* Collection of methods to generate HTML content
*
* Copyright © 2009 Aryeh Gregor
- * http://www.mediawiki.org/
+ * https://www.mediawiki.org/
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* @since 1.16
*/
class Html {
- // List of void elements from HTML5, section 8.1.2 as of 2011-08-12
+ // List of void elements from HTML5, section 8.1.2 as of 2016-09-19
private static $voidElements = [
'area',
'base',
'br',
'col',
- 'command',
'embed',
'hr',
'img',
*
* @param string $contents The raw HTML contents of the element: *not*
* escaped!
- * @param array $attrs Associative array of attributes, e.g., array(
- * 'href' => 'http://www.mediawiki.org/' ). See expandAttributes() for
+ * @param array $attrs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
* further documentation.
* @param string[] $modifiers classes to add to the button
- * @see http://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
+ * @see https://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
* @return string Raw HTML
*/
public static function linkButton( $contents, array $attrs, array $modifiers = [] ) {
*
* @param string $contents The raw HTML contents of the element: *not*
* escaped!
- * @param array $attrs Associative array of attributes, e.g., array(
- * 'href' => 'http://www.mediawiki.org/' ). See expandAttributes() for
+ * @param array $attrs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
* further documentation.
* @param string[] $modifiers classes to add to the button
- * @see http://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
+ * @see https://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
* @return string Raw HTML
*/
public static function submitButton( $contents, array $attrs, array $modifiers = [] ) {
* content model.
*
* @param string $element The element's name, e.g., 'a'
- * @param array $attribs Associative array of attributes, e.g., array(
- * 'href' => 'http://www.mediawiki.org/' ). See expandAttributes() for
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
* further documentation.
* @param string $contents The raw HTML contents of the element: *not*
* escaped!
* Identical to rawElement(), but HTML-escapes $contents (like
* Xml::element()).
*
- * @param string $element
- * @param array $attribs
+ * @param string $element Name of the element, e.g., 'a'
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
* @param string $contents
*
* @return string
* Identical to rawElement(), but has no third parameter and omits the end
* tag (and the self-closing '/' in XML mode for empty elements).
*
- * @param string $element
- * @param array $attribs
+ * @param string $element Name of the element, e.g., 'a'
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
*
* @return string
*/
* to the input array (currently per the HTML 5 draft as of 2009-09-06).
*
* @param string $element Name of the element, e.g., 'a'
- * @param array $attribs Associative array of attributes, e.g., array(
- * 'href' => 'http://www.mediawiki.org/' ). See expandAttributes() for
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
* further documentation.
* @return array An array of attributes functionally identical to $attribs
*/
'height' => '150',
'width' => '300',
],
- 'command' => [ 'type' => 'command' ],
'form' => [
'action' => 'GET',
'autocomplete' => 'on',
/**
* Given an associative array of element attributes, generate a string
- * to stick after the element name in HTML output. Like array( 'href' =>
- * 'http://www.mediawiki.org/' ) becomes something like
- * ' href="http://www.mediawiki.org"'. Again, this is like
+ * to stick after the element name in HTML output. Like [ 'href' =>
+ * 'https://www.mediawiki.org/' ] becomes something like
+ * ' href="https://www.mediawiki.org"'. Again, this is like
* Xml::expandAttributes(), but it implements some HTML-specific logic.
*
* Attributes that can contain space-separated lists ('class', 'accesskey' and 'rel') array
*
* @par Numerical array
* @code
- * Html::element( 'em', array(
- * 'class' => array( 'foo', 'bar' )
- * ) );
+ * Html::element( 'em', [
+ * 'class' => [ 'foo', 'bar' ]
+ * ] );
* // gives '<em class="foo bar"></em>'
* @endcode
*
* @par Associative array
* @code
- * Html::element( 'em', array(
- * 'class' => array( 'foo', 'bar', 'foo' => false, 'quux' => true )
- * ) );
+ * Html::element( 'em', [
+ * 'class' => [ 'foo', 'bar', 'foo' => false, 'quux' => true ]
+ * ] );
* // gives '<em class="bar quux"></em>'
* @endcode
*
- * @param array $attribs Associative array of attributes, e.g., array(
- * 'href' => 'http://www.mediawiki.org/' ). Values will be HTML-escaped.
- * A value of false means to omit the attribute. For boolean attributes,
- * you can omit the key, e.g., array( 'checked' ) instead of
- * array( 'checked' => 'checked' ) or such.
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. Values will be HTML-escaped.
+ * A value of false or null means to omit the attribute. For boolean attributes,
+ * you can omit the key, e.g., [ 'checked' ] instead of
+ * [ 'checked' => 'checked' ] or such.
*
* @throws MWException If an attribute that doesn't allow lists is set to an array
* @return string HTML fragment that goes between element name and '>'
public static function expandAttributes( array $attribs ) {
$ret = '';
foreach ( $attribs as $key => $value ) {
- // Support intuitive array( 'checked' => true/false ) form
+ // Support intuitive [ 'checked' => true/false ] form
if ( $value === false || is_null( $value ) ) {
continue;
}
- // For boolean attributes, support array( 'foo' ) instead of
- // requiring array( 'foo' => 'meaningless' ).
+ // For boolean attributes, support [ 'foo' ] instead of
+ // requiring [ 'foo' => 'meaningless' ].
if ( is_int( $key ) && in_array( strtolower( $value ), self::$boolAttribs ) ) {
$key = $value;
}
// and better compression anyway.
$key = strtolower( $key );
- // Bug 23769: Blacklist all form validation attributes for now. Current
- // (June 2010) WebKit has no UI, so the form just refuses to submit
- // without telling the user why, which is much worse than failing
- // server-side validation. Opera is the only other implementation at
- // this time, and has ugly UI, so just kill the feature entirely until
- // we have at least one good implementation.
-
- // As the default value of "1" for "step" rejects decimal
- // numbers to be entered in 'type="number"' fields, allow
- // the special case 'step="any"'.
-
- if ( in_array( $key, [ 'max', 'min', 'pattern', 'required' ] )
- || $key === 'step' && $value !== 'any' ) {
- continue;
- }
-
- // http://www.w3.org/TR/html401/index/attributes.html ("space-separated")
- // http://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated")
+ // https://www.w3.org/TR/html401/index/attributes.html ("space-separated")
+ // https://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated")
$spaceSeparatedListAttributes = [
'class', // html4, html5
'accesskey', // as of html5, multiple space-separated values allowed
}
} elseif ( $v ) {
// If the value is truthy but not a string this is likely
- // an array( 'foo' => true ), falsy values don't add strings
+ // an [ 'foo' => true ], falsy values don't add strings
$newValue[] = $k;
}
}
* @return string Raw HTML
*/
public static function inlineStyle( $contents, $media = 'all' ) {
+ // Don't escape '>' since that is used
+ // as direct child selector.
+ // Remember, in css, there is no "x" for hexadecimal escapes, and
+ // the space immediately after an escape sequence is swallowed.
+ $contents = strtr( $contents, [
+ '<' => '\3C ',
+ // CDATA end tag for good measure, but the main security
+ // is from escaping the '<'.
+ ']]>' => '\5D\5D\3E '
+ ] );
+
if ( preg_match( '/[<&]/', $contents ) ) {
$contents = "/*<![CDATA[*/$contents/*]]>*/";
}
$attribs['name'] = $name;
if ( substr( $value, 0, 1 ) == "\n" ) {
- // Workaround for bug 12130: browsers eat the initial newline
+ // Workaround for T14130: browsers eat the initial newline
// assuming that it's just for show, but they do keep the later
// newlines, which we may want to preserve during editing.
// Prepending a single newline
* @return bool
*/
public static function isXmlMimeType( $mimetype ) {
- # http://www.whatwg.org/html/infrastructure.html#xml-mime-type
+ # https://html.spec.whatwg.org/multipage/infrastructure.html#xml-mime-type
# * text/xml
# * application/xml
# * Any MIME type with a subtype ending in +xml (this implicitly includes application/xhtml+xml)
*
* @note srcset width and height values are not supported.
*
- * @see http://www.whatwg.org/html/embedded-content-1.html#attr-img-srcset
+ * @see https://html.spec.whatwg.org/#attr-img-srcset
*
* @par Example:
* @code
- * Html::srcSet( array(
+ * Html::srcSet( [
* '1x' => 'standard.jpeg',
* '1.5x' => 'large.jpeg',
* '3x' => 'extra-large.jpeg',
- * ) );
+ * ] );
* // gives 'standard.jpeg 1x, large.jpeg 1.5x, extra-large.jpeg 2x'
* @endcode
*
dépôts / lhc / web / wiklou.git / blobdiff