# and we don't need <> escaped here, we may as well not call
# htmlspecialchars(). FIXME: verify that we actually need to
# escape \n\r\t here, and explain why, exactly.
- if ( $wgHtml5 ) {
- $ret .= " $key=$quote" . strtr( $value, array(
- '&' => '&',
- '"' => '"',
- "\n" => ' ',
- "\r" => ' ',
- "\t" => '	'
- ) ) . $quote;
- } else {
- $ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote;
+ #
+ # We could call Sanitizer::encodeAttribute() for this, but we
+ # don't because we're stubborn and like our marginal savings on
+ # byte size from not having to encode unnecessary quotes.
+ $map = array(
+ '&' => '&',
+ '"' => '"',
+ "\n" => ' ',
+ "\r" => ' ',
+ "\t" => '	'
+ );
+ if ( $wgWellFormedXml ) {
+ # '<' must be escaped in attributes for XML for some
+ # reason, per spec: http://www.w3.org/TR/xml/#NT-AttValue
+ $map['<'] = '<';
}
+ $ret .= " $key=$quote" . strtr( $value, $map ) . $quote;
}
}
return $ret;
dépôts / lhc / web / wiklou.git / commitdiff