Page MenuHomePhabricator

Sanitizer::validateAttributes is not as efficient as it could be
Open, MediumPublic


Instead of storing the allowed attribute names as an associative array, it stored them as a sequential array and then does an array_flip every time that validateAttributes is called in order to do efficient lookup.

It would be better just to do the array_flip once, at the time setupAttributeWhitelist is called.

In addition, Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist() are public methods (although code search shows no uses outside Sanitizer). They should be made private (after a suitable deprecation period).

Event Timeline

cscott created this task.Apr 23 2019, 5:14 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 23 2019, 5:14 PM

Change 505825 had a related patch set uploaded (by C. Scott Ananian; owner: C. Scott Ananian):
[mediawiki/core@master] Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist

ssastry triaged this task as Medium priority.Apr 24 2019, 6:58 PM
ssastry moved this task from Backlog to Performance on the Parsoid-PHP board.
ssastry removed a project: Patch-For-Review.
ssastry removed a subscriber: Parsing-Team.

Change 505825 merged by jenkins-bot:
[mediawiki/core@master] Deprecate Sanitizer::setupAttributeWhitelist/attributeWhitelist

Aklapper edited projects, added Parsoid; removed Parsoid-PHP.Apr 10 2020, 4:27 PM