String::checkPlain() (and therfore every
% placeholder passed to
Xss::filter(), various Views and other rendering functions, etc. This means in many cases we may have nested lists of safe strings, i.e. one safe string that is composed of several other safe strings that in turn is composed of several others... all in the static list. We have no idea how big this list might get at present.
Additionally, for form and batch processing, we are storing the known list of safe strings in the form/batch state to transfer it between requests. This has the potential to exacerbate existing form cache issues, especially if the list is very large.
Ensure that the list of strings does not become dangerously bloated for cache size or the memory footprint.
Do some profiling, particularly once other critical issues related to the form cache are resolved. Suggestions for profiling:
- The permissions page with more than 10 roles and standard profile.
- A large view, especially one with exposed filters.
- admin/people with more than 10 roles and 100+ users
- admin/content with 100+ nodes
- The block placement page.
- The menu page for a large menu
User interface changes
N/A unless something is broken.