* literal "</script>" or (for XML) literal "]]>".
*
* @param string $contents JavaScript
+ * @param string $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
* @return string Raw HTML
*/
- public static function inlineScript( $contents ) {
+ public static function inlineScript( $contents, $nonce = null ) {
$attrs = [];
+ if ( $nonce !== null ) {
+ $attrs['nonce'] = $nonce;
+ } else {
+ if ( ContentSecurityPolicy::isEnabled( RequestContext::getMain()->getConfig() ) ) {
+ wfWarn( "no nonce set on script. CSP will break it" );
+ }
+ }
if ( preg_match( '/[<&]/', $contents ) ) {
$contents = "/*<![CDATA[*/$contents/*]]>*/";
* "<script src=foo.js></script>".
*
* @param string $url
+ * @param string $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
* @return string Raw HTML
*/
- public static function linkedScript( $url ) {
+ public static function linkedScript( $url, $nonce = null ) {
$attrs = [ 'src' => $url ];
+ if ( $nonce !== null ) {
+ $attrs['nonce'] = $nonce;
+ } else {
+ if ( ContentSecurityPolicy::isEnabled( RequestContext::getMain()->getConfig() ) ) {
+ wfWarn( "no nonce set on script. CSP will break it" );
+ }
+ }
return self::element( 'script', $attrs );
}
*
* @param string $contents CSS
* @param string $media A media type string, like 'screen'
+ * @param array $attribs (since 1.31) Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
* @return string Raw HTML
*/
- public static function inlineStyle( $contents, $media = 'all' ) {
+ public static function inlineStyle( $contents, $media = 'all', $attribs = [] ) {
// Don't escape '>' since that is used
// as direct child selector.
// Remember, in css, there is no "x" for hexadecimal escapes, and
return self::rawElement( 'style', [
'media' => $media,
- ], $contents );
+ ] + $attribs, $contents );
}
/**
return self::input( $name, $value, 'checkbox', $attribs );
}
+ /**
+ * Return the HTML for a message box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @param string $className corresponding to box
+ * @param string $heading (optional)
+ * @return string of HTML representing a box.
+ */
+ private static function messageBox( $html, $className, $heading = '' ) {
+ if ( $heading ) {
+ $html = self::element( 'h2', [], $heading ) . $html;
+ }
+ return self::rawElement( 'div', [ 'class' => $className ], $html );
+ }
+
+ /**
+ * Return a warning box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @return string of HTML representing a warning box.
+ */
+ public static function warningBox( $html ) {
+ return self::messageBox( $html, 'warningbox' );
+ }
+
+ /**
+ * Return an error box.
+ * @since 1.31
+ * @param string $html of contents of error box
+ * @param string $heading (optional)
+ * @return string of HTML representing an error box.
+ */
+ public static function errorBox( $html, $heading = '' ) {
+ return self::messageBox( $html, 'errorbox', $heading );
+ }
+
+ /**
+ * Return a success box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @return string of HTML representing a success box.
+ */
+ public static function successBox( $html ) {
+ return self::messageBox( $html, 'successbox' );
+ }
+
/**
* Convenience function to produce a radio button (input element with type=radio)
*
dépôts / lhc / web / wiklou.git / blobdiff