// We need to let both '"' and '&' through,
// for strip markers and entities respectively.
$content = str_replace(
- array( '>', '<' ),
- array( '>', '<' ),
+ [ '>', '<' ],
+ [ '>', '<' ],
$content
);
return Html::rawElement( 'pre', $attribs, $content );
* @param array $attributes
* @param Parser $parser
* @throws MWException
- * @return array
+ * @return array|string Output of tag hook
*/
public static function html( $content, $attributes, $parser ) {
global $wgRawHtml;
if ( $wgRawHtml ) {
- return [ $content, 'markerType' => 'nowiki' ];
+ if ( $parser->getOptions()->getAllowUnsafeRawHtml() ) {
+ return [ $content, 'markerType' => 'nowiki' ];
+ } else {
+ // In a system message where raw html is
+ // not allowed (but it is allowed in other
+ // contexts).
+ return Html::rawElement(
+ 'span',
+ [ 'class' => 'error' ],
+ // Using ->text() not ->parse() as
+ // a paranoia measure against a loop.
+ wfMessage( 'rawhtml-notallowed' )->escaped()
+ );
+ }
} else {
throw new MWException( '<html> extension tag encountered unexpectedly' );
}
* @return array
*/
public static function nowiki( $content, $attributes, $parser ) {
- $content = strtr( $content, array(
+ $content = strtr( $content, [
// lang converter
'-{' => '-{',
'}-' => '}-',
'>' => '>'
// Note: Both '"' and '&' are not converted.
// This allows strip markers and entities through.
- ) );
- return array( $content, 'markerType' => 'nowiki' );
+ ] );
+ return [ $content, 'markerType' => 'nowiki' ];
}
/**