dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge "objectcache: make RedisBagOStuff pass all tests"
[lhc/web/wiklou.git]
/
includes
/
Html.php
diff --git
a/includes/Html.php
b/includes/Html.php
index
3bcf131
..
2ca5229
100644
(file)
--- a/
includes/Html.php
+++ b/
includes/Html.php
@@
-391,8
+391,8
@@
class Html {
unset( $attribs['type'] );
}
if ( $element === 'input' ) {
unset( $attribs['type'] );
}
if ( $element === 'input' ) {
- $type =
isset( $attribs['type'] ) ? $attribs['type'] :
null;
- $value =
isset( $attribs['value'] ) ? $attribs['value'] :
null;
+ $type =
$attribs['type'] ??
null;
+ $value =
$attribs['value'] ??
null;
if ( $type === 'checkbox' || $type === 'radio' ) {
// The default value for checkboxes and radio buttons is 'on'
// not ''. By stripping value="" we break radio boxes that
if ( $type === 'checkbox' || $type === 'radio' ) {
// The default value for checkboxes and radio buttons is 'on'
// not ''. By stripping value="" we break radio boxes that
@@
-557,10
+557,18
@@
class Html {
* literal "</script>" or (for XML) literal "]]>".
*
* @param string $contents JavaScript
* literal "</script>" or (for XML) literal "]]>".
*
* @param string $contents JavaScript
+ * @param string $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
* @return string Raw HTML
*/
* @return string Raw HTML
*/
- public static function inlineScript( $contents ) {
+ public static function inlineScript( $contents
, $nonce = null
) {
$attrs = [];
$attrs = [];
+ if ( $nonce !== null ) {
+ $attrs['nonce'] = $nonce;
+ } else {
+ if ( ContentSecurityPolicy::isEnabled( RequestContext::getMain()->getConfig() ) ) {
+ wfWarn( "no nonce set on script. CSP will break it" );
+ }
+ }
if ( preg_match( '/[<&]/', $contents ) ) {
$contents = "/*<![CDATA[*/$contents/*]]>*/";
if ( preg_match( '/[<&]/', $contents ) ) {
$contents = "/*<![CDATA[*/$contents/*]]>*/";
@@
-574,10
+582,18
@@
class Html {
* "<script src=foo.js></script>".
*
* @param string $url
* "<script src=foo.js></script>".
*
* @param string $url
+ * @param string $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
* @return string Raw HTML
*/
* @return string Raw HTML
*/
- public static function linkedScript( $url ) {
+ public static function linkedScript( $url
, $nonce = null
) {
$attrs = [ 'src' => $url ];
$attrs = [ 'src' => $url ];
+ if ( $nonce !== null ) {
+ $attrs['nonce'] = $nonce;
+ } else {
+ if ( ContentSecurityPolicy::isEnabled( RequestContext::getMain()->getConfig() ) ) {
+ wfWarn( "no nonce set on script. CSP will break it" );
+ }
+ }
return self::element( 'script', $attrs );
}
return self::element( 'script', $attrs );
}
@@
-909,7
+925,7
@@
class Html {
if ( isset( $params['label'] ) ) {
$ret .= self::element(
'label', [
if ( isset( $params['label'] ) ) {
$ret .= self::element(
'label', [
- 'for' =>
isset( $selectAttribs['id'] ) ? $selectAttribs['id'] :
null,
+ 'for' =>
$selectAttribs['id'] ??
null,
], $params['label']
) . ' ';
}
], $params['label']
) . ' ';
}