# Escape HTML id attributes
if ( $attribute === 'id' ) {
- $value = self::escapeIdForAttribute( $value, Sanitizer::ID_PRIMARY );
+ $value = self::escapeIdForAttribute( $value, self::ID_PRIMARY );
}
# Escape HTML id reference lists
* @return string
*/
private static function escapeIdInternal( $id, $mode ) {
- $id = Sanitizer::decodeCharReferences( $id );
+ $id = self::decodeCharReferences( $id );
switch ( $mode ) {
case 'html5':
$text = preg_replace_callback(
self::CHAR_REFS_REGEX,
[ 'Sanitizer', 'decodeCharReferencesCallback' ],
- $text, /* limit */ -1, $count );
+ $text,
+ -1, //limit
+ $count
+ );
if ( $count ) {
return $wgContLang->normalize( $text );
# Not usually allowed, but may be used for extension-style hooks
# such as <math> when it is rasterized, or if $wgAllowImageTag is
# true
- 'img' => array_merge( $common, [ 'alt', 'src', 'width', 'height' ] ),
+ 'img' => array_merge( $common, [ 'alt', 'src', 'width', 'height', 'srcset' ] ),
'video' => array_merge( $common, [ 'poster', 'controls', 'preload', 'width', 'height' ] ),
'source' => array_merge( $common, [ 'type', 'src' ] ),
# https://www.w3.org/TR/REC-MathML/
'math' => [ 'class', 'style', 'id', 'title' ],
+ // HTML 5 section 4.5
+ 'figure' => $common,
+ 'figcaption' => $common,
+
# HTML 5 section 4.6
'bdi' => $common,
// (ie: validateTag rejects tags missing the attributes needed for Microdata)
// So we don't bother including $common attributes that have no purpose.
'meta' => [ 'itemprop', 'content' ],
- 'link' => [ 'itemprop', 'href' ],
+ 'link' => [ 'itemprop', 'href', 'title' ],
];
return $whitelist;
dépôts / lhc / web / wiklou.git / blobdiff