time to compile time.

Also fixes a typo in test_attribute_replacement_is_not_recursive where the
placeholder syntax used `<%/` instead of the correct ` $last_offset ) {
-								$this->attr_escapes[] = array( $last_offset, $match_start - $last_offset );
+								$seg_length = $match_start - $last_offset;
+								$original   = substr( $html, $last_offset, $seg_length );
+								$decoded    = WP_HTML_Decoder::decode_attribute( $original );
+								$escaped    = strtr( $decoded, array(
+									'&' => '&',
+									'<' => '<',
+									'>' => '>',
+									"'" => ''',
+									'"' => '"',
+								) );
+								// Only add edit if escaping actually changes the text.
+								if ( $escaped !== $original ) {
+									$this->edits[] = array(
+										'start'       => $last_offset,
+										'length'      => $seg_length,
+										'replacement' => $escaped,
+									);
+								}
+								// Legacy: keep attr_escapes for now.
+								$this->attr_escapes[] = array( $last_offset, $seg_length );
 							}
 
 							if ( ! isset( $this->compiled[ $placeholder ] ) ) {
@@ -251,9 +270,28 @@ public function get_tag_attributes(): array {
 							$offset      = $last_offset;
 						}
 
-						// Track trailing text segment after last placeholder.
+						// Pre-compute escape for trailing text segment after last placeholder.
 						if ( $last_offset < $end ) {
-							$this->attr_escapes[] = array( $last_offset, $end - $last_offset );
+							$seg_length = $end - $last_offset;
+							$original   = substr( $html, $last_offset, $seg_length );
+							$decoded    = WP_HTML_Decoder::decode_attribute( $original );
+							$escaped    = strtr( $decoded, array(
+								'&' => '&',
+								'<' => '<',
+								'>' => '>',
+								"'" => ''',
+								'"' => '"',
+							) );
+							// Only add edit if escaping actually changes the text.
+							if ( $escaped !== $original ) {
+								$this->edits[] = array(
+									'start'       => $last_offset,
+									'length'      => $seg_length,
+									'replacement' => $escaped,
+								);
+							}
+							// Legacy: keep attr_escapes for now.
+							$this->attr_escapes[] = array( $last_offset, $seg_length );
 						}
 					}
 					break;
diff --git a/tests/phpunit/tests/html-api/wpHtmlTemplate.php b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
index 8d70d6ebdd7ff..dd730a5ba3ab1 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTemplate.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTemplate.php
@@ -70,9 +70,9 @@ public function test_replaces_only_in_first_duplicate_attribute() {
 	 * @covers ::render
 	 */
 	public function test_attribute_replacement_is_not_recursive() {
-		$template_string = '
    <%/replace>
    ';
+		$template_string = '
    ';
 		$replacements    = array(
-			'replace' => '<%/replace>',
+			'replace' => '',
 		);
 
 		$result = T::from( $template_string )->bind( $replacements )->render();

From dd96aea3b905c6f46ae0339473c16c7a127ded9a Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 19:04:00 +0100
Subject: [PATCH 47/53] HTML API: Populate $edits with attribute placeholders
 during compile

Attribute placeholders are now appended to the unified edits array with
context='attribute'. Names are registered in $placeholder_names.
---
 src/wp-includes/html-api/class-wp-html-template.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index a2ad7ed8c472b..d83e22e75b1bc 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -266,6 +266,15 @@ public function get_tag_attributes(): array {
 
 							$this->compiled[ $placeholder ]['offsets'][] = array( $match_start, $match_length );
 
+							// New: append placeholder edit and register name.
+							$this->edits[] = array(
+								'start'       => $match_start,
+								'length'      => $match_length,
+								'placeholder' => $placeholder,
+								'context'     => 'attribute',
+							);
+							$this->placeholder_names[ $placeholder ] = true;
+
 							$last_offset = $match_start + $match_length;
 							$offset      = $last_offset;
 						}

From 4e42ace6e547125f847a1936618c4709af2e7588 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 21:04:03 +0100
Subject: [PATCH 48/53] HTML API: Refactor render() to use unified $edits array

Render now iterates the edits array in reverse order instead of building
an intermediate $updates array from three separate sources. Pre-computed
replacements are applied directly; placeholders are looked up and escaped.

Removes usort() call - edits are naturally in document order from compile.

Also ensures bind() copies $edits and $placeholder_names to the new instance.
---
 .../html-api/class-wp-html-template.php       | 94 +++++++------------
 1 file changed, 32 insertions(+), 62 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index d83e22e75b1bc..f21bf9c961cfa 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -421,6 +421,8 @@ public function bind( array $replacements ): static {
 		$new->compiled            = $this->compiled;
 		$new->text_normalizations = $this->text_normalizations;
 		$new->attr_escapes        = $this->attr_escapes;
+		$new->edits               = $this->edits;
+		$new->placeholder_names   = $this->placeholder_names;
 		return $new;
 	}
 
@@ -460,49 +462,43 @@ public function render(): string|false {
 		$html      = $this->template_string;
 		$used_keys = array();
 
-		/*
-		 * Collect all updates as [start, length, replacement_text] tuples.
-		 */
-		$updates = array();
-
-		// 1. Placeholder replacements.
-		foreach ( $this->compiled as $placeholder => $info ) {
-			$placeholder = (string) $placeholder;
-
-			// Look up the replacement value.
-			if ( array_key_exists( $placeholder, $this->replacements ) ) {
-				$key = $placeholder;
-			} elseif ( ctype_digit( $placeholder ) && array_key_exists( (int) $placeholder, $this->replacements ) ) {
-				$key = (int) $placeholder;
-			} else {
-				return false;
-			}
-
-			$used_keys[ $key ] = true;
-			$value             = $this->replacements[ $key ];
-
-			if ( $value instanceof self ) {
-				// Templates in attribute context are an error.
-				if ( 'attribute' === $info['context'] ) {
+		// Process edits in reverse order (end to start) to preserve positions.
+		foreach ( array_reverse( $this->edits ) as $edit ) {
+			if ( isset( $edit['placeholder'] ) ) {
+				// Placeholder: look up replacement value.
+				$placeholder = $edit['placeholder'];
+
+				if ( array_key_exists( $placeholder, $this->replacements ) ) {
+					$key = $placeholder;
+				} elseif ( ctype_digit( $placeholder ) && array_key_exists( (int) $placeholder, $this->replacements ) ) {
+					$key = (int) $placeholder;
+				} else {
 					return false;
 				}
 
-				$rendered = $value->render();
-				if ( false === $rendered ) {
-					return false;
-				}
+				$used_keys[ $key ] = true;
+				$value             = $this->replacements[ $key ];
 
-				foreach ( $info['offsets'] as list( $start, $length ) ) {
-					$updates[] = array( $start, $length, $rendered );
-				}
-			} elseif ( is_string( $value ) ) {
-				$escaped = strtr( $value, $escape_map );
+				if ( $value instanceof self ) {
+					if ( 'attribute' === $edit['context'] ) {
+						return false;
+					}
+
+					$rendered = $value->render();
+					if ( false === $rendered ) {
+						return false;
+					}
 
-				foreach ( $info['offsets'] as list( $start, $length ) ) {
-					$updates[] = array( $start, $length, $escaped );
+					$html = substr_replace( $html, $rendered, $edit['start'], $edit['length'] );
+				} elseif ( is_string( $value ) ) {
+					$escaped = strtr( $value, $escape_map );
+					$html    = substr_replace( $html, $escaped, $edit['start'], $edit['length'] );
+				} else {
+					return false;
 				}
 			} else {
-				return false;
+				// Pre-computed replacement: apply directly.
+				$html = substr_replace( $html, $edit['replacement'], $edit['start'], $edit['length'] );
 			}
 		}
 
@@ -511,32 +507,6 @@ public function render(): string|false {
 			return false;
 		}
 
-		// 2. Text normalizations.
-		foreach ( $this->text_normalizations as list( $start, $length, $normalized ) ) {
-			$updates[] = array( $start, $length, $normalized );
-		}
-
-		// 3. Attribute text escaping.
-		// Static text in attribute values needs escaping to prevent character
-		// reference injection (e.g. "&" + "not" = "¬" = "¬"). Decode
-		// existing character references first, then re-encode to avoid
-		// double-escaping (e.g. "&" should stay "&", not become "&amp;").
-		foreach ( $this->attr_escapes as list( $start, $length ) ) {
-			$original = substr( $html, $start, $length );
-			$decoded  = WP_HTML_Decoder::decode_attribute( $original );
-			$updates[] = array( $start, $length, strtr( $decoded, $escape_map ) );
-		}
-
-		// Sort by start position descending so replacements don't shift positions.
-		usort( $updates, static function ( $a, $b ) {
-			return $b[0] <=> $a[0];
-		} );
-
-		// Apply all replacements from end to start.
-		foreach ( $updates as list( $start, $length, $replacement ) ) {
-			$html = substr_replace( $html, $replacement, $start, $length );
-		}
-
 		return WP_HTML_Processor::normalize( $html ) ?? $html;
 	}
 }

From eea6a51884621f70a152ce66b20b1b2bdef62562 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 21:08:46 +0100
Subject: [PATCH 49/53] HTML API: Refactor bind() to use $placeholder_names for
 validation

Validation now uses the pre-built $placeholder_names index for O(1) lookups
instead of iterating through $compiled to build a lookup on each bind() call.
---
 .../html-api/class-wp-html-template.php       | 38 +++++--------------
 1 file changed, 10 insertions(+), 28 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index f21bf9c961cfa..08b2dd297a95b 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -341,31 +341,12 @@ public static function from( string $template ): static {
 	public function bind( array $replacements ): static {
 		$this->compile();
 
-		// Build a lookup of placeholder keys from compiled data.
-		$placeholder_keys = array();
-		foreach ( $this->compiled as $placeholder => $info ) {
-			$placeholder = (string) $placeholder;
-			$placeholder_keys[ $placeholder ] = true;
-			if ( ctype_digit( $placeholder ) ) {
-				$placeholder_keys[ (int) $placeholder ] = true;
-			}
-		}
-
-		// Build a lookup of replacement keys.
-		$replacement_keys = array();
-		foreach ( $replacements as $key => $value ) {
-			$replacement_keys[ (string) $key ] = true;
-			if ( is_int( $key ) ) {
-				$replacement_keys[ $key ] = true;
-			}
-		}
-
 		// Check for missing keys (placeholder without replacement).
-		foreach ( $this->compiled as $placeholder => $info ) {
+		foreach ( $this->placeholder_names as $placeholder => $_ ) {
 			$placeholder = (string) $placeholder;
-			$found       = isset( $replacement_keys[ $placeholder ] );
+			$found       = array_key_exists( $placeholder, $replacements );
 			if ( ! $found && ctype_digit( $placeholder ) ) {
-				$found = isset( $replacement_keys[ (int) $placeholder ] ) || array_key_exists( (int) $placeholder, $replacements );
+				$found = array_key_exists( (int) $placeholder, $replacements );
 			}
 			if ( ! $found ) {
 				_doing_it_wrong(
@@ -382,7 +363,7 @@ public function bind( array $replacements ): static {
 		// Check for unused keys (replacement without placeholder).
 		foreach ( $replacements as $key => $value ) {
 			$str_key = (string) $key;
-			$found   = isset( $placeholder_keys[ $key ] ) || isset( $placeholder_keys[ $str_key ] );
+			$found   = isset( $this->placeholder_names[ $key ] ) || isset( $this->placeholder_names[ $str_key ] );
 			if ( ! $found ) {
 				_doing_it_wrong(
 					__METHOD__,
@@ -396,14 +377,14 @@ public function bind( array $replacements ): static {
 		}
 
 		// Check for templates in attribute context.
-		foreach ( $this->compiled as $placeholder => $info ) {
-			$placeholder = (string) $placeholder;
-			if ( 'attribute' !== $info['context'] ) {
+		foreach ( $this->edits as $edit ) {
+			if ( ! isset( $edit['placeholder'] ) || 'attribute' !== $edit['context'] ) {
 				continue;
 			}
 
-			$key   = ctype_digit( $placeholder ) ? (int) $placeholder : $placeholder;
-			$value = $replacements[ $key ] ?? $replacements[ $placeholder ] ?? null;
+			$placeholder = $edit['placeholder'];
+			$key         = ctype_digit( $placeholder ) ? (int) $placeholder : $placeholder;
+			$value       = $replacements[ $key ] ?? $replacements[ $placeholder ] ?? null;
 
 			if ( $value instanceof self ) {
 				_doing_it_wrong(
@@ -414,6 +395,7 @@ public function bind( array $replacements ): static {
 					),
 					'7.0.0'
 				);
+				break; // Only warn once per placeholder name.
 			}
 		}
 

From 48dcd2e684ee283788295e5678afcc05b1d9da9c Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 21:13:40 +0100
Subject: [PATCH 50/53] HTML API: Remove legacy $text_normalizations and
 $attr_escapes arrays

These are now fully superseded by the unified $edits array.
Text normalizations and attribute escapes are stored as pre-computed
replacements in $edits during compile().
---
 .../html-api/class-wp-html-template.php       | 43 +++----------------
 1 file changed, 5 insertions(+), 38 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 08b2dd297a95b..d95e81dec43c9 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -31,28 +31,6 @@ class WP_HTML_Template {
 	 */
 	private ?array $compiled = null;
 
-	/**
-	 * Text normalizations discovered during compilation.
-	 *
-	 * Array of [start, length, normalized_text] tuples for #text tokens
-	 * whose serialized form differs from the original HTML.
-	 *
-	 * @since 7.0.0
-	 * @var array
-	 */
-	private array $text_normalizations = array();
-
-	/**
-	 * Attribute text segments needing escaping.
-	 *
-	 * Array of [start, length] pairs for text between/before placeholders
-	 * within attribute values.
-	 *
-	 * @since 7.0.0
-	 * @var array
-	 */
-	private array $attr_escapes = array();
-
 	/**
 	 * Unified edit operations list.
 	 *
@@ -105,10 +83,8 @@ private function compile(): void {
 			return;
 		}
 
-		$this->compiled            = array();
-		$this->text_normalizations = array();
-		$this->attr_escapes        = array();
-		$this->edits               = array();
+		$this->compiled          = array();
+		$this->edits             = array();
 		$this->placeholder_names   = array();
 
 		$processor = ( new class( '', WP_HTML_Processor::CONSTRUCTOR_UNLOCK_CODE ) extends WP_HTML_Processor {
@@ -143,9 +119,6 @@ public function get_tag_attributes(): array {
 					}
 					$normalized = $processor->serialize_token();
 					if ( 0 !== substr_compare( $processor->get_html(), $normalized, $mark->start, $mark->length ) ) {
-						// Legacy: keep text_normalizations for now (parallel arrays during migration).
-						$this->text_normalizations[] = array( $mark->start, $mark->length, $normalized );
-						// New: append pre-computed replacement to edits.
 						$this->edits[] = array(
 							'start'       => $mark->start,
 							'length'      => $mark->length,
@@ -250,8 +223,6 @@ public function get_tag_attributes(): array {
 										'replacement' => $escaped,
 									);
 								}
-								// Legacy: keep attr_escapes for now.
-								$this->attr_escapes[] = array( $last_offset, $seg_length );
 							}
 
 							if ( ! isset( $this->compiled[ $placeholder ] ) ) {
@@ -299,8 +270,6 @@ public function get_tag_attributes(): array {
 									'replacement' => $escaped,
 								);
 							}
-							// Legacy: keep attr_escapes for now.
-							$this->attr_escapes[] = array( $last_offset, $seg_length );
 						}
 					}
 					break;
@@ -400,11 +369,9 @@ public function bind( array $replacements ): static {
 		}
 
 		$new = new static( $this->template_string, $replacements );
-		$new->compiled            = $this->compiled;
-		$new->text_normalizations = $this->text_normalizations;
-		$new->attr_escapes        = $this->attr_escapes;
-		$new->edits               = $this->edits;
-		$new->placeholder_names   = $this->placeholder_names;
+		$new->compiled          = $this->compiled;
+		$new->edits             = $this->edits;
+		$new->placeholder_names = $this->placeholder_names;
 		return $new;
 	}
 

From cbfcd6d828698d43a61e85fab01cce79793c3291 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 21:17:34 +0100
Subject: [PATCH 51/53] HTML API: Add TODO for future $compiled removal

Document that $compiled could be derived from $edits on-demand to eliminate
redundant storage, but keeping it for now to preserve get_placeholders() API.
---
 src/wp-includes/html-api/class-wp-html-template.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index d95e81dec43c9..2d67a3520fa0f 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -22,6 +22,10 @@ class WP_HTML_Template {
 	/**
 	 * Compiled placeholder metadata.
 	 *
+	 * @todo Consider deriving this from $edits on-demand in get_placeholders()
+	 *       to eliminate redundant storage. Would require building the grouped
+	 *       structure at call time instead of compile time.
+	 *
 	 * Array of placeholder_name => array with keys:
 	 * - 'offsets': array of [start, length] pairs for each occurrence
 	 * - 'context': 'text' or 'attribute' (attribute takes precedence)

From 17675db0b3e804292e449d885577b870ed1f34a7 Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 21:21:08 +0100
Subject: [PATCH 52/53] HTML API: Fix code style issues in WP_HTML_Template

Apply WordPress Coding Standards formatting:
- Align equals signs in assignment blocks
- Format multi-line function calls (strtr) per PEAR standard
---
 .../html-api/class-wp-html-template.php       | 42 +++++++++++--------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 2d67a3520fa0f..32974c4a7b8cb 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -89,7 +89,7 @@ private function compile(): void {
 
 		$this->compiled          = array();
 		$this->edits             = array();
-		$this->placeholder_names   = array();
+		$this->placeholder_names = array();
 
 		$processor = ( new class( '', WP_HTML_Processor::CONSTRUCTOR_UNLOCK_CODE ) extends WP_HTML_Processor {
 			public function get_html(): string {
@@ -164,7 +164,7 @@ public function get_tag_attributes(): array {
 					$this->compiled[ $placeholder ]['offsets'][] = array( $start, $length );
 
 					// New: append placeholder edit and register name.
-					$this->edits[] = array(
+					$this->edits[]                           = array(
 						'start'       => $start,
 						'length'      => $length,
 						'placeholder' => $placeholder,
@@ -212,13 +212,16 @@ public function get_tag_attributes(): array {
 								$seg_length = $match_start - $last_offset;
 								$original   = substr( $html, $last_offset, $seg_length );
 								$decoded    = WP_HTML_Decoder::decode_attribute( $original );
-								$escaped    = strtr( $decoded, array(
-									'&' => '&',
-									'<' => '<',
-									'>' => '>',
-									"'" => ''',
-									'"' => '"',
-								) );
+								$escaped    = strtr(
+									$decoded,
+									array(
+										'&' => '&',
+										'<' => '<',
+										'>' => '>',
+										"'" => ''',
+										'"' => '"',
+									)
+								);
 								// Only add edit if escaping actually changes the text.
 								if ( $escaped !== $original ) {
 									$this->edits[] = array(
@@ -242,7 +245,7 @@ public function get_tag_attributes(): array {
 							$this->compiled[ $placeholder ]['offsets'][] = array( $match_start, $match_length );
 
 							// New: append placeholder edit and register name.
-							$this->edits[] = array(
+							$this->edits[]                           = array(
 								'start'       => $match_start,
 								'length'      => $match_length,
 								'placeholder' => $placeholder,
@@ -259,13 +262,16 @@ public function get_tag_attributes(): array {
 							$seg_length = $end - $last_offset;
 							$original   = substr( $html, $last_offset, $seg_length );
 							$decoded    = WP_HTML_Decoder::decode_attribute( $original );
-							$escaped    = strtr( $decoded, array(
-								'&' => '&',
-								'<' => '<',
-								'>' => '>',
-								"'" => ''',
-								'"' => '"',
-							) );
+							$escaped    = strtr(
+								$decoded,
+								array(
+									'&' => '&',
+									'<' => '<',
+									'>' => '>',
+									"'" => ''',
+									'"' => '"',
+								)
+							);
 							// Only add edit if escaping actually changes the text.
 							if ( $escaped !== $original ) {
 								$this->edits[] = array(
@@ -372,7 +378,7 @@ public function bind( array $replacements ): static {
 			}
 		}
 
-		$new = new static( $this->template_string, $replacements );
+		$new                    = new static( $this->template_string, $replacements );
 		$new->compiled          = $this->compiled;
 		$new->edits             = $this->edits;
 		$new->placeholder_names = $this->placeholder_names;

From 09f3524acfbbb916804722ed577f919410ac314d Mon Sep 17 00:00:00 2001
From: Jon Surrell 
Date: Fri, 6 Feb 2026 22:55:45 +0100
Subject: [PATCH 53/53] HTML API: Remove redundant $compiled variable from
 WP_HTML_Template

Replace the $compiled property with an $is_compiled boolean flag.
The grouped placeholder metadata is now derived on-demand in
get_placeholders() by iterating through the $edits array, eliminating
redundant storage while maintaining identical public API behavior.
---
 .../html-api/class-wp-html-template.php       | 73 +++++++++----------
 1 file changed, 36 insertions(+), 37 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-template.php b/src/wp-includes/html-api/class-wp-html-template.php
index 32974c4a7b8cb..033ea88e83a77 100644
--- a/src/wp-includes/html-api/class-wp-html-template.php
+++ b/src/wp-includes/html-api/class-wp-html-template.php
@@ -20,20 +20,12 @@ class WP_HTML_Template {
 	private array $replacements = array();
 
 	/**
-	 * Compiled placeholder metadata.
-	 *
-	 * @todo Consider deriving this from $edits on-demand in get_placeholders()
-	 *       to eliminate redundant storage. Would require building the grouped
-	 *       structure at call time instead of compile time.
-	 *
-	 * Array of placeholder_name => array with keys:
-	 * - 'offsets': array of [start, length] pairs for each occurrence
-	 * - 'context': 'text' or 'attribute' (attribute takes precedence)
+	 * Whether the template has been compiled.
 	 *
 	 * @since 7.0.0
-	 * @var array|null
+	 * @var bool
 	 */
-	private ?array $compiled = null;
+	private bool $is_compiled = false;
 
 	/**
 	 * Unified edit operations list.
@@ -62,7 +54,9 @@ class WP_HTML_Template {
 	/**
 	 * Returns the compiled placeholder metadata.
 	 *
-	 * Triggers compilation if not already done.
+	 * Derives the grouped structure from $edits on-demand.
+	 * If a placeholder appears in both text and attribute contexts,
+	 * the attribute context takes precedence (more restrictive).
 	 *
 	 * @since 7.0.0
 	 *
@@ -70,7 +64,33 @@ class WP_HTML_Template {
 	 */
 	public function get_placeholders(): array {
 		$this->compile();
-		return $this->compiled;
+
+		$result = array();
+
+		foreach ( $this->edits as $edit ) {
+			if ( ! isset( $edit['placeholder'] ) ) {
+				continue;
+			}
+
+			$placeholder = $edit['placeholder'];
+			$context     = $edit['context'];
+
+			if ( ! isset( $result[ $placeholder ] ) ) {
+				$result[ $placeholder ] = array(
+					'offsets' => array(),
+					'context' => $context,
+				);
+			} else {
+				// Promote text context to attribute context.
+				if ( 'attribute' === $context ) {
+					$result[ $placeholder ]['context'] = 'attribute';
+				}
+			}
+
+			$result[ $placeholder ]['offsets'][] = array( $edit['start'], $edit['length'] );
+		}
+
+		return $result;
 	}
 
 	/**
@@ -83,11 +103,11 @@ public function get_placeholders(): array {
 	 * @since 7.0.0
 	 */
 	private function compile(): void {
-		if ( null !== $this->compiled ) {
+		if ( $this->is_compiled ) {
 			return;
 		}
 
-		$this->compiled          = array();
+		$this->is_compiled       = true;
 		$this->edits             = array();
 		$this->placeholder_names = array();
 
@@ -154,15 +174,6 @@ public function get_tag_attributes(): array {
 						break;
 					}
 
-					if ( ! isset( $this->compiled[ $placeholder ] ) ) {
-						$this->compiled[ $placeholder ] = array(
-							'offsets' => array(),
-							'context' => 'text',
-						);
-					}
-
-					$this->compiled[ $placeholder ]['offsets'][] = array( $start, $length );
-
 					// New: append placeholder edit and register name.
 					$this->edits[]                           = array(
 						'start'       => $start,
@@ -232,18 +243,6 @@ public function get_tag_attributes(): array {
 								}
 							}
 
-							if ( ! isset( $this->compiled[ $placeholder ] ) ) {
-								$this->compiled[ $placeholder ] = array(
-									'offsets' => array(),
-									'context' => 'attribute',
-								);
-							} else {
-								// Promote text context to attribute context.
-								$this->compiled[ $placeholder ]['context'] = 'attribute';
-							}
-
-							$this->compiled[ $placeholder ]['offsets'][] = array( $match_start, $match_length );
-
 							// New: append placeholder edit and register name.
 							$this->edits[]                           = array(
 								'start'       => $match_start,
@@ -379,7 +378,7 @@ public function bind( array $replacements ): static {
 		}
 
 		$new                    = new static( $this->template_string, $replacements );
-		$new->compiled          = $this->compiled;
+		$new->is_compiled       = $this->is_compiled;
 		$new->edits             = $this->edits;
 		$new->placeholder_names = $this->placeholder_names;
 		return $new;