Simplify the generation of HTML node identifiers

We do not to generate completely random identifiers, the original intention was to prevent collisions with existing tag names.

Using a per-request random prefix together with a counter is sufficient to generate unique tag names without paying the CSPRNG tax for ever node.

diff --git a/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php b/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php
index 6ef44f7e32f84bc29fc93ad0bbb9ea40195af2db..c082a869db7e74d9a749c80dda5b62c0f28b13e5 100644 (file)
--- a/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php
+++ b/wcfsetup/install/files/lib/system/html/node/AbstractHtmlNodeProcessor.class.php
@@ -370,18 +370,17 @@ abstract class AbstractHtmlNodeProcessor implements IHtmlNodeProcessor
      */
     public function getWcfNodeIdentifer(): array
     {
-        static $engine = null;
-
-        if ($engine === null) {
-            if (\class_exists(\Random\Engine\Xoshiro256StarStar::class, false)) {
-                $randomizer = new \Random\Randomizer(new \Random\Engine\Xoshiro256StarStar());
-                $engine = static fn () => \bin2hex($randomizer->getBytes(16));
-            } else {
-                $engine = static fn () => \bin2hex(\random_bytes(16));
-            }
+        static $counter = 0;
+        static $prefix = null;
+
+        if ($prefix === null) {
+            // The `x` is appended to visually separate the prefix and the
+            // counter to aid in debugging in case the random prefix ends with
+            // one or more numeric characters.
+            $prefix = \bin2hex(\random_bytes(16)) . 'x';
         }
 
-        $identifier = $engine();
+        $identifier = $prefix . $counter++;
 
         return [$identifier, "wcfNode-{$identifier}"];
     }