Use annotations for taint in Parser & ParserOutput.

This replaces the builtin taints that are removed in
Ic1e1983a51c. Additionally, parse will no longer warn about
double escaping - there's many situations where such warnings
are wrong (e.g. Using Html::rawElement()). However this also
means that Parser::parse( wfMessage( 'foo' )->parse() ); will
no longer give a double escaping warning, which is unfortunate.

Bug: T202380
Change-Id: Ia52d37411beb62b112c6ff102438063c3d750769

diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index bd3c32a..51c04ea 100644 (file)
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -425,12 +425,14 @@ class Parser {
         * Do not call this function recursively.
         *
         * @param string $text Text we want to parse
+        * @param-taint $text escapes_htmlnoent
         * @param Title $title
         * @param ParserOptions $options
         * @param bool $linestart
         * @param bool $clearState
         * @param int|null $revid Number to pass in {{REVISIONID}}
         * @return ParserOutput A ParserOutput
+        * @return-taint escaped
         */
        public function parse(
                $text, Title $title, ParserOptions $options,
@@ -671,8 +673,10 @@ class Parser {
         * $text are not expanded
         *
         * @param string $text Text extension wants to have parsed
+        * @param-taint $text escapes_htmlnoent
         * @param bool|PPFrame $frame The frame to use for expanding any template variables
         * @return string UNSAFE half-parsed HTML
+        * @return-taint escaped
         */
        public function recursiveTagParse( $text, $frame = false ) {
                // Avoid PHP 7.1 warning from passing $this by reference
@@ -697,8 +701,10 @@ class Parser {
         * @since 1.25
         *
         * @param string $text Text extension wants to have parsed
+        * @param-taint $text escapes_htmlnoent
         * @param bool|PPFrame $frame The frame to use for expanding any template variables
         * @return string Fully parsed HTML
+        * @return-taint escaped
         */
        public function recursiveTagParseFully( $text, $frame = false ) {
                $text = $this->recursiveTagParse( $text, $frame );

diff --git a/includes/parser/ParserOutput.php b/includes/parser/ParserOutput.php
index 78160ca..48ba111 100644 (file)
--- a/includes/parser/ParserOutput.php
+++ b/includes/parser/ParserOutput.php
@@ -303,6 +303,7 @@ class ParserOutput extends CacheTime {
         *    the scheme-specific-part of the href is the (percent-encoded) value
         *    of the `data-mw-deduplicate` attribute.
         * @return string HTML
+        * @return-taint escaped
         */
        public function getText( $options = [] ) {
                $options += [