($space*=$space*
(?:
# The attribute value: quoted or alone
- \"([^<\"]*)\"
- | '([^<']*)'
+ \"([^<\"]*)(?:\"|\$)
+ | '([^<']*)(?:'|\$)
| ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
)
)?(?=$space|\$)/sx";
public static function removeHTMLtags( $text, $processCallback = null,
$args = array(), $extratags = array(), $removetags = array()
) {
- global $wgUseTidy;
-
extract( self::getRecognizedTagData( $extratags, $removetags ) );
# Remove HTML comments
$text = Sanitizer::removeHTMLcomments( $text );
$bits = explode( '<', $text );
$text = str_replace( '>', '>', array_shift( $bits ) );
- if ( !$wgUseTidy ) {
+ if ( !MWTidy::isEnabled() ) {
$tagstack = $tablestack = array();
foreach ( $bits as $x ) {
$regs = array();
$badtag = true;
} elseif ( in_array( $t, $tagstack ) && !isset( $htmlnest[$t] ) ) {
$badtag = true;
- # Is it a self closed htmlpair ? (bug 5487)
+ # Is it a self closed htmlpair ? (bug 5487)
} elseif ( $brace == '/>' && isset( $htmlpairs[$t] ) ) {
$badtag = true;
} elseif ( isset( $htmlsingleonly[$t] ) ) {
$out = array();
foreach ( $attribs as $attribute => $value ) {
- #allow XML namespace declaration if RDFa is enabled
+ # allow XML namespace declaration if RDFa is enabled
if ( $wgAllowRdfaAttributes && preg_match( self::XMLNS_ATTRIBUTE_PATTERN, $attribute ) ) {
if ( !preg_match( self::EVIL_URI_PATTERN, $value ) ) {
$out[$attribute] = $value;
|| $attribute === 'itemref' || $attribute === 'itemscope'
|| $attribute === 'itemtype'
) {
- //Paranoia. Allow "simple" values but suppress javascript
+ // Paranoia. Allow "simple" values but suppress javascript
if ( preg_match( self::EVIL_URI_PATTERN, $value ) ) {
continue;
}
# validation code that can be used by tag hook handlers, etc
if ( $attribute === 'href' || $attribute === 'src' ) {
if ( !preg_match( $hrefExp, $value ) ) {
- continue; //drop any href or src attributes not using an allowed protocol.
+ continue; // drop any href or src attributes not using an allowed protocol.
// NOTE: this also drops all relative URLs
}
}
# rbc
'rb' => $common,
'rp' => $common,
- 'rt' => $common, #array_merge( $common, array( 'rbspan' ) ),
+ 'rt' => $common, # array_merge( $common, array( 'rbspan' ) ),
'rtc' => $common,
# MathML root element, where used for extensions
$host = preg_replace( $strip, '', $host );
// IPv6 host names are bracketed with []. Url-decode these.
- if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && preg_match( '!^//%5B(.*?)%5D((:\d+)?)$!', $host, $matches ) ) {
+ if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 &&
+ preg_match( '!^//%5B([0-9A-Fa-f:.]+)%5D((:\d+)?)$!', $host, $matches )
+ ) {
$host = '//[' . $matches[1] . ']' . $matches[2];
}