* Identical to rawElement(), but HTML-escapes $contents (like
* Xml::element()).
*
- * @param string $element
- * @param array $attribs
+ * @param string $element Name of the element, e.g., 'a'
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
* @param string $contents
*
* @return string
* Identical to rawElement(), but has no third parameter and omits the end
* tag (and the self-closing '/' in XML mode for empty elements).
*
- * @param string $element
- * @param array $attribs
+ * @param string $element Name of the element, e.g., 'a'
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
*
* @return string
*/
*
* @param array $attribs Associative array of attributes, e.g., [
* 'href' => 'https://www.mediawiki.org/' ]. Values will be HTML-escaped.
- * A value of false means to omit the attribute. For boolean attributes,
+ * A value of false or null means to omit the attribute. For boolean attributes,
* you can omit the key, e.g., [ 'checked' ] instead of
* [ 'checked' => 'checked' ] or such.
*
if ( in_array( $key, self::$boolAttribs ) ) {
$ret .= " $key=\"\"";
} else {
- // Apparently we need to entity-encode \n, \r, \t, although the
- // spec doesn't mention that. Since we're doing strtr() anyway,
- // we may as well not call htmlspecialchars().
- // @todo FIXME: Verify that we actually need to
- // escape \n\r\t here, and explain why, exactly.
- // We could call Sanitizer::encodeAttribute() for this, but we
- // don't because we're stubborn and like our marginal savings on
- // byte size from not having to encode unnecessary quotes.
- // The only difference between this transform and the one by
- // Sanitizer::encodeAttribute() is ' is not encoded.
- $map = [
- '&' => '&',
- '"' => '"',
- '>' => '>',
- // '<' allegedly allowed per spec
- // but breaks some tools if not escaped.
- "<" => '<',
- "\n" => ' ',
- "\r" => ' ',
- "\t" => '	'
- ];
- $ret .= " $key=$quote" . strtr( $value, $map ) . $quote;
+ $ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote;
}
}
return $ret;
return self::input( $name, $value, 'checkbox', $attribs );
}
+ /**
+ * Return the HTML for a message box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @param string $className corresponding to box
+ * @param string $heading (optional)
+ * @return string of HTML representing a box.
+ */
+ private static function messageBox( $html, $className, $heading = '' ) {
+ if ( $heading ) {
+ $html = self::element( 'h2', [], $heading ) . $html;
+ }
+ return self::rawElement( 'div', [ 'class' => $className ], $html );
+ }
+
+ /**
+ * Return a warning box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @return string of HTML representing a warning box.
+ */
+ public static function warningBox( $html ) {
+ return self::messageBox( $html, 'warningbox' );
+ }
+
+ /**
+ * Return an error box.
+ * @since 1.31
+ * @param string $html of contents of error box
+ * @param string $heading (optional)
+ * @return string of HTML representing an error box.
+ */
+ public static function errorBox( $html, $heading = '' ) {
+ return self::messageBox( $html, 'errorbox', $heading );
+ }
+
+ /**
+ * Return a success box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @return string of HTML representing a success box.
+ */
+ public static function successBox( $html ) {
+ return self::messageBox( $html, 'successbox' );
+ }
+
/**
* Convenience function to produce a radio button (input element with type=radio)
*