Page MenuHomePhabricator

Sanitizer::validateAttributes is not as efficient as it could be
Open, MediumPublic

Description

Instead of storing the allowed attribute names as an associative array, it stored them as a sequential array and then does an array_flip every time that validateAttributes is called in order to do efficient lookup.

It would be better just to do the array_flip once, at the time setupAttributeWhitelist is called.

In addition, Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist() are public methods (although code search shows no uses outside Sanitizer). They should be made private (after a suitable deprecation period).

Details

Related Gerrit Patches:

Event Timeline

cscott created this task.Apr 23 2019, 5:14 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 23 2019, 5:14 PM

Change 505825 had a related patch set uploaded (by C. Scott Ananian; owner: C. Scott Ananian):
[mediawiki/core@master] Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist

https://gerrit.wikimedia.org/r/505825

ssastry triaged this task as Medium priority.Apr 24 2019, 6:58 PM
ssastry moved this task from Backlog to Performance on the Parsoid-PHP board.
ssastry removed a project: Patch-For-Review.
ssastry removed a subscriber: Parsing-Team.

Change 505825 merged by jenkins-bot:
[mediawiki/core@master] Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist

https://gerrit.wikimedia.org/r/505825