Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:125215
Message-ID: <BC857F84-7717-48EB-AB8D-DE40D59E7634@automattic.com>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_B276F957-ED5F-4B85-84F3-3DD52172687D"
Precedence: bulk
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
Subject: Re: [PHP-DEV] [RFC] Decoding HTML and the Ambiguous Ampersand
Date: Sun, 25 Aug 2024 10:25:07 -0500
In-Reply-To: <CAJmjfvWCz3SW858N+wAxGF0mLc1c7r3bR3n8hxLfr+72YuyAEg@mail.gmail.com>
Cc: Niels Dossche <dossche.niels@gmail.com>,
 Internals <internals@lists.php.net>
To: Jakob Givoni <jakob@givoni.dk>
References: <CAA8B983-FD39-4AB1-B314-62608B0C0EF4@a8c.com>
 <76D9E1DA-57CE-45C3-8E3E-B08A0B70FB60@a8c.com>
 <efaf4c62-a552-4232-8a22-410578c13b8d@gmail.com>
 <7ED2EE07-D7C6-43A4-A4E1-E9928E8B8D31@automattic.com>
 <CAJmjfvXvBpxc-t2SkrK587Cm+=iOY9tNmpt-SC-pgg7pALJ9XA@mail.gmail.com>
 <90B08F35-06D5-4D5C-BA7B-B7116EE18769@automattic.com>
 <CAJmjfvWCz3SW858N+wAxGF0mLc1c7r3bR3n8hxLfr+72YuyAEg@mail.gmail.com>
From: dennis.snell@automattic.com (Dennis Snell)


--Apple-Mail=_B276F957-ED5F-4B85-84F3-3DD52172687D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On Aug 25, 2024, at 3:15=E2=80=AFAM, Jakob Givoni <jakob@givoni.dk> =
wrote:
>=20
>=20
> On Sat, Aug 24, 2024 at 10:31=E2=80=AFPM Dennis Snell =
<dennis.snell@automattic.com <mailto:dennis.snell@automattic.com>> =
wrote:
>> On Aug 24, 2024, at 2:56=E2=80=AFPM, Jakob Givoni <jakob@givoni.dk =
<mailto:jakob@givoni.dk>> wrote:
>>>=20
>>> Hi Dennis,
>>>=20
>>> Overall it sounds like a reasonable RFC.
>>>  =20
>>> > Dennis:
>>> >
>>> > > Niels:
>>> > >
>>> > > I'm not so sure that the name "decode_html" is self-descriptive =
enough, it sounds very generic.
>>> >
>>> > The name is not very important to me. For the sake of history, the =
reason I have chosen =E2=80=9Cdecode HTML=E2=80=9D is because, unlike an =
HTML parser, this is focused on taking a snippet of HTML =E2=80=9Ctext=E2=80=
=9D content and decoding it into a =E2=80=9Cplain PHP string.=E2=80=9D
>>>=20
>>> Why not make it two methods called "decode_html_text" and =
"decode_html_attribute"?
>>> Consider the following reasons:
>>> 1. The function doesn't actually decode html as such, it decodes =
either an html text node string or an html attribute string.
>>=20
>> Thanks Jakob. In WordPress I did just this.
>> https://developer.wordpress.org/reference/classes/wp_html_decoder/
>>=20
>> Part of the reason for that was the inability to require something =
like an enum (due to PHP version support requirements). The Enum =
solution feels very nice too.
>>=20
>>> 2. Saves the $context parameter and the constants/enums, making the =
call significantly shorter.=20
>>=20
>> In my PR I=E2=80=99ve actually expanded the Enum to include a few =
other contexts. I feel like there=E2=80=99s a balance we have to do if =
we want to ride the line between fully reliable and fully convenient. On =
one hand, we could say =E2=80=9Cdon=E2=80=99t send the text content of a =
SCRIPT element to this function!=E2=80=9D But on the other hand, that =
kind of forces people to expect that SCRIPT content is different.
>>=20
>> With the Enum there is that in-built training material when someone =
looks and finds `Attribute | BodyText | ForeignText | Script | Style` =
(the contexts I=E2=80=99ve explored in my PR).=20
>>=20
>> We could make the same argument for `decode_html_script()` and =
`decode_foreign_text_node()` and `decode_html_style()`. Somehow the =
context feels cleaner to me, and like a single entry point for learning =
instead of five.
>>=20
>=20
> Yes. With 5 different contexts it's starting to shift in favor of a =
single function :-)
> I only saw the RFC which from what I can tell still only features 2 of =
them. I haven't seen the PR (RFC Implementation section says "Yet to =
come").=20

Oops, I=E2=80=99ll get to this!

>>> 3. It feels like decoding either text or attribute are two =
significantly different things. I admit I could be wrong, if code like =
decode_html($e->isAttritbute() ? HtmlContext::Attribute : =
HtmlContext::Text, $e->getContent()) is likely to be seen.
>>=20
>> None of these contexts are significantly different, which is one of =
the major dangers of using `html_entity_decode()`. The results will look =
just about right most of the time. It=E2=80=99s the subtle differences =
that matter most, I suppose.
>=20
> Well, that was kind of what I meant - even if the differences are =
usually absent or subtle, they are significant (i.e. not necessarily =
big, but meaningful), meaning using it wrong would give the wrong =
result, right? Saying that they are not significantly different to me =
means that the result would just be a little less good sometimes, not =
directly wrong.

In hindsight I think I misunderstood what you were saying and got it =
backwards. I meant that the algorithms are subtly different, but as you =
point out, yes, the outcomes can be significant. ln the better cases we =
get data corruption, but these do lead to misidentification of unsafe =
content.

For example, =E2=80=9C&#x6a&#x61;\x00avascript=E2=80=9D should decode as =
=E2=80=9Cjavascript=E2=80=9D when rendered by a browser when found =
inside the BODY of a page, but an attribute should read =
=E2=80=9Cja=EF=BF=BDvascript.=E2=80=9D

>>=20
>> The lesson I have drawn is that people frequently have what they =
understand to be a text node or an attribute value, but they aren=E2=80=99=
t aware that they are supposed to decode differently, and they also =
aren=E2=80=99t reaching to interact with a full parser to get these =
values. If PHP could train people as they use these functions, purely =
through their interfaces, I think that could help elevate the level of =
reliability out there in the wild, as long as they aren=E2=80=99t too =
cumbersome (hence explicitly no default context argument _or_ using =
separately-named functions).
>>=20
>> Having the Enum I think enhances the ease with which people can =
reliably also decode things like SCRIPT and STYLE nodes. =E2=80=9CI know =
`html_decode_text()` but I don=E2=80=99t know what the rules for SCRIPT =
are or if they=E2=80=99re different so I=E2=80=99ll just stick with =
that.=E2=80=9D vs =E2=80=9CMy IDE suggests that `Script` is a different =
context, that=E2=80=99s interesting, I=E2=80=99ll try that and see how =
it=E2=80=99s different."
>>=20
>=20
> That is a good point and using enums favours that learning push since =
they are inherently grouped together.
>>>=20
>>> Best,
>>> Jakob
>>> =20
>>=20
>> Thanks for your input. I=E2=80=99m grateful for the discussions and =
that people are sharing.
>>=20
>=20
> Cheers!

Warmly,
Dennis Snell


--Apple-Mail=_B276F957-ED5F-4B85-84F3-3DD52172687D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"overflow-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: =
after-white-space;"><br><div><blockquote type=3D"cite"><div>On Aug 25, =
2024, at 3:15=E2=80=AFAM, Jakob Givoni &lt;jakob@givoni.dk&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div><meta =
charset=3D"UTF-8"><div dir=3D"ltr" class=3D"gmail_attr" =
style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
16px; font-style: normal; font-variant-caps: normal; font-weight: 400; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; text-decoration: none;"><br =
class=3D"Apple-interchange-newline">On Sat, Aug 24, 2024 at 10:31=E2=80=AF=
PM Dennis Snell &lt;<a =
href=3D"mailto:dennis.snell@automattic.com">dennis.snell@automattic.com</a=
>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" =
style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
16px; font-style: normal; font-variant-caps: normal; font-weight: 400; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; text-decoration: none; margin: 0px 0px =
0px 0.8ex; border-left-width: 1px; border-left-style: solid; =
border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div>On Aug =
24, 2024, at 2:56=E2=80=AFPM, Jakob Givoni &lt;<a =
href=3D"mailto:jakob@givoni.dk" target=3D"_blank">jakob@givoni.dk</a>&gt; =
wrote:<br><div><blockquote type=3D"cite"><br><div><div dir=3D"ltr">Hi =
Dennis,<br><br>Overall it sounds like a reasonable RFC.<div>&nbsp;<span =
class=3D"Apple-converted-space">&nbsp;</span><br>&gt; =
Dennis:</div><div>&gt;<br>&gt; &gt; Niels:</div><div>&gt; &gt;<br>&gt; =
&gt; I'm not so sure that the name "decode_html" is self-descriptive =
enough, it sounds very generic.<br>&gt;<br>&gt; The name is not very =
important to me. For the sake of history, the reason I have chosen =
=E2=80=9Cdecode HTML=E2=80=9D is because, unlike an HTML parser, this is =
focused on taking a snippet of HTML =E2=80=9Ctext=E2=80=9D content and =
decoding it into a =E2=80=9Cplain PHP string.=E2=80=9D<br><br>Why not =
make it two methods called "decode_html_text" and =
"decode_html_attribute"?</div><div>Consider the following =
reasons:</div><div>1. The function doesn't actually decode html as such, =
it decodes either an html text node string or an html attribute =
string.</div></div></div></blockquote><div><br></div><div>Thanks Jakob. =
In WordPress I did just this.</div><div><a =
href=3D"https://developer.wordpress.org/reference/classes/wp_html_decoder/=
" =
target=3D"_blank">https://developer.wordpress.org/reference/classes/wp_htm=
l_decoder/</a></div><div><br></div><div>Part of the reason for that was =
the inability to require something like an enum (due to PHP version =
support requirements). The Enum solution feels very nice =
too.</div><br><blockquote type=3D"cite"><div><div dir=3D"ltr"><div>2. =
Saves the $context parameter and the constants/enums, making the call =
significantly =
shorter.&nbsp;</div></div></div></blockquote><div><br></div><div>In my =
PR I=E2=80=99ve actually expanded the Enum to include a few other =
contexts. I feel like there=E2=80=99s a balance we have to do if we want =
to ride the line between<span =
class=3D"Apple-converted-space">&nbsp;</span><i>fully =
reliable</i>&nbsp;and<span =
class=3D"Apple-converted-space">&nbsp;</span><i>fully convenient</i>. On =
one hand, we could say =E2=80=9Cdon=E2=80=99t send the text content of a =
SCRIPT element to this function!=E2=80=9D But on the other hand, that =
kind of forces people to expect that SCRIPT content is =
different.</div><div><br></div><div>With the Enum there is that in-built =
training material when someone looks and finds `Attribute | BodyText | =
ForeignText | Script | Style` (the contexts I=E2=80=99ve explored in my =
PR).&nbsp;</div><div><br></div><div>We could make the same argument for =
`decode_html_script()` and `decode_foreign_text_node()` and =
`decode_html_style()`. Somehow the context feels cleaner to me, and like =
a single entry point for learning instead of =
five.</div><br></div></div></blockquote><div style=3D"caret-color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 16px; font-style: =
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><br></div><div style=3D"caret-color: rgb(0, 0, =
0); font-family: Helvetica; font-size: 16px; font-style: normal; =
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;">Yes. With 5 different contexts it's starting to =
shift in favor of a single function :-)</div><div style=3D"caret-color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 16px; font-style: =
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;">I only saw the RFC which from what I can tell =
still only features 2 of them. I haven't seen the PR =
(RFC&nbsp;Implementation section says "Yet to =
come").&nbsp;</div></div></blockquote><div><br></div><div>Oops, I=E2=80=99=
ll get to this!</div><br><blockquote type=3D"cite"><blockquote =
class=3D"gmail_quote" style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 16px; font-style: normal; font-variant-caps: =
normal; font-weight: 400; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none; margin: 0px 0px 0px 0.8ex; border-left-width: 1px; =
border-left-style: solid; border-left-color: rgb(204, 204, 204); =
padding-left: 1ex;"><div><div><blockquote type=3D"cite"><div><div =
dir=3D"ltr"><div>3. It feels like decoding either text or attribute are =
two significantly different things. I admit I could be wrong, if code =
like decode_html($e-&gt;isAttritbute() ? HtmlContext::Attribute : =
HtmlContext::Text, $e-&gt;getContent()) is likely to be =
seen.</div></div></div></blockquote><div><br></div><div>None of these =
contexts are<span =
class=3D"Apple-converted-space">&nbsp;</span><i>significantly</i>&nbsp;dif=
ferent, which is one of the major dangers of using =
`html_entity_decode()`. The results will look just about right most of =
the time. It=E2=80=99s the subtle differences that matter most, I =
suppose.</div></div></div></blockquote><div style=3D"caret-color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 16px; font-style: normal; =
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><br></div><div style=3D"caret-color: rgb(0, 0, =
0); font-family: Helvetica; font-size: 16px; font-style: normal; =
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;">Well, that was kind of what I meant - even if =
the differences are usually absent or subtle, they are significant (i.e. =
not necessarily big, but meaningful), meaning using it wrong would give =
the wrong result, right? Saying that they are not<span =
class=3D"Apple-converted-space">&nbsp;</span><i>significantly =
different</i><span class=3D"Apple-converted-space">&nbsp;</span>to me =
means that the result would just be a little less good sometimes, not =
directly wrong.</div></blockquote><div><br></div><div>In hindsight I =
think I misunderstood what you were saying and got it backwards. I meant =
that the algorithms are subtly different, but as you point out, yes, the =
outcomes can be significant. ln the better cases we get data corruption, =
but these do lead to misidentification of unsafe =
content.<br></div><div><br></div><div>For example, =
=E2=80=9C&amp;#x6a&amp;#x61;\x00avascript=E2=80=9D should decode as =
=E2=80=9Cjavascript=E2=80=9D when rendered by a browser when found =
inside the BODY of a page, but an attribute should read =
=E2=80=9Cja=EF=BF=BDvascript.=E2=80=9D</div><br><blockquote =
type=3D"cite"><div><blockquote class=3D"gmail_quote" style=3D"caret-color:=
 rgb(0, 0, 0); font-family: Helvetica; font-size: 16px; font-style: =
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; margin: 0px 0px 0px 0.8ex; border-left-width: =
1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); =
padding-left: 1ex;"><div><div><div><br></div><div>The lesson I have =
drawn is that people frequently have what they understand to be a text =
node or an attribute value, but they aren=E2=80=99t aware that they are =
supposed to decode differently, and they also aren=E2=80=99t reaching to =
interact with a full parser to get these values. If PHP could train =
people as they use these functions, purely through their interfaces, I =
think that could help elevate the level of reliability out there in the =
wild, as long as they aren=E2=80=99t<span =
class=3D"Apple-converted-space">&nbsp;</span><i>too</i>&nbsp;cumbersome =
(hence explicitly no default context argument _or_ using =
separately-named functions).</div><div><br></div><div>Having the Enum I =
think enhances the ease with which people can reliably also decode =
things like SCRIPT and STYLE nodes. =E2=80=9CI know `html_decode_text()` =
but I don=E2=80=99t know what the rules for SCRIPT are or if they=E2=80=99=
re different so I=E2=80=99ll just stick with that.=E2=80=9D vs =E2=80=9CMy=
 IDE suggests that `Script` is a different context, that=E2=80=99s =
interesting, I=E2=80=99ll try that and see how it=E2=80=99s =
different."</div><div><br></div></div></div></blockquote><div =
style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
16px; font-style: normal; font-variant-caps: normal; font-weight: 400; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; text-decoration: none;"><br></div><div =
style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
16px; font-style: normal; font-variant-caps: normal; font-weight: 400; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; text-decoration: none;">That is a good =
point and using enums favours that learning push since they are =
inherently grouped together.</div><blockquote class=3D"gmail_quote" =
style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
16px; font-style: normal; font-variant-caps: normal; font-weight: 400; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; text-decoration: none; margin: 0px 0px =
0px 0.8ex; border-left-width: 1px; border-left-style: solid; =
border-left-color: rgb(204, 204, 204); padding-left: =
1ex;"><div><div><div></div><blockquote type=3D"cite"><div =
dir=3D"ltr"><br></div></blockquote><blockquote type=3D"cite"><div><div =
dir=3D"ltr"><div>Best,</div><div>Jakob</div><div>&nbsp;</div></div></div><=
/blockquote><br></div><div>Thanks for your input. I=E2=80=99m grateful =
for the discussions and that people are =
sharing.</div><div><br></div></div></blockquote><div style=3D"caret-color:=
 rgb(0, 0, 0); font-family: Helvetica; font-size: 16px; font-style: =
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><br></div><div style=3D"caret-color: rgb(0, 0, =
0); font-family: Helvetica; font-size: 16px; font-style: normal; =
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: =
none;">Cheers!</div></div></blockquote><br></div><div>Warmly,</div><div>De=
nnis Snell</div><br></body></html>=

--Apple-Mail=_B276F957-ED5F-4B85-84F3-3DD52172687D--