* good tags like \<i\> will be dropped entirely.
*
* @param string|Message $name
+ * @param-taint $name tainted
+ * Phan-taint-check gets very confused by $name being either a string or a Message
*/
public function setPageTitle( $name ) {
if ( $name instanceof Message ) {
# change "<i>foo&bar</i>" to "foo&bar"
$this->setHTMLTitle(
- $this->msg( 'pagetitle' )->rawParams( Sanitizer::stripAllTags( $nameWithTags ) )
+ $this->msg( 'pagetitle' )->plaintextParams( Sanitizer::stripAllTags( $nameWithTags ) )
->inContentLanguage()
);
}
return false;
}
+ /**
+ * Get the Origin-Trial header values. This is used to enable Chrome Origin
+ * Trials: https://github.com/GoogleChrome/OriginTrials
+ *
+ * @return array
+ */
+ private function getOriginTrials() {
+ $config = $this->getConfig();
+
+ return $config->get( 'OriginTrials' );
+ }
+
/**
* Send cache control HTTP headers
*/
$response->header( "X-Frame-Options: $frameOptions" );
}
+ $originTrials = $this->getOriginTrials();
+ foreach ( $originTrials as $originTrial ) {
+ $response->header( "Origin-Trial: $originTrial", false );
+ }
+
ContentSecurityPolicy::sendHeaders( $this );
if ( $this->mArticleBodyOnly ) {