Export allowed tags from Sanitizer to mediawiki.jqueryMsg

Specifically, we export only those that are allowed to be paired,
because its parser doesn't handle self-closing tags.

Bug: T66740
Change-Id: I9944f9af915715c57a7d9ce3c62c3e61e54a75ba

diff --git a/autoload.php b/autoload.php
index f8b1681..4bb1d92 100644 (file)
--- a/autoload.php
+++ b/autoload.php
@@ -995,6 +995,7 @@ $wgAutoloadLocalClasses = array(
        'ResourceLoaderFilePath' => __DIR__ . '/includes/resourceloader/ResourceLoaderFilePath.php',
        'ResourceLoaderImage' => __DIR__ . '/includes/resourceloader/ResourceLoaderImage.php',
        'ResourceLoaderImageModule' => __DIR__ . '/includes/resourceloader/ResourceLoaderImageModule.php',
+       'ResourceLoaderJqueryMsgDataModule' => __DIR__ . '/includes/resourceloader/ResourceLoaderJqueryMsgDataModule.php',
        'ResourceLoaderLanguageDataModule' => __DIR__ . '/includes/resourceloader/ResourceLoaderLanguageDataModule.php',
        'ResourceLoaderLanguageNamesModule' => __DIR__ . '/includes/resourceloader/ResourceLoaderLanguageNamesModule.php',
        'ResourceLoaderModule' => __DIR__ . '/includes/resourceloader/ResourceLoaderModule.php',

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 96193a7..8256db9 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -359,20 +359,13 @@ class Sanitizer {
        }
 
        /**
-        * Cleans up HTML, removes dangerous tags and attributes, and
-        * removes HTML comments
-        * @param string $text
-        * @param callable $processCallback Callback to do any variable or parameter
-        *   replacements in HTML attribute values
-        * @param array|bool $args Arguments for the processing callback
+        * Return the various lists of recognized tags
         * @param array $extratags For any extra tags to include
         * @param array $removetags For any tags (default or extra) to exclude
-        * @return string
+        * @return array
         */
-       public static function removeHTMLtags( $text, $processCallback = null,
-               $args = array(), $extratags = array(), $removetags = array()
-       ) {
-               global $wgUseTidy, $wgAllowMicrodataAttributes, $wgAllowImageTag;
+       public static function getRecognizedTagData( $extratags = array(), $removetags = array() ) {
+               global $wgAllowMicrodataAttributes, $wgAllowImageTag;
 
                static $htmlpairsStatic, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags,
                        $htmllist, $listtags, $htmlsingleallowed, $htmlelementsStatic, $staticInitialised;
@@ -431,12 +424,44 @@ class Sanitizer {
                        }
                        $staticInitialised = $globalContext;
                }
+
                # Populate $htmlpairs and $htmlelements with the $extratags and $removetags arrays
                $extratags = array_flip( $extratags );
                $removetags = array_flip( $removetags );
                $htmlpairs = array_merge( $extratags, $htmlpairsStatic );
                $htmlelements = array_diff_key( array_merge( $extratags, $htmlelementsStatic ), $removetags );
 
+               return array(
+                       'htmlpairs' => $htmlpairs,
+                       'htmlsingle' => $htmlsingle,
+                       'htmlsingleonly' => $htmlsingleonly,
+                       'htmlnest' => $htmlnest,
+                       'tabletags' => $tabletags,
+                       'htmllist' => $htmllist,
+                       'listtags' => $listtags,
+                       'htmlsingleallowed' => $htmlsingleallowed,
+                       'htmlelements' => $htmlelements,
+               );
+       }
+
+       /**
+        * Cleans up HTML, removes dangerous tags and attributes, and
+        * removes HTML comments
+        * @param string $text
+        * @param callable $processCallback Callback to do any variable or parameter
+        *   replacements in HTML attribute values
+        * @param array|bool $args Arguments for the processing callback
+        * @param array $extratags For any extra tags to include
+        * @param array $removetags For any tags (default or extra) to exclude
+        * @return string
+        */
+       public static function removeHTMLtags( $text, $processCallback = null,
+               $args = array(), $extratags = array(), $removetags = array()
+       ) {
+               global $wgUseTidy;
+
+               extract( self::getRecognizedTagData( $extratags, $removetags ) );
+
                # Remove HTML comments
                $text = Sanitizer::removeHTMLcomments( $text );
                $bits = explode( '<', $text );

diff --git a/includes/resourceloader/ResourceLoaderJqueryMsgDataModule.php b/includes/resourceloader/ResourceLoaderJqueryMsgDataModule.php
new file mode 100644 (file)
index 0000000..fda3faa
--- /dev/null
+++ b/includes/resourceloader/ResourceLoaderJqueryMsgDataModule.php
@@ -0,0 +1,62 @@
+<?php
+/**
+ * Resource loader module for populating mediawiki.jqueryMsg data.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @author Brad Jorsch
+ */
+
+/**
+ * ResourceLoader module for populating mediawiki.jqueryMsg data.
+ */
+class ResourceLoaderJqueryMsgDataModule extends ResourceLoaderModule {
+
+       protected $targets = array( 'desktop', 'mobile' );
+
+       /**
+        * @param ResourceLoaderContext $context
+        * @return string JavaScript code
+        */
+       public function getScript( ResourceLoaderContext $context ) {
+               $jsData = array();
+
+               $tagData = Sanitizer::getRecognizedTagData();
+               $jsData['allowedHtmlElements'] = array_merge(
+                       array_keys( $tagData['htmlpairs'] ),
+                       array_diff(
+                               array_keys( $tagData['htmlsingle'] ),
+                               array_keys( $tagData['htmlsingleonly'] )
+                       )
+               );
+
+               return "if ( !mw.jqueryMsg ) {\n" .
+                       "\tmw.jqueryMsg = {};\n" .
+                       "}\n" .
+                       "mw.jqueryMsg.data = " . Xml::encodeJsVar( $jsData ) . ";\n";
+       }
+
+       /**
+        * @param ResourceLoaderContext $context
+        * @return array|null
+        */
+       public function getDefinitionSummary( ResourceLoaderContext $context ) {
+               $ret = parent::getDefinitionSummary( $context );
+               $ret['hash'] = md5( $this->getScript( $context ) );
+               return $ret;
+       }
+}

diff --git a/resources/Resources.php b/resources/Resources.php
index 237addc..71a8f29 100644 (file)
--- a/resources/Resources.php
+++ b/resources/Resources.php
@@ -58,6 +58,9 @@ return array(
        // Scripts for the dynamic language specific data, like grammar forms.
        'mediawiki.language.data' => array( 'class' => 'ResourceLoaderLanguageDataModule' ),
 
+       // Dynamic data for mediawiki.jqueryMsg, such as allowed tags
+       'mediawiki.jqueryMsg.data' => array( 'class' => 'ResourceLoaderJqueryMsgDataModule' ),
+
        /* MediaWiki base skinning modules */
 
        /**
@@ -1270,6 +1273,7 @@ return array(
        'mediawiki.jqueryMsg' => array(
                'scripts' => 'resources/src/mediawiki/mediawiki.jqueryMsg.js',
                'dependencies' => array(
+                       'mediawiki.jqueryMsg.data',
                        'mediawiki.util',
                        'mediawiki.language',
                        'dom-level2-shim',

diff --git a/resources/src/mediawiki/mediawiki.jqueryMsg.js b/resources/src/mediawiki/mediawiki.jqueryMsg.js
index 79939f6..98148d5 100644 (file)
--- a/resources/src/mediawiki/mediawiki.jqueryMsg.js
+++ b/resources/src/mediawiki/mediawiki.jqueryMsg.js
@@ -17,8 +17,10 @@
                        magic: {
                                'SITENAME': mw.config.get( 'wgSiteName' )
                        },
-                       // This is a whitelist based on, but simpler than, Sanitizer.php.
+                       // This is a whitelist like Sanitizer.php.
                        // Self-closing tags are not currently supported.
+                       // The simplified default here is overridden below by data supplied
+                       // by the mediawiki.jqueryMsg.data module.
                        allowedHtmlElements: [
                                'b',
                                'i'
@@ -130,6 +132,14 @@
                };
        }
 
+       // Use data from mediawiki.jqueryMsg.data to override defaults, if
+       // available
+       if ( mw.jqueryMsg && mw.jqueryMsg.data ) {
+               if ( mw.jqueryMsg.data.allowedHtmlElements ) {
+                       parserDefaults.allowedHtmlElements = mw.jqueryMsg.data.allowedHtmlElements;
+               }
+       }
+
        mw.jqueryMsg = {};
 
        /**