* Identical to rawElement(), but HTML-escapes $contents (like
* Xml::element()).
*
- * @param string $element
- * @param array $attribs
+ * @param string $element Name of the element, e.g., 'a'
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
* @param string $contents
*
* @return string
* Identical to rawElement(), but has no third parameter and omits the end
* tag (and the self-closing '/' in XML mode for empty elements).
*
- * @param string $element
- * @param array $attribs
+ * @param string $element Name of the element, e.g., 'a'
+ * @param array $attribs Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
*
* @return string
*/
*
* @param array $attribs Associative array of attributes, e.g., [
* 'href' => 'https://www.mediawiki.org/' ]. Values will be HTML-escaped.
- * A value of false means to omit the attribute. For boolean attributes,
+ * A value of false or null means to omit the attribute. For boolean attributes,
* you can omit the key, e.g., [ 'checked' ] instead of
* [ 'checked' => 'checked' ] or such.
*
// and better compression anyway.
$key = strtolower( $key );
- // Bug 23769: Blacklist all form validation attributes for now. Current
- // (June 2010) WebKit has no UI, so the form just refuses to submit
- // without telling the user why, which is much worse than failing
- // server-side validation. Opera is the only other implementation at
- // this time, and has ugly UI, so just kill the feature entirely until
- // we have at least one good implementation.
-
- // As the default value of "1" for "step" rejects decimal
- // numbers to be entered in 'type="number"' fields, allow
- // the special case 'step="any"'.
-
- if ( in_array( $key, [ 'max', 'min', 'pattern', 'required' ] )
- || $key === 'step' && $value !== 'any' ) {
- continue;
- }
-
// https://www.w3.org/TR/html401/index/attributes.html ("space-separated")
// https://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated")
$spaceSeparatedListAttributes = [
if ( in_array( $key, self::$boolAttribs ) ) {
$ret .= " $key=\"\"";
} else {
- // Apparently we need to entity-encode \n, \r, \t, although the
- // spec doesn't mention that. Since we're doing strtr() anyway,
- // we may as well not call htmlspecialchars().
- // @todo FIXME: Verify that we actually need to
- // escape \n\r\t here, and explain why, exactly.
- // We could call Sanitizer::encodeAttribute() for this, but we
- // don't because we're stubborn and like our marginal savings on
- // byte size from not having to encode unnecessary quotes.
- // The only difference between this transform and the one by
- // Sanitizer::encodeAttribute() is ' is not encoded.
- $map = [
- '&' => '&',
- '"' => '"',
- '>' => '>',
- // '<' allegedly allowed per spec
- // but breaks some tools if not escaped.
- "<" => '<',
- "\n" => ' ',
- "\r" => ' ',
- "\t" => '	'
- ];
- $ret .= " $key=$quote" . strtr( $value, $map ) . $quote;
+ $ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote;
}
}
return $ret;
*
* @param string $contents CSS
* @param string $media A media type string, like 'screen'
+ * @param array $attribs (since 1.31) Associative array of attributes, e.g., [
+ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
+ * further documentation.
* @return string Raw HTML
*/
- public static function inlineStyle( $contents, $media = 'all' ) {
+ public static function inlineStyle( $contents, $media = 'all', $attribs = [] ) {
// Don't escape '>' since that is used
// as direct child selector.
// Remember, in css, there is no "x" for hexadecimal escapes, and
return self::rawElement( 'style', [
'media' => $media,
- ], $contents );
+ ] + $attribs, $contents );
}
/**
return self::input( $name, $value, 'checkbox', $attribs );
}
+ /**
+ * Return the HTML for a message box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @param string $className corresponding to box
+ * @param string $heading (optional)
+ * @return string of HTML representing a box.
+ */
+ private static function messageBox( $html, $className, $heading = '' ) {
+ if ( $heading ) {
+ $html = self::element( 'h2', [], $heading ) . $html;
+ }
+ return self::rawElement( 'div', [ 'class' => $className ], $html );
+ }
+
+ /**
+ * Return a warning box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @return string of HTML representing a warning box.
+ */
+ public static function warningBox( $html ) {
+ return self::messageBox( $html, 'warningbox' );
+ }
+
+ /**
+ * Return an error box.
+ * @since 1.31
+ * @param string $html of contents of error box
+ * @param string $heading (optional)
+ * @return string of HTML representing an error box.
+ */
+ public static function errorBox( $html, $heading = '' ) {
+ return self::messageBox( $html, 'errorbox', $heading );
+ }
+
+ /**
+ * Return a success box.
+ * @since 1.31
+ * @param string $html of contents of box
+ * @return string of HTML representing a success box.
+ */
+ public static function successBox( $html ) {
+ return self::messageBox( $html, 'successbox' );
+ }
+
/**
* Convenience function to produce a radio button (input element with type=radio)
*
$attribs['name'] = $name;
if ( substr( $value, 0, 1 ) == "\n" ) {
- // Workaround for bug 12130: browsers eat the initial newline
+ // Workaround for T14130: browsers eat the initial newline
// assuming that it's just for show, but they do keep the later
// newlines, which we may want to preserve during editing.
// Prepending a single newline
dépôts / lhc / web / wiklou.git / blobdiff