r56407 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r56406‎ \| r56407 \| r56408 >
Date:	05:29, 16 September 2009
Author:	mrzman
Status:	ok
Tags:
Comment:	(bug 20655) If $wgHtml5 is false, run attribute values through Sanitizer::encodeAttribute()
Modified paths:	/trunk/phase3/includes/Html.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Html.php
—	—	@@ -335,13 +335,17 @@
336	336	# and we don't need <> escaped here, we may as well not call
337	337	# htmlspecialchars(). FIXME: verify that we actually need to
338	338	# escape \n\r\t here, and explain why, exactly.
339		~~- $ret .= " $key=$quote" . strtr( $value, array(~~
340		~~- '&' => '&',~~
341		~~- '"' => '"',~~
342		~~- "\n" => ' ',~~
343		~~- "\r" => ' ',~~
344		~~- "\t" => ' '~~
345		~~- ) ) . $quote;~~
	339	+ if ( $wgHtml5 ) {
	340	+ $ret .= " $key=$quote" . strtr( $value, array(
	341	+ '&' => '&',
	342	+ '"' => '"',
	343	+ "\n" => ' ',
	344	+ "\r" => ' ',
	345	+ "\t" => ' '
	346	+ ) ) . $quote;
	347	+ } else {
	348	+ $ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote;
	349	+ }
346	350	}
347	351	}
348	352	return $ret;

Revision	Commit summary	Author	Date
r57182	Escape '<' in attribute values for well-formed XML...	simetrical	01:30, 1 October 2009

21:50, 29 September 2009 Brion VIBBER (talk | contribs) changed the status of r56407 [removed: new added: ok]