X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FHtml.php;h=ad0130bf8f0dfc28e0a791b4132330174c848a50;hb=69a9b1af2b00a15d5d9c75f43f3134595e54511e;hp=3bcf13132f1beaa98fb01dfb15eb1feee4c233d0;hpb=51e40a712f2f2eb57216b26a16c91d14f74d5cf2;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/Html.php b/includes/Html.php
index 3bcf13132f..ad0130bf8f 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -391,8 +391,8 @@ class Html {
 			unset( $attribs['type'] );
 		}
 		if ( $element === 'input' ) {
-			$type = isset( $attribs['type'] ) ? $attribs['type'] : null;
-			$value = isset( $attribs['value'] ) ? $attribs['value'] : null;
+			$type = $attribs['type'] ?? null;
+			$value = $attribs['value'] ?? null;
 			if ( $type === 'checkbox' || $type === 'radio' ) {
 				// The default value for checkboxes and radio buttons is 'on'
 				// not ''. By stripping value="" we break radio boxes that
@@ -557,10 +557,18 @@ class Html {
 	 * literal "</script>" or (for XML) literal "]]>".
 	 *
 	 * @param string $contents JavaScript
+	 * @param string|null $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
 	 * @return string Raw HTML
 	 */
-	public static function inlineScript( $contents ) {
+	public static function inlineScript( $contents, $nonce = null ) {
 		$attrs = [];
+		if ( $nonce !== null ) {
+			$attrs['nonce'] = $nonce;
+		} else {
+			if ( ContentSecurityPolicy::isNonceRequired( RequestContext::getMain()->getConfig() ) ) {
+				wfWarn( "no nonce set on script. CSP will break it" );
+			}
+		}
 
 		if ( preg_match( '/[<&]/', $contents ) ) {
 			$contents = "/*<![CDATA[*/$contents/*]]>*/";
@@ -574,10 +582,18 @@ class Html {
 	 * "<script src=foo.js></script>".
 	 *
 	 * @param string $url
+	 * @param string|null $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
 	 * @return string Raw HTML
 	 */
-	public static function linkedScript( $url ) {
+	public static function linkedScript( $url, $nonce = null ) {
 		$attrs = [ 'src' => $url ];
+		if ( $nonce !== null ) {
+			$attrs['nonce'] = $nonce;
+		} else {
+			if ( ContentSecurityPolicy::isNonceRequired( RequestContext::getMain()->getConfig() ) ) {
+				wfWarn( "no nonce set on script. CSP will break it" );
+			}
+		}
 
 		return self::element( 'script', $attrs );
 	}
@@ -909,9 +925,9 @@ class Html {
 		if ( isset( $params['label'] ) ) {
 			$ret .= self::element(
 				'label', [
-					'for' => isset( $selectAttribs['id'] ) ? $selectAttribs['id'] : null,
+					'for' => $selectAttribs['id'] ?? null,
 				], $params['label']
-			) . '&#160;';
+			) . "\u{00A0}";
 		}
 
 		// Wrap options in a <select>