extract( self::getRecognizedTagData( $extratags, $removetags ) );
# Remove HTML comments
- $text = Sanitizer::removeHTMLcomments( $text );
+ $text = self::removeHTMLcomments( $text );
$bits = explode( '<', $text );
$text = str_replace( '>', '>', array_shift( $bits ) );
if ( !MWTidy::isEnabled() ) {
call_user_func_array( $processCallback, [ &$params, $args ] );
}
- if ( !Sanitizer::validateTag( $params, $t ) ) {
+ if ( !self::validateTag( $params, $t ) ) {
$badtag = true;
}
# Strip non-approved attributes from the tag
- $newparams = Sanitizer::fixTagAttributes( $params, $t );
+ $newparams = self::fixTagAttributes( $params, $t );
}
if ( !$badtag ) {
$rest = str_replace( '>', '>', $rest );
call_user_func_array( $warnCallback, [ 'deprecated-self-close-category' ] );
}
}
- if ( !Sanitizer::validateTag( $params, $t ) ) {
+ if ( !self::validateTag( $params, $t ) ) {
$badtag = true;
}
- $newparams = Sanitizer::fixTagAttributes( $params, $t );
+ $newparams = self::fixTagAttributes( $params, $t );
if ( !$badtag ) {
if ( $brace === '/>' && !isset( $htmlsingleonly[$t] ) ) {
# Interpret self-closing tags as empty tags even when
* @return bool
*/
static function validateTag( $params, $element ) {
- $params = Sanitizer::decodeTagAttributes( $params );
+ $params = self::decodeTagAttributes( $params );
if ( $element == 'meta' || $element == 'link' ) {
if ( !isset( $params['itemprop'] ) ) {
* @todo Check for unique id attribute :P
*/
static function validateTagAttributes( $attribs, $element ) {
- return Sanitizer::validateAttributes( $attribs,
- Sanitizer::attributeWhitelist( $element ) );
+ return self::validateAttributes( $attribs,
+ self::attributeWhitelist( $element ) );
}
/**
# Strip javascript "expression" from stylesheets.
# https://msdn.microsoft.com/en-us/library/ms537634.aspx
if ( $attribute == 'style' ) {
- $value = Sanitizer::checkCss( $value );
+ $value = self::checkCss( $value );
}
# Escape HTML id attributes
if ( $attribute === 'id' ) {
- $value = Sanitizer::escapeId( $value, 'noninitial' );
+ $value = self::escapeId( $value, 'noninitial' );
}
# Escape HTML id reference lists
|| $attribute === 'aria-labelledby'
|| $attribute === 'aria-owns'
) {
- $value = Sanitizer::escapeIdReferenceList( $value, 'noninitial' );
+ $value = self::escapeIdReferenceList( $value, 'noninitial' );
}
// RDFa and microdata properties allow URLs, URIs and/or CURIs.
*/
public static function normalizeCss( $value ) {
// Decode character references like {
- $value = Sanitizer::decodeCharReferences( $value );
+ $value = self::decodeCharReferences( $value );
// Decode escape sequences and line continuation
// See the grammar in the CSS 2 spec, appendix D.
return '';
}
- $decoded = Sanitizer::decodeTagAttributes( $text );
- $stripped = Sanitizer::validateTagAttributes( $decoded, $element );
+ $decoded = self::decodeTagAttributes( $text );
+ $stripped = self::validateTagAttributes( $decoded, $element );
if ( $sorted ) {
ksort( $stripped );
}
- return Sanitizer::safeEncodeTagAttributes( $stripped );
+ return self::safeEncodeTagAttributes( $stripped );
}
/**
* @return string HTML-encoded text fragment
*/
static function safeEncodeAttribute( $text ) {
- $encValue = Sanitizer::encodeAttribute( $text );
+ $encValue = self::encodeAttribute( $text );
# Templates and links may be expanded in later parsing,
# creating invalid or dangerous output. Suppress this.
global $wgExperimentalHtmlIds;
$options = (array)$options;
- $id = Sanitizer::decodeCharReferences( $id );
+ $id = self::decodeCharReferences( $id );
if ( $wgExperimentalHtmlIds && !in_array( 'legacy', $options ) ) {
$id = preg_replace( '/[ \t\n\r\f_\'"&#%]+/', '_', $id );
# Escape each token as an id
foreach ( $references as &$ref ) {
- $ref = Sanitizer::escapeId( $ref, $options );
+ $ref = self::escapeId( $ref, $options );
}
# Merge the array back to a space delimited list string
* @return string Escaped input
*/
static function escapeHtmlAllowEntities( $html ) {
- $html = Sanitizer::decodeCharReferences( $html );
+ $html = self::decodeCharReferences( $html );
# It seems wise to escape ' as well as ", as a matter of course. Can't
# hurt. Use ENT_SUBSTITUTE so that incorrectly truncated multibyte characters
# don't cause the entire string to disappear.
foreach ( $pairs as $set ) {
$attribute = strtolower( $set[1] );
- $value = Sanitizer::getTagAttributeCallback( $set );
+ $value = self::getTagAttributeCallback( $set );
// Normalize whitespace
$value = preg_replace( '/[\t\r\n ]+/', ' ', $value );
$value = trim( $value );
// Decode character references
- $attribs[$attribute] = Sanitizer::decodeCharReferences( $value );
+ $attribs[$attribute] = self::decodeCharReferences( $value );
}
return $attribs;
}
$attribs = [];
foreach ( $assoc_array as $attribute => $value ) {
$encAttribute = htmlspecialchars( $attribute );
- $encValue = Sanitizer::safeEncodeAttribute( $value );
+ $encValue = self::safeEncodeAttribute( $value );
$attribs[] = "$encAttribute=\"$encValue\"";
}
static function normalizeCharReferencesCallback( $matches ) {
$ret = null;
if ( $matches[1] != '' ) {
- $ret = Sanitizer::normalizeEntity( $matches[1] );
+ $ret = self::normalizeEntity( $matches[1] );
} elseif ( $matches[2] != '' ) {
- $ret = Sanitizer::decCharReference( $matches[2] );
+ $ret = self::decCharReference( $matches[2] );
} elseif ( $matches[3] != '' ) {
- $ret = Sanitizer::hexCharReference( $matches[3] );
+ $ret = self::hexCharReference( $matches[3] );
}
if ( is_null( $ret ) ) {
return htmlspecialchars( $matches[0] );
*/
static function decCharReference( $codepoint ) {
$point = intval( $codepoint );
- if ( Sanitizer::validateCodepoint( $point ) ) {
+ if ( self::validateCodepoint( $point ) ) {
return sprintf( '&#%d;', $point );
} else {
return null;
*/
static function hexCharReference( $codepoint ) {
$point = hexdec( $codepoint );
- if ( Sanitizer::validateCodepoint( $point ) ) {
+ if ( self::validateCodepoint( $point ) ) {
return sprintf( '&#x%x;', $point );
} else {
return null;
*/
static function decodeCharReferencesCallback( $matches ) {
if ( $matches[1] != '' ) {
- return Sanitizer::decodeEntity( $matches[1] );
+ return self::decodeEntity( $matches[1] );
} elseif ( $matches[2] != '' ) {
- return Sanitizer::decodeChar( intval( $matches[2] ) );
+ return self::decodeChar( intval( $matches[2] ) );
} elseif ( $matches[3] != '' ) {
- return Sanitizer::decodeChar( hexdec( $matches[3] ) );
+ return self::decodeChar( hexdec( $matches[3] ) );
}
# Last case should be an ampersand by itself
return $matches[0];
* @private
*/
static function decodeChar( $codepoint ) {
- if ( Sanitizer::validateCodepoint( $codepoint ) ) {
+ if ( self::validateCodepoint( $codepoint ) ) {
return UtfNormal\Utils::codepointToUtf8( $codepoint );
} else {
return UtfNormal\Constants::UTF8_REPLACEMENT;
* @return array
*/
static function attributeWhitelist( $element ) {
- $list = Sanitizer::setupAttributeWhitelist();
+ $list = self::setupAttributeWhitelist();
return isset( $list[$element] )
? $list[$element]
: [];
static function cleanUrl( $url ) {
# Normalize any HTML entities in input. They will be
# re-escaped by makeExternalLink().
- $url = Sanitizer::decodeCharReferences( $url );
+ $url = self::decodeCharReferences( $url );
# Escape any control characters introduced by the above step
$url = preg_replace_callback( '/[\][<>"\\x00-\\x20\\x7F\|]/',
dépôts / lhc / web / wiklou.git / blobdiff