X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FHtml.php;h=3bcf13132f1beaa98fb01dfb15eb1feee4c233d0;hp=8fe4dbe513cb452a37395c4fdbb236481102683e;hb=ee56f00ddf0609082f8ae9a4dc3e6e1b6f54ddfd;hpb=4feb2bd8d6deaee787f11ae8be41c0393934f636 diff --git a/includes/Html.php b/includes/Html.php index 8fe4dbe513..3bcf13132f 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -544,28 +544,7 @@ class Html { if ( in_array( $key, self::$boolAttribs ) ) { $ret .= " $key=\"\""; } else { - // Apparently we need to entity-encode \n, \r, \t, although the - // spec doesn't mention that. Since we're doing strtr() anyway, - // we may as well not call htmlspecialchars(). - // @todo FIXME: Verify that we actually need to - // escape \n\r\t here, and explain why, exactly. - // We could call Sanitizer::encodeAttribute() for this, but we - // don't because we're stubborn and like our marginal savings on - // byte size from not having to encode unnecessary quotes. - // The only difference between this transform and the one by - // Sanitizer::encodeAttribute() is ' is not encoded. - $map = [ - '&' => '&', - '"' => '"', - '>' => '>', - // '<' allegedly allowed per spec - // but breaks some tools if not escaped. - "<" => '<', - "\n" => ' ', - "\r" => ' ', - "\t" => ' ' - ]; - $ret .= " $key=$quote" . strtr( $value, $map ) . $quote; + $ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote; } } return $ret; @@ -610,9 +589,12 @@ class Html { * * @param string $contents CSS * @param string $media A media type string, like 'screen' + * @param array $attribs (since 1.31) Associative array of attributes, e.g., [ + * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for + * further documentation. * @return string Raw HTML */ - public static function inlineStyle( $contents, $media = 'all' ) { + public static function inlineStyle( $contents, $media = 'all', $attribs = [] ) { // Don't escape '>' since that is used // as direct child selector. // Remember, in css, there is no "x" for hexadecimal escapes, and @@ -630,7 +612,7 @@ class Html { return self::rawElement( 'style', [ 'media' => $media, - ], $contents ); + ] + $attribs, $contents ); } /** @@ -696,6 +678,52 @@ class Html { return self::input( $name, $value, 'checkbox', $attribs ); } + /** + * Return the HTML for a message box. + * @since 1.31 + * @param string $html of contents of box + * @param string $className corresponding to box + * @param string $heading (optional) + * @return string of HTML representing a box. + */ + private static function messageBox( $html, $className, $heading = '' ) { + if ( $heading ) { + $html = self::element( 'h2', [], $heading ) . $html; + } + return self::rawElement( 'div', [ 'class' => $className ], $html ); + } + + /** + * Return a warning box. + * @since 1.31 + * @param string $html of contents of box + * @return string of HTML representing a warning box. + */ + public static function warningBox( $html ) { + return self::messageBox( $html, 'warningbox' ); + } + + /** + * Return an error box. + * @since 1.31 + * @param string $html of contents of error box + * @param string $heading (optional) + * @return string of HTML representing an error box. + */ + public static function errorBox( $html, $heading = '' ) { + return self::messageBox( $html, 'errorbox', $heading ); + } + + /** + * Return a success box. + * @since 1.31 + * @param string $html of contents of box + * @return string of HTML representing a success box. + */ + public static function successBox( $html ) { + return self::messageBox( $html, 'successbox' ); + } + /** * Convenience function to produce a radio button (input element with type=radio) *