*/
public static function register( $parser ) {
global $wgRawHtml;
- $parser->setHook( 'pre', array( __CLASS__, 'pre' ) );
- $parser->setHook( 'nowiki', array( __CLASS__, 'nowiki' ) );
- $parser->setHook( 'gallery', array( __CLASS__, 'gallery' ) );
- $parser->setHook( 'indicator', array( __CLASS__, 'indicator' ) );
+ $parser->setHook( 'pre', [ __CLASS__, 'pre' ] );
+ $parser->setHook( 'nowiki', [ __CLASS__, 'nowiki' ] );
+ $parser->setHook( 'gallery', [ __CLASS__, 'gallery' ] );
+ $parser->setHook( 'indicator', [ __CLASS__, 'indicator' ] );
if ( $wgRawHtml ) {
- $parser->setHook( 'html', array( __CLASS__, 'html' ) );
+ $parser->setHook( 'html', [ __CLASS__, 'html' ] );
}
}
$content = StringUtils::delimiterReplace( '<nowiki>', '</nowiki>', '$1', $text, 'i' );
$attribs = Sanitizer::validateTagAttributes( $attribs, 'pre' );
- return Xml::openElement( 'pre', $attribs ) .
- Xml::escapeTagsOnly( $content ) .
- '</pre>';
+ // We need to let both '"' and '&' through,
+ // for strip markers and entities respectively.
+ $content = str_replace(
+ [ '>', '<' ],
+ [ '>', '<' ],
+ $content
+ );
+ return Html::rawElement( 'pre', $attribs, $content );
}
/**
* @param array $attributes
* @param Parser $parser
* @throws MWException
- * @return array
+ * @return array|string Output of tag hook
*/
public static function html( $content, $attributes, $parser ) {
global $wgRawHtml;
if ( $wgRawHtml ) {
- return array( $content, 'markerType' => 'nowiki' );
+ if ( $parser->getOptions()->getAllowUnsafeRawHtml() ) {
+ return [ $content, 'markerType' => 'nowiki' ];
+ } else {
+ // In a system message where raw html is
+ // not allowed (but it is allowed in other
+ // contexts).
+ return Html::rawElement(
+ 'span',
+ [ 'class' => 'error' ],
+ // Using ->text() not ->parse() as
+ // a paranoia measure against a loop.
+ wfMessage( 'rawhtml-notallowed' )->escaped()
+ );
+ }
} else {
throw new MWException( '<html> extension tag encountered unexpectedly' );
}
* @return array
*/
public static function nowiki( $content, $attributes, $parser ) {
- $content = strtr( $content, array( '-{' => '-{', '}-' => '}-' ) );
- return array( Xml::escapeTagsOnly( $content ), 'markerType' => 'nowiki' );
+ $content = strtr( $content, [
+ // lang converter
+ '-{' => '-{',
+ '}-' => '}-',
+ // html tags
+ '<' => '<',
+ '>' => '>'
+ // Note: Both '"' and '&' are not converted.
+ // This allows strip markers and entities through.
+ ] );
+ return [ $content, 'markerType' => 'nowiki' ];
}
/**
dépôts / lhc / web / wiklou.git / blobdiff