From 02e9e524fefafa1f109a9cc197e75e132b7d46c4 Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Tue, 21 Mar 2023 14:53:33 -0700
Subject: [PATCH 01/11] HTML API: Support extra non-normative comment
 constructions

---
 .../tests/html-api/wpHtmlTagProcessor.php     | 83 +++++++++++++++++++
 1 file changed, 83 insertions(+)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 6b0c263c5dad6..44e3a1a579a89 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -1714,6 +1714,48 @@ public function data_next_tag_ignores_script_tag_contents() {
 		);
 	}
 
+	/**
+	 * Invalid tag names are comments on tag closers.
+	 *
+	 * See https://html.spec.whatwg.org/#parse-error-invalid-first-character-of-tag-name
+	 *
+	 * @dataProvider data_next_tag_ignores_invalid_first_character_of_tag_name_comments
+	 *
+	 * @param $html_with_markers
+	 * @param $before_tag
+	 * @param $after_tag
+	 * @return void
+	 */
+	public function test_next_tag_ignores_invalid_first_character_of_tag_name_comments( $html_with_markers, $before_tag, $after_tag ) {
+		$p = new WP_HTML_Tag_Processor( $html_with_markers );
+		$p->next_tag( $before_tag );
+		$p->next_tag();
+
+		$this->assertSame( $after_tag, $p->get_tag() );
+	}
+
+	public function data_next_tag_ignores_invalid_first_character_of_tag_name_comments() {
+		return array(
+			'Invalid tag openers as normal text'           => array(
+				'<ul><li><div>I <3 when outflow > inflow</div><img></li></ul>',
+				'DIV',
+				'IMG',
+			),
+
+			'Invalid tag closers as comments'              => array(
+				'<ul><li><div>I </3 when <img> outflow <br> inflow</div></li></ul>',
+				'DIV',
+				'BR',
+			),
+
+			'Unexpected question mark instead of tag name' => array(
+				'<div><?xml-stylesheet type="text/css" href="style.css"?><hr>',
+				'DIV',
+				'HR',
+			),
+		);
+	}
+
 	/**
 	 * @ticket 56299
 	 *
@@ -1766,6 +1808,47 @@ public function data_next_tag_ignores_contents_of_rcdata_tag() {
 		);
 	}
 
+	public function test_allows_incorrectly_closed_comments() {
+		$p = new WP_HTML_Tag_Processor( '<img id=before><!-- <img id=inside> --!><img id=after>--><img id=final>' );
+
+		$p->next_tag();
+		$this->assertSame( 'before', $p->get_attribute( 'id' ), 'Did not find starting tag.' );
+
+		$p->next_tag();
+		$this->assertSame( 'after', $p->get_attribute( 'id' ), 'Did not properly close improperly-closed comment.' );
+
+		$p->next_tag();
+		$this->assertSame( 'final', $p->get_attribute( 'id' ), 'Did not skip over unopened comment-closer.' );
+	}
+
+	/**
+	 * @dataProvider data_abruptly_closed_empty_comments
+	 *
+	 * @param $html
+	 * @return void
+	 */
+	public function test_closes_abrupt_closing_of_empty_comment( $html ) {
+		$p = new WP_HTML_Tag_Processor( $html );
+		$p->next_tag();
+		$p->next_tag();
+
+		$this->assertSame( 'after', $p->get_attribute( 'id' ), 'Did not find tag after closing abruptly-closed comment' );
+	}
+
+	public function data_abruptly_closed_empty_comments() {
+		return array(
+			'Empty comment with two dashes only' => array( '<hr><!--><hr id=after>' ),
+			'Empty comment with two dashes only, improperly closed' => array( '<hr><!--!><hr id=inside>--><hr id=after>' ),
+			'Comment with two dashes only, improperly closed twice' => array( '<hr><!--!><hr id=inside>--!><hr id=after>' ),
+			'Empty comment with three dashes'    => array( '<hr><!---><hr id=after>' ),
+			'Empty comment with three dashes, improperly closed' => array( '<hr><!---!><hr id=inside>--><hr id=after>' ),
+			'Comment with three dashes, improperly closed twice' => array( '<hr><!---!><hr id=inside>--!><hr id=after>' ),
+			'Empty comment with four dashes'     => array( '<hr><!----><hr id=after>' ),
+			'Empty comment with four dashes, improperly closed' => array( '<hr><!----!><hr id=after>--><hr id=final>' ),
+			'Comment with four dashes, improperly closed twice' => array( '<hr><!----!><hr id=after>--!><hr id=final>' ),
+		);
+	}
+
 	/**
 	 * @ticket 56299
 	 *

From 5900185cae8e80a08bc95c43d8ce04f0d5e2efa1 Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Tue, 21 Mar 2023 14:54:08 -0700
Subject: [PATCH 02/11] Fix newly introduced and broken tests

---
 .../html-api/class-wp-html-tag-processor.php  | 66 +++++++++++++++++--
 1 file changed, 60 insertions(+), 6 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index ab0b88693ab2e..9dcaed92f1b53 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -1039,13 +1039,41 @@ private function parse_next_tag() {
 					'-' === $html[ $at + 2 ] &&
 					'-' === $html[ $at + 3 ]
 				) {
-					$closer_at = strpos( $html, '-->', $at + 4 );
-					if ( false === $closer_at ) {
-						return false;
+					$closer_at = $at + 4;
+
+					/*
+					 * Abruptly-closed empty comments are a sequence of dashes followed by `>`.
+					 */
+					$span_of_dashes = strspn( $html, '-', $closer_at );
+					if ( '>' === $html[ $closer_at + $span_of_dashes ] ) {
+						$at = $closer_at + $span_of_dashes + 1;
+						continue;
 					}
 
-					$at = $closer_at + 3;
-					continue;
+					/*
+					 * Comments may be closed by either a --> or an invalid --!>.
+					 * The first occurrence closes the comment.
+					 *
+					 * See https://html.spec.whatwg.org/#parse-error-incorrectly-closed-comment
+					 */
+					while ( $closer_at < strlen( $html ) ) {
+						$closer_at = strpos( $html, '--', $closer_at );
+						if ( false === $closer_at ) {
+							return false;
+						}
+
+						if ( '>' === $html[ $closer_at + 2 ] ) {
+							$at = $closer_at + 3;
+							continue 2;
+						}
+
+						if ( '!' === $html[ $closer_at + 2 ] && '>' === $html[ $closer_at + 3 ] ) {
+							$at = $closer_at + 4;
+							continue 2;
+						}
+
+						$closer_at = $closer_at + 2;
+					}
 				}
 
 				/*
@@ -1104,9 +1132,19 @@ private function parse_next_tag() {
 				continue;
 			}
 
+			/*
+			 * </> is a missing end tag name, which is ignored.
+			 *
+			 * See https://html.spec.whatwg.org/#parse-error-missing-end-tag-name
+			 */
+			if ( '>' === $html[ $at + 1 ] ) {
+				$at++;
+				continue;
+			}
+
 			/*
 			 * <? transitions to a bogus comment state – skip to the nearest >
-			 * https://html.spec.whatwg.org/multipage/parsing.html#tag-open-state
+			 * See https://html.spec.whatwg.org/multipage/parsing.html#tag-open-state
 			 */
 			if ( '?' === $html[ $at + 1 ] ) {
 				$closer_at = strpos( $html, '>', $at + 2 );
@@ -1118,6 +1156,22 @@ private function parse_next_tag() {
 				continue;
 			}
 
+			/*
+			 * If a non-alpha starts the tag name in a tag closer it's a comment.
+			 * Find the first `>`, which closes the comment.
+			 *
+			 * See https://github.com/WordPress/wordpress-develop/pull/4256
+			 */
+			if ( $this->is_closing_tag ) {
+				$closer_at = strpos( $html, '>', $at + 3 );
+				if ( false === $closer_at ) {
+					return false;
+				}
+
+				$at = $closer_at + 1;
+				continue;
+			}
+
 			++$at;
 		}
 

From 46af17207ab192a4af0e2e7c9b6aaae5cd3985c7 Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Tue, 21 Mar 2023 16:43:28 -0700
Subject: [PATCH 03/11] Fix implementation detail, move by one not two dashes

---
 src/wp-includes/html-api/class-wp-html-tag-processor.php | 2 +-
 tests/phpunit/tests/html-api/wpHtmlTagProcessor.php      | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 9dcaed92f1b53..7b0a495df6dad 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -1072,7 +1072,7 @@ private function parse_next_tag() {
 							continue 2;
 						}
 
-						$closer_at = $closer_at + 2;
+						$closer_at = $closer_at + 1;
 					}
 				}
 
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 44e3a1a579a89..5fc23875425bc 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -1846,6 +1846,7 @@ public function data_abruptly_closed_empty_comments() {
 			'Empty comment with four dashes'     => array( '<hr><!----><hr id=after>' ),
 			'Empty comment with four dashes, improperly closed' => array( '<hr><!----!><hr id=after>--><hr id=final>' ),
 			'Comment with four dashes, improperly closed twice' => array( '<hr><!----!><hr id=after>--!><hr id=final>' ),
+			'Comment with almost-closer inside'  => array( '<hr><!-- ---!><hr id=after>--!><hr id=final>' ),
 		);
 	}
 

From 2a1e1beeb6e04c091fba0c2d709f687ae76883ce Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Tue, 21 Mar 2023 16:53:45 -0700
Subject: [PATCH 04/11] Move pointer increment into loop condition to avoid
 infinite loops

This is just a safety precaution to mitigate an accidental removal of the
pointer increment. No actual problems motivated this change.
---
 src/wp-includes/html-api/class-wp-html-tag-processor.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 7b0a495df6dad..6b8dc632419ba 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -1056,7 +1056,8 @@ private function parse_next_tag() {
 					 *
 					 * See https://html.spec.whatwg.org/#parse-error-incorrectly-closed-comment
 					 */
-					while ( $closer_at < strlen( $html ) ) {
+					$closer_at--; // Pre-increment inside condition avoids risk of infinite looping.
+					while ( ++$closer_at < strlen( $html ) ) {
 						$closer_at = strpos( $html, '--', $closer_at );
 						if ( false === $closer_at ) {
 							return false;
@@ -1071,8 +1072,6 @@ private function parse_next_tag() {
 							$at = $closer_at + 4;
 							continue 2;
 						}
-
-						$closer_at = $closer_at + 1;
 					}
 				}
 

From f72414024d8b0f6117b70bc66b3a21b2377390db Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Tue, 28 Mar 2023 17:02:53 -0700
Subject: [PATCH 05/11] Add references to Trac ticket, annotate tests

---
 .../html-api/class-wp-html-tag-processor.php  |  1 +
 .../tests/html-api/wpHtmlTagProcessor.php     | 56 ++++++++++++-------
 2 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 6b8dc632419ba..ce95a45564bf5 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -971,6 +971,7 @@ private function skip_script_data() {
 	 * closing `>`; these are left for other methods.
 	 *
 	 * @since 6.2.0
+	 * @since 6.3.0 Passes over invalid-tag-closer-comments like "</3 this is a comment>".
 	 *
 	 * @return bool Whether a tag was found before the end of the document.
 	 */
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 5fc23875425bc..fd3e86101b62b 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -1719,39 +1719,38 @@ public function data_next_tag_ignores_script_tag_contents() {
 	 *
 	 * See https://html.spec.whatwg.org/#parse-error-invalid-first-character-of-tag-name
 	 *
+	 * @ticket 58007
 	 * @dataProvider data_next_tag_ignores_invalid_first_character_of_tag_name_comments
 	 *
-	 * @param $html_with_markers
-	 * @param $before_tag
-	 * @param $after_tag
-	 * @return void
+	 * @param string $html_with_markers HTML containing an invalid tag closer whose element before and element after contain the "start" and "end" CSS classes.
 	 */
-	public function test_next_tag_ignores_invalid_first_character_of_tag_name_comments( $html_with_markers, $before_tag, $after_tag ) {
+	public function test_next_tag_ignores_invalid_first_character_of_tag_name_comments( $html_with_markers ) {
 		$p = new WP_HTML_Tag_Processor( $html_with_markers );
-		$p->next_tag( $before_tag );
+		$p->next_tag( array( 'class_name' => 'start' ) );
 		$p->next_tag();
 
-		$this->assertSame( $after_tag, $p->get_tag() );
+		$this->assertSame( 'end', $p->get_attribute( 'class' ) );
 	}
 
+	/**
+	 * Data provider.
+	 *
+	 * @ticket 58007
+	 *
+	 * @return array[]
+	 */
 	public function data_next_tag_ignores_invalid_first_character_of_tag_name_comments() {
 		return array(
 			'Invalid tag openers as normal text'           => array(
-				'<ul><li><div>I <3 when outflow > inflow</div><img></li></ul>',
-				'DIV',
-				'IMG',
+				'<ul><li><div class=start>I <3 when outflow > inflow</div><img class=end></li></ul>',
 			),
 
 			'Invalid tag closers as comments'              => array(
-				'<ul><li><div>I </3 when <img> outflow <br> inflow</div></li></ul>',
-				'DIV',
-				'BR',
+				'<ul><li><div class=start>I </3 when <img> outflow <br class=end> inflow</div></li></ul>',
 			),
 
 			'Unexpected question mark instead of tag name' => array(
-				'<div><?xml-stylesheet type="text/css" href="style.css"?><hr>',
-				'DIV',
-				'HR',
+				'<div class=start><?xml-stylesheet type="text/css" href="style.css"?><hr class=end>',
 			),
 		);
 	}
@@ -1808,6 +1807,13 @@ public function data_next_tag_ignores_contents_of_rcdata_tag() {
 		);
 	}
 
+	/**
+	 * Ensures that the invalid comment closing syntax "--!>" properly closes a comment.
+	 *
+	 * @ticket 58007
+	 * @covers WP_HTML_Tag_Processor::next_tag
+	 *
+	 */
 	public function test_allows_incorrectly_closed_comments() {
 		$p = new WP_HTML_Tag_Processor( '<img id=before><!-- <img id=inside> --!><img id=after>--><img id=final>' );
 
@@ -1822,19 +1828,29 @@ public function test_allows_incorrectly_closed_comments() {
 	}
 
 	/**
+	 * Ensures that abruptly-closed empty comments are properly closed.
+	 *
+	 * @ticket 58007
+	 * @covers WP_HTML_Tag_Processor::next_tag
 	 * @dataProvider data_abruptly_closed_empty_comments
 	 *
-	 * @param $html
-	 * @return void
+	 * @param string $html_with_after_marker HTML to test with "id=after" on element immediately following an abruptly closed comment.
 	 */
-	public function test_closes_abrupt_closing_of_empty_comment( $html ) {
-		$p = new WP_HTML_Tag_Processor( $html );
+	public function test_closes_abrupt_closing_of_empty_comment( $html_with_after_marker ) {
+		$p = new WP_HTML_Tag_Processor( $html_with_after_marker );
 		$p->next_tag();
 		$p->next_tag();
 
 		$this->assertSame( 'after', $p->get_attribute( 'id' ), 'Did not find tag after closing abruptly-closed comment' );
 	}
 
+	/**
+	 * Data provider.
+	 *
+	 * @ticket 58007
+	 *
+	 * @return array[]
+	 */
 	public function data_abruptly_closed_empty_comments() {
 		return array(
 			'Empty comment with two dashes only' => array( '<hr><!--><hr id=after>' ),

From 5f170ee6a8fd6e4a311650fc6ff28f9ecf1f5522 Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Wed, 29 Mar 2023 08:38:17 -0700
Subject: [PATCH 06/11] Linting issues

---
 src/wp-includes/html-api/class-wp-html-tag-processor.php | 6 ++----
 tests/phpunit/tests/html-api/wpHtmlTagProcessor.php      | 6 +++---
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index ce95a45564bf5..020608b9e0c5a 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -971,7 +971,7 @@ private function skip_script_data() {
 	 * closing `>`; these are left for other methods.
 	 *
 	 * @since 6.2.0
-	 * @since 6.3.0 Passes over invalid-tag-closer-comments like "</3 this is a comment>".
+	 * @since 6.2.1 Passes over invalid-tag-closer-comments like "</3 this is a comment>".
 	 *
 	 * @return bool Whether a tag was found before the end of the document.
 	 */
@@ -1042,9 +1042,7 @@ private function parse_next_tag() {
 				) {
 					$closer_at = $at + 4;
 
-					/*
-					 * Abruptly-closed empty comments are a sequence of dashes followed by `>`.
-					 */
+					// Abruptly-closed empty comments are a sequence of dashes followed by `>`.
 					$span_of_dashes = strspn( $html, '-', $closer_at );
 					if ( '>' === $html[ $closer_at + $span_of_dashes ] ) {
 						$at = $closer_at + $span_of_dashes + 1;
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index fd3e86101b62b..aac5593309283 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -1720,9 +1720,11 @@ public function data_next_tag_ignores_script_tag_contents() {
 	 * See https://html.spec.whatwg.org/#parse-error-invalid-first-character-of-tag-name
 	 *
 	 * @ticket 58007
+	 *
 	 * @dataProvider data_next_tag_ignores_invalid_first_character_of_tag_name_comments
 	 *
-	 * @param string $html_with_markers HTML containing an invalid tag closer whose element before and element after contain the "start" and "end" CSS classes.
+	 * @param string $html_with_markers HTML containing an invalid tag closer whose element before and
+	 *                                  element after contain the "start" and "end" CSS classes.
 	 */
 	public function test_next_tag_ignores_invalid_first_character_of_tag_name_comments( $html_with_markers ) {
 		$p = new WP_HTML_Tag_Processor( $html_with_markers );
@@ -1735,8 +1737,6 @@ public function test_next_tag_ignores_invalid_first_character_of_tag_name_commen
 	/**
 	 * Data provider.
 	 *
-	 * @ticket 58007
-	 *
 	 * @return array[]
 	 */
 	public function data_next_tag_ignores_invalid_first_character_of_tag_name_comments() {

From ebeb8707a0ce8cc119036812c3d51279b670ecaa Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Wed, 29 Mar 2023 08:54:53 -0700
Subject: [PATCH 07/11] Correct unchecked indexing, feedback

Props to @costdev for noting the unchecked indices.
---
 .../html-api/class-wp-html-tag-processor.php  |  6 ++--
 .../tests/html-api/wpHtmlTagProcessor.php     | 34 +++++++++++++++++--
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 020608b9e0c5a..8fe59d68c4b8d 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -1055,19 +1055,19 @@ private function parse_next_tag() {
 					 *
 					 * See https://html.spec.whatwg.org/#parse-error-incorrectly-closed-comment
 					 */
-					$closer_at--; // Pre-increment inside condition avoids risk of infinite looping.
+					$closer_at--; // Pre-increment inside condition below reduces risk of accidental infinite looping.
 					while ( ++$closer_at < strlen( $html ) ) {
 						$closer_at = strpos( $html, '--', $closer_at );
 						if ( false === $closer_at ) {
 							return false;
 						}
 
-						if ( '>' === $html[ $closer_at + 2 ] ) {
+						if ( $closer_at + 2 < strlen( $html ) && '>' === $html[ $closer_at + 2 ] ) {
 							$at = $closer_at + 3;
 							continue 2;
 						}
 
-						if ( '!' === $html[ $closer_at + 2 ] && '>' === $html[ $closer_at + 3 ] ) {
+						if ( $closer_at + 3 < strlen( $html ) && '!' === $html[ $closer_at + 2 ] && '>' === $html[ $closer_at + 3 ] ) {
 							$at = $closer_at + 4;
 							continue 2;
 						}
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index aac5593309283..58d032329deff 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -1827,10 +1827,42 @@ public function test_allows_incorrectly_closed_comments() {
 		$this->assertSame( 'final', $p->get_attribute( 'id' ), 'Did not skip over unopened comment-closer.' );
 	}
 
+	/**
+	 * Ensures that unclosed and invalid comments don't trigger warnings or errors.
+	 *
+	 * @ticket 58007
+	 *
+	 * @covers WP_HTML_Tag_Processor::next_tag
+	 * @dataProvider data_html_with_unclosed_comments
+	 *
+	 * @param string $html_ending_before_comment_close HTML with opened comments that aren't closed
+	 */
+	public function test_documents_may_end_with_unclosed_comment( $html_ending_before_comment_close ) {
+		$p = new WP_HTML_Tag_Processor( $html_ending_before_comment_close );
+
+		$this->assertFalse( $p->next_tag() );
+	}
+
+	/**
+	 * Data provider.
+	 *
+	 * @return array[]
+	 */
+	public function data_html_with_unclosed_comments() {
+		return array(
+			'Basic truncated comment'          => array( '<!-- this ends --' ),
+			'Comment with closer look-alike'   => array( '<!-- this ends --x' ),
+			'Comment with closer look-alike 2' => array( '<!-- this ends --!x' ),
+			'Invalid tag-closer comment'       => array( '</(when will this madness end?)' ),
+			'Invalid tag-closer comment 2'     => array( '</(when will this madness end?)--' )
+		);
+	}
+
 	/**
 	 * Ensures that abruptly-closed empty comments are properly closed.
 	 *
 	 * @ticket 58007
+	 *
 	 * @covers WP_HTML_Tag_Processor::next_tag
 	 * @dataProvider data_abruptly_closed_empty_comments
 	 *
@@ -1847,8 +1879,6 @@ public function test_closes_abrupt_closing_of_empty_comment( $html_with_after_ma
 	/**
 	 * Data provider.
 	 *
-	 * @ticket 58007
-	 *
 	 * @return array[]
 	 */
 	public function data_abruptly_closed_empty_comments() {

From 1c7ee802028596e6dde3fb7c1a529e267da45f15 Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Wed, 29 Mar 2023 08:59:46 -0700
Subject: [PATCH 08/11] Catch another indexing operation

---
 src/wp-includes/html-api/class-wp-html-tag-processor.php | 2 +-
 tests/phpunit/tests/html-api/wpHtmlTagProcessor.php      | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 8fe59d68c4b8d..61b0cb696f186 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -1036,7 +1036,7 @@ private function parse_next_tag() {
 				 * https://html.spec.whatwg.org/multipage/parsing.html#tag-open-state
 				 */
 				if (
-					strlen( $html ) > $at + 3 &&
+					strlen( $html ) > $at + 4 &&
 					'-' === $html[ $at + 2 ] &&
 					'-' === $html[ $at + 3 ]
 				) {
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 58d032329deff..71a3e2a13096e 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -1850,6 +1850,7 @@ public function test_documents_may_end_with_unclosed_comment( $html_ending_befor
 	 */
 	public function data_html_with_unclosed_comments() {
 		return array(
+			'Shortest open valid comment'      => array( '<!--' ),
 			'Basic truncated comment'          => array( '<!-- this ends --' ),
 			'Comment with closer look-alike'   => array( '<!-- this ends --x' ),
 			'Comment with closer look-alike 2' => array( '<!-- this ends --!x' ),

From ccc9e3b3d60d227fe3cce970744f15d776c370a5 Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Wed, 29 Mar 2023 09:13:22 -0700
Subject: [PATCH 09/11] WIP

---
 tests/phpunit/tests/html-api/wpHtmlTagProcessor.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 71a3e2a13096e..7b74b279124ed 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -6,6 +6,19 @@
  * @subpackage HTML-API
  */
 
+if ( ! class_exists( 'WP_UnitTestCase' ) ) {
+	class WP_UnitTestCase extends PHPUnit\Framework\TestCase {}
+
+	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-attribute-token.php';
+	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-span.php';
+//	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-spec.php';
+	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-text-replacement.php';
+	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-tag-processor.php';
+//	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-processor.php';
+
+	function esc_attr( $s ) { return str_replace( [ '<', '>', '"' ], [ '&lt;', '&gt;', '&quot;' ], $s ); }
+}
+
 /**
  * @group html-api
  *

From 93339ff7437a9b661818df37ddfc31d10fa325aa Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Wed, 5 Apr 2023 23:22:34 +0200
Subject: [PATCH 10/11] WIP: HTML API: Stop at funky comments

---
 .../html-api/class-wp-html-tag-processor.php  | 170 ++++++++++++++++--
 .../tests/html-api/wpHtmlTagProcessor.php     |  97 ++++++++++
 2 files changed, 255 insertions(+), 12 deletions(-)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index 61b0cb696f186..bf0a881e6c756 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -317,6 +317,16 @@ class WP_HTML_Tag_Processor {
 	 */
 	private $stop_on_tag_closers;
 
+	/**
+	 * Whether to visit funky comments, e.g. </1>, when walking an input document.
+	 *
+	 * These are funny because they are errors.
+	 *
+	 * @since 6.3.0
+	 * @var bool
+	 */
+	private $stop_on_funky_comments;
+
 	/**
 	 * Holds updated HTML as updates are applied.
 	 *
@@ -538,6 +548,18 @@ class WP_HTML_Tag_Processor {
 	 */
 	protected $seek_count = 0;
 
+	/**
+	 * @since 6.3.0
+	 * @var string
+	 */
+	private $funky_comment_content = null;
+
+	/**
+	 * @since 6.3.0
+	 * @var int
+	 */
+	private $placeholders = 0;
+
 	/**
 	 * Constructor.
 	 *
@@ -1161,11 +1183,21 @@ private function parse_next_tag() {
 			 * See https://github.com/WordPress/wordpress-develop/pull/4256
 			 */
 			if ( $this->is_closing_tag ) {
-				$closer_at = strpos( $html, '>', $at + 3 );
+				$closer_at = strpos( $html, '>', $at );
 				if ( false === $closer_at ) {
 					return false;
 				}
 
+				if ( $this->stop_on_funky_comments ) {
+					++$at;
+					$this->tag_name_length       = 0;
+					$this->tag_name_starts_at    = $at;
+					$this->bytes_already_parsed  = $closer_at;
+					$this->funky_comment_content = array( $at, $closer_at );
+
+					return true;
+				}
+
 				$at = $closer_at + 1;
 				continue;
 			}
@@ -1301,11 +1333,12 @@ private function skip_whitespace() {
 	private function after_tag() {
 		$this->class_name_updates_to_attributes_updates();
 		$this->apply_attributes_updates();
-		$this->tag_name_starts_at = null;
-		$this->tag_name_length    = null;
-		$this->tag_ends_at        = null;
-		$this->is_closing_tag     = null;
-		$this->attributes         = array();
+		$this->tag_name_starts_at    = null;
+		$this->tag_name_length       = null;
+		$this->tag_ends_at           = null;
+		$this->is_closing_tag        = null;
+		$this->attributes            = array();
+		$this->funky_comment_content = null;
 	}
 
 	/**
@@ -1552,7 +1585,7 @@ public function seek( $bookmark_name ) {
 		if ( ! array_key_exists( $bookmark_name, $this->bookmarks ) ) {
 			_doing_it_wrong(
 				__METHOD__,
-				__( 'Unknown bookmark name.' ),
+				__( 'Unknown bookmark name.' . ' ' . $bookmark_name ),
 				'6.2.0'
 			);
 			return false;
@@ -1577,6 +1610,14 @@ public function seek( $bookmark_name ) {
 		return $this->next_tag( array( 'tag_closers' => 'visit' ) );
 	}
 
+	public function rewind() {
+//		$this->get_updated_html();
+		$this->after_tag();
+		$this->bytes_already_parsed = 0;
+		$this->bytes_already_copied = 0;
+		$this->output_buffer        = '';
+	}
+
 	/**
 	 * Compare two WP_HTML_Text_Replacement objects.
 	 *
@@ -1857,6 +1898,13 @@ public function is_tag_closer() {
 		return $this->is_closing_tag;
 	}
 
+	/**
+	 * @since 6.3.0
+	 */
+	public function is_funky_comment() {
+		return null !== $this->funky_comment_content;
+	}
+
 	/**
 	 * Updates or creates a new attribute on the currently matched tag with the passed value.
 	 *
@@ -2113,6 +2161,13 @@ public function __toString() {
 		return $this->get_updated_html();
 	}
 
+	public function get_funky_content() {
+		if ( $this->funky_comment_content !== null ) {
+			list( $start, $end ) = $this->funky_comment_content;
+			return substr( $this->html, $start, $end - $start );
+		}
+	}
+
 	/**
 	 * Returns the string representation of the HTML Tag Processor.
 	 *
@@ -2204,11 +2259,12 @@ private function parse_query( $query ) {
 			return;
 		}
 
-		$this->last_query          = $query;
-		$this->sought_tag_name     = null;
-		$this->sought_class_name   = null;
-		$this->sought_match_offset = 1;
-		$this->stop_on_tag_closers = false;
+		$this->last_query             = $query;
+		$this->sought_tag_name        = null;
+		$this->sought_class_name      = null;
+		$this->sought_match_offset    = 1;
+		$this->stop_on_tag_closers    = false;
+		$this->stop_on_funky_comments = false;
 
 		// A single string value means "find the tag of this name".
 		if ( is_string( $query ) ) {
@@ -2246,8 +2302,94 @@ private function parse_query( $query ) {
 		if ( isset( $query['tag_closers'] ) ) {
 			$this->stop_on_tag_closers = 'visit' === $query['tag_closers'];
 		}
+
+		if ( isset( $query['funky_comments'] ) ) {
+			$this->stop_on_funky_comments = 'visit' === $query['funky_comments'];
+		}
 	}
 
+	public function declarative_match( $pattern_html ) {
+		$this->placeholders = 0;
+		while ( $this->placeholders > 0 ) {
+			$this->release_bookmark( "__placeholder_{$this->placeholders}" );
+			$this->placeholders--;
+		}
+		$pattern = new WP_HTML_Tag_Processor( $pattern_html );
+		$visit_everything = array( 'tag_closers' => 'visit', 'funky_comments' => 'visit' );
+
+		$same_thing = function ( WP_HTML_Tag_Processor $pattern, WP_HTML_Tag_Processor $test ) {
+			if ( $pattern->is_funky_comment() ) {
+				$this->placeholders++;
+				$this->set_bookmark( "__placeholder_{$this->placeholders}" );
+				return true;
+			}
+
+			if ( ! (
+				$pattern->get_tag() === $test->get_tag() &&
+				$pattern->is_tag_closer() === $test->is_tag_closer() &&
+				$pattern->is_funky_comment() === $test->is_funky_comment()
+			) ) {
+				return false;
+			}
+
+			$attribute_constraints = $pattern->get_attribute_names_with_prefix( '' );
+			if ( null === $attribute_constraints ) {
+				return true;
+			}
+
+			foreach ( $attribute_constraints as $name ) {
+				if ( $pattern->get_attribute( $name ) !== $test->get_attribute( $name ) ) {
+					return false;
+				}
+			}
+
+			return true;
+		};
+
+		step_one: // find the next spot the patterns start the same.
+		if ( ! $pattern->next_tag( $visit_everything ) ) {
+			return false;
+		}
+
+		while ( $this->placeholders > 0 ) {
+			$this->release_bookmark( "__placeholder_{$this->placeholders}" );
+			$this->placeholders--;
+		}
+		while ( $this->next_tag( $visit_everything ) ) {
+			if ( $same_thing( $pattern, $this ) ) {
+				goto step_two;
+			}
+		}
+		return false;
+
+		step_two: // see if the subsequence tokens in the pattern and test match.
+		$this->set_bookmark( 'match_start' );
+		if ( ! $pattern->next_tag( $visit_everything ) ) {
+			$this->release_bookmark( 'match_start' );
+			return true;
+		}
+
+		while ( true ) {
+			if ( ! $this->next_tag( $visit_everything ) ) {
+				$this->release_bookmark( 'match_start' );
+				return false;
+			}
+
+			if ( ! $same_thing( $pattern, $this ) ) {
+				$pattern->rewind();
+				goto step_one;
+			}
+
+			if ( ! $pattern->next_tag( $visit_everything ) ) {
+				break;
+			}
+		}
+
+		$this->set_bookmark( 'match_end' );
+		$this->seek( 'match_start' );
+		$this->release_bookmark( 'match_start' );
+		return true;
+	}
 
 	/**
 	 * Checks whether a given tag and its attributes match the search criteria.
@@ -2257,6 +2399,10 @@ private function parse_query( $query ) {
 	 * @return boolean Whether the given tag and its attribute match the search criteria.
 	 */
 	private function matches() {
+		if ( null !== $this->funky_comment_content && $this->stop_on_funky_comments ) {
+			return true;
+		}
+
 		if ( $this->is_closing_tag && ! $this->stop_on_tag_closers ) {
 			return false;
 		}
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 7b74b279124ed..62b58fe5d86a6 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -17,6 +17,10 @@ class WP_UnitTestCase extends PHPUnit\Framework\TestCase {}
 //	require_once '/Users/dmsnell/code/WordPress-develop/src/wp-includes/html-api/class-wp-html-processor.php';
 
 	function esc_attr( $s ) { return str_replace( [ '<', '>', '"' ], [ '&lt;', '&gt;', '&quot;' ], $s ); }
+	function __( $s ) { return $s; }
+	function _doing_it_wrong( ...$args ) {
+		var_dump( $args );
+	}
 }
 
 /**
@@ -2247,4 +2251,97 @@ public function data_updating_attributes_in_malformed_html() {
 			),
 		);
 	}
+
+	/**
+	 * @dataProvider data_funky_comments
+	 */
+	public function test_stops_at_funky_comments( $html, $content ) {
+		$p = new WP_HTML_Tag_Processor( $html );
+
+		$this->assertTrue( $p->next_tag( array( 'funky_comments' => 'visit' ) ) );
+		$this->assertEquals( $content, $p->get_funky_content() );
+	}
+
+	public function data_funky_comments() {
+		return array(
+			'Isolated comment'   => array( '</1>', '1' ),
+			'Inside text'        => array( 'Before</1>After', '1' ),
+			'%name syntax'       => array( 'Today is </%day>.', '%day' ),
+			'With spaces inside' => array( 'What </$variable is this>?', '$variable is this' ),
+		);
+	}
+
+	/**
+	 * @dataProvider data_declarative_patterns
+	 */
+	public function test_matches_declarative_pattern( $pattern, $html, $matches ) {
+		$p = new WP_HTML_Tag_Processor( $html );
+
+		if ( $matches ) {
+			$this->assertTrue( $p->declarative_match( $pattern ) );
+		} else {
+			$this->assertFalse( $p->declarative_match( $pattern ) );
+		}
+	}
+
+	public function data_declarative_patterns() {
+		return array(
+			'Single tag'                 => array( '<div>', '<div>', true ),
+			'^Single tag'                => array( '<div>', '<img>', false ),
+			'Wrapped image'              => array( '<div><img></div>', '<div><img></div>', true ),
+			'Wrapped image w/attributes' => array( '<div><img></div>', '<div id="14"><img src="hallumi" inert></div>', true ),
+			'Prefix before match'        => array( '<li><img></li>', '<main><h1>Stuff!</h1><ul><li><img></li></ul></main>', true ),
+			'Pattern with attribute'     => array( '<li is-active><img></li>', '<li is-active><img></li>', true ),
+			'^Pattern with attribute'    => array( '<li is-active><img></li>', '<li><img></li>', false ),
+			'Pattern with attributes'    => array( '<li is-active class="slick"><img></li>', '<li class="slick" is-active><img></li>', true ),
+			'^Pattern with attributes'   => array( '<li is-active class="slick"><img></li>', '<li id="slick" is-active><img></li>', false ),
+			'^Pattern with attributes 2' => array( '<li is-active class="slick"><img></li>', '<li class="wicket" is-active><img></li>', false ),
+			'Test with attributes'       => array( '<li is-active><img></li>', '<li id="5" is-funky=maybe style=\'color: red;\' is-active class="test-class bright"><img></li>', true ),
+			'^Test with attributes'      => array( '<li is-active><img></li>', '<li id="5" is-funky=maybe style=\'color: red;\' isactive class="test-class bright"><img></li>', false ),
+			'Attribute with value'       => array( '<input disabled>', '<input type="text"><input><input disabled><input value="5">', true ),
+			'Attribute with text'        => array( '<input id="5">', '<input type="text"><input><input id=5><input disabled><input value="5">', true ),
+			'^Attribute with value'      => array( '<input disabled>', '<input type="text"><input><input disable><input value="5">', false ),
+			'Wildcard'                   => array( '<hgroup></1></2></hgroup>', '<hgroup><h1>Important</h1></hgroup>', true ),
+			'^Wildcard'                  => array( '<hgroup></1></2></hgroup>', '<hgroup><img></hgroup>', false ),
+			'Wildcard attributes'        => array( '</1 aria-label="placeholder">', '<div><p><strong>This</strong> is <em aria-label="placeholder">really</em> cool!</p></div>', true ),
+		);
+	}
+
+	public function test_declarative_match_pauses_at_start_of_match() {
+		$p = new WP_HTML_Tag_Processor( '<main><h1>Stuff!</h1><ul><li pick-me><img></li></ul></main>' );
+
+		$this->assertTrue( $p->declarative_match( '<li><img></li>' ) );
+		$this->assertTrue( $p->get_attribute( 'pick-me' ) );
+	}
+
+	public function test_declarative_match_bookmarks_markup_wildcards_delete_me_this_is_an_internal_detail_but_for_now_helpful_for_development() {
+		$p = new WP_HTML_Tag_Processor( <<<HTML
+			<main>
+				<h1>Stuff!</h1>
+				<ul>
+					<li id=1><p>Just a thought</p></li>
+					<img>
+					<li id=2 pick-me><img></li>
+				</ul>
+			</main>
+HTML
+		);
+
+		$p->next_tag();
+
+		$this->assertTrue( $p->declarative_match( '<li></1></li>' ) );
+		$p->seek( '__placeholder_1' );
+		$this->assertSame( 'IMG', $p->get_tag() );
+
+		$p->rewind();
+		$this->assertTrue( $p->declarative_match( '<main></1></2><ul>' ) );
+
+		$p->seek( '__placeholder_1' );
+		$this->assertSame( 'H1', $p->get_tag() );
+		$this->assertFalse( $p->is_tag_closer() );
+
+		$p->seek( '__placeholder_2' );
+		$this->assertSame( 'H1', $p->get_tag() );
+		$this->assertTrue( $p->is_tag_closer() );
+	}
 }

From d36fb2582f1c94d1dd1b02ba57827cf090c6e87b Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Mon, 10 Apr 2023 11:13:10 +0200
Subject: [PATCH 11/11] WIP

---
 .../html-api/class-wp-html-tag-processor.php  | 83 +++++++++++++++++++
 .../tests/html-api/wpHtmlTagProcessor.php     | 60 ++++++++++++++
 2 files changed, 143 insertions(+)

diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
index bf0a881e6c756..05b8a021733cc 100644
--- a/src/wp-includes/html-api/class-wp-html-tag-processor.php
+++ b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -2391,6 +2391,89 @@ public function declarative_match( $pattern_html ) {
 		return true;
 	}
 
+	/**
+	 * @since 6.3.0
+	 */
+	public function transform( $pattern_html, $transformer_html ) {
+		$visit_everything = array( 'tag_closers' => 'visit', 'funky_comments' => 'visit' );
+		$pattern          = new WP_HTML_Tag_Processor( $pattern_html );
+		$transform        = new WP_HTML_Tag_Processor( $transformer_html );
+
+		if (
+			! $pattern->next_tag( $visit_everything ) ||
+			! $transform->next_tag( $visit_everything ) ||
+			! $this->declarative_match( $pattern_html )
+		) {
+			return false;
+		}
+
+		$this->set_bookmark( 'match_start' );
+
+		$same_thing = function ( WP_HTML_Tag_Processor $pattern, WP_HTML_Tag_Processor $test ) {
+			if ( $pattern->is_funky_comment() ) {
+//				$this->placeholders++;
+//				$this->set_bookmark( "__placeholder_{$this->placeholders}" );
+				return true;
+			}
+
+			if ( ! (
+				$pattern->get_tag() === $test->get_tag() &&
+				$pattern->is_tag_closer() === $test->is_tag_closer() &&
+				$pattern->is_funky_comment() === $test->is_funky_comment()
+			) ) {
+				return false;
+			}
+
+			$attribute_constraints = $pattern->get_attribute_names_with_prefix( '' );
+			if ( null === $attribute_constraints ) {
+				return true;
+			}
+
+			foreach ( $attribute_constraints as $name ) {
+				if ( $pattern->get_attribute( $name ) !== $test->get_attribute( $name ) ) {
+					return false;
+				}
+			}
+
+			return true;
+		};
+
+		$budget = 10;
+		while ( $budget-- ) {
+			if ( $same_thing( $pattern, $transform ) ) {
+				if ( ! $transform->next_tag( $visit_everything ) ) {
+					goto drop_patterns;
+				}
+				$this->next_tag( $visit_everything );
+				$pattern->next_tag( $visit_everything );
+				continue;
+			}
+
+			$this->set_bookmark( 'here' );
+			$this->lexical_updates[] = new WP_HTML_Text_Replacement(
+				$this->bookmarks['here']->start,
+				$this->bookmarks['here']->end + 1,
+				''
+			);
+			var_dump( substr( $this->html, $this->bookmarks['here']->start, $this->bookmarks['here']->end - $this->bookmarks['here']->start + 1 ) );
+			$this->get_updated_html();
+			$pattern->next_tag( $visit_everything );
+			$this->next_tag( $visit_everything );
+		}
+
+		drop_patterns:
+		while ( $pattern->next_tag( $visit_everything ) ) {
+			$this->set_bookmark( 'here' );
+			$this->lexical_updates[] = new WP_HTML_Text_Replacement(
+				$this->bookmarks['here']->start,
+				$this->bookmarks['here']->end + 1,
+				''
+			);
+			var_dump( substr( $this->html, $this->bookmarks['here']->start, $this->bookmarks['here']->end - $this->bookmarks['here']->start + 1 ) );
+			$this->next_tag( $visit_everything );
+		}
+	}
+
 	/**
 	 * Checks whether a given tag and its attributes match the search criteria.
 	 *
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
index 62b58fe5d86a6..9ad7274e0e722 100644
--- a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
+++ b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -2344,4 +2344,64 @@ public function test_declarative_match_bookmarks_markup_wildcards_delete_me_this
 		$this->assertSame( 'H1', $p->get_tag() );
 		$this->assertTrue( $p->is_tag_closer() );
 	}
+
+	/**
+	 * @dataProvider data_html_transforms
+	 */
+	public function test_transforms_html( $pattern, $transformer, $input, $output ) {
+		$p = new WP_HTML_Tag_Processor( $input );
+		$p->transform( $pattern, $transformer );
+
+		$this->assertSame( $output, $p->get_updated_html() );
+	}
+
+	public function data_html_transforms() {
+		return array(
+			'Unwrap image tag' => array(
+				'<div><img></div>',
+				'<html><img>',
+				'<div class="wp-div-image"><img src="atat.png" class="full-width"></div><br>',
+				'<img src="atat.png" class="full-width"><br>'
+			),
+			'Remove first image' => array(
+				'</-img><img>',
+				'<img>',
+				'<img first><img second>',
+				'<img second>'
+			),
+			'Remove second image' => array(
+				'<img></-img>',
+				'<img>',
+				'<img first><img second>',
+				'<img first>'
+			),
+			'Add image before' => array(
+				'<img>',
+				'</+img><img>',
+				'<img first>',
+				'<img><img first>'
+			),
+			'Add image after' => array(
+				'<img>',
+				'<img></+img>',
+				'<img first>',
+				'<img first><img>'
+			),
+		);
+	}
+
+	/**
+	 * @dataProvider data_css_selectors_to_html
+	 */
+	public function test_generates_html_from_css_selector( $selector, $html ) {
+		$this->assertTrue( true );
+	}
+
+	public function data_css_selectors_to_html() {
+		return array(
+			'Single element'   => array( 'table', 'table' ),
+			'Single class'     => array( '.is-working', '</1 class="is-working">' ),
+			'Adjacent Sibling' => array( '* + img', '</1><img>' ),
+		);
+	}
 }