* @return string
*/
static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array(), $removetags = array() ) {
- global $wgUseTidy, $wgHtml5, $wgAllowMicrodataAttributes, $wgAllowImageTag;
+ global $wgUseTidy;
static $htmlpairsStatic, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags,
$htmllist, $listtags, $htmlsingleallowed, $htmlelementsStatic, $staticInitialised;
wfProfileIn( __METHOD__ );
- // Base our staticInitialised variable off of the global config state so that if the globals
- // are changed (like in the secrewed up test system) we will re-initialise the settings.
- $globalContext = implode( '-', compact( 'wgHtml5', 'wgAllowMicrodataAttributes', 'wgAllowImageTag' ) );
- if ( !$staticInitialised || $staticInitialised != $globalContext ) {
+ if ( !$staticInitialised ) {
$htmlpairsStatic = array( # Tags that must be closed
'b', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1',
'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'abbr', 'dfn',
'kbd', 'samp'
);
- if ( $wgHtml5 ) {
- $htmlpairsStatic = array_merge( $htmlpairsStatic, array( 'data', 'time' ) );
- }
$htmlsingle = array(
'br', 'hr', 'li', 'dt', 'dd'
);
$htmlsingleonly = array( # Elements that cannot have close tags
'br', 'hr'
);
- if ( $wgHtml5 && $wgAllowMicrodataAttributes ) {
- $htmlsingle[] = $htmlsingleonly[] = 'meta';
- $htmlsingle[] = $htmlsingleonly[] = 'link';
- }
$htmlnest = array( # Tags that can be nested--??
'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul',
'dl', 'font', 'big', 'small', 'sub', 'sup', 'span'
'li',
);
+ global $wgAllowImageTag;
if ( $wgAllowImageTag ) {
$htmlsingle[] = 'img';
$htmlsingleonly[] = 'img';
foreach ( $vars as $var ) {
$$var = array_flip( $$var );
}
- $staticInitialised = $globalContext;
+ $staticInitialised = true;
}
# Populate $htmlpairs and $htmlelements with the $extratags and $removetags arrays
$extratags = array_flip( $extratags );
call_user_func_array( $processCallback, array( &$params, $args ) );
}
- if ( !Sanitizer::validateTag( $params, $t ) ) {
- $badtag = true;
- }
-
# Strip non-approved attributes from the tag
$newparams = Sanitizer::fixTagAttributes( $params, $t );
}
preg_match( '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
$x, $regs );
@list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
- $badtag = false;
if ( isset( $htmlelements[$t = strtolower( $t )] ) ) {
if( is_callable( $processCallback ) ) {
call_user_func_array( $processCallback, array( &$params, $args ) );
}
-
- if ( !Sanitizer::validateTag( $params, $t ) ) {
- $badtag = true;
- }
-
$newparams = Sanitizer::fixTagAttributes( $params, $t );
- if ( !$badtag ) {
- $rest = str_replace( '>', '>', $rest );
- $text .= "<$slash$t$newparams$brace$rest";
- continue;
- }
+ $rest = str_replace( '>', '>', $rest );
+ $text .= "<$slash$t$newparams$brace$rest";
+ } else {
+ $text .= '<' . str_replace( '>', '>', $x);
}
- $text .= '<' . str_replace( '>', '>', $x);
}
}
wfProfileOut( __METHOD__ );
return $attribs;
}
- /**
- * Takes attribute names and values for a tag and the tah name and
- * validates that the tag is allowed to be present.
- * This DOES NOT validate the attributes, nor does it validate the
- * tags themselves. This method only handles the special circumstances
- * where we may want to allow a tag within content but ONLY when it has
- * specific attributes set.
- *
- * @param $
- */
- static function validateTag( $params, $element ) {
- $params = Sanitizer::decodeTagAttributes( $params );
-
- if ( $element == 'meta' || $element == 'link' ) {
- if ( !isset( $params['itemprop'] ) ) {
- // <meta> and <link> must have an itemprop="" otherwise they are not valid or safe in content
- return false;
- }
- if ( $element == 'meta' && !isset( $params['content'] ) ) {
- // <meta> must have a content="" for the itemprop
- return false;
- }
- if ( $element == 'link' && !isset( $params['href'] ) ) {
- // <link> must have an associated href=""
- return false;
- }
- }
-
- return true;
- }
-
/**
* Take an array of attribute names and values and normalize or discard
* illegal values for the given element type.
unset( $out['itemid'] );
unset( $out['itemref'] );
}
- # TODO: Strip itemprop if we aren't descendants of an itemscope or pointed to by an itemref.
+ # TODO: Strip itemprop if we aren't descendants of an itemscope.
}
return $out;
}
* @return Array
*/
static function attributeWhitelist( $element ) {
- $list = Sanitizer::setupAttributeWhitelist();
+ static $list;
+ if( !isset( $list ) ) {
+ $list = Sanitizer::setupAttributeWhitelist();
+ }
return isset( $list[$element] )
? $list[$element]
: array();
static function setupAttributeWhitelist() {
global $wgAllowRdfaAttributes, $wgHtml5, $wgAllowMicrodataAttributes;
- static $whitelist, $staticInitialised;
- $globalContext = implode( '-', compact( 'wgAllowRdfaAttributes', 'wgHtml5', 'wgAllowMicrodataAttributes' ) );
-
- if ( isset( $whitelist ) && $staticInitialised == $globalContext ) {
- return $whitelist;
- }
-
$common = array( 'id', 'class', 'lang', 'dir', 'title', 'style' );
if ( $wgAllowRdfaAttributes ) {
# Numbers refer to sections in HTML 4.01 standard describing the element.
# See: http://www.w3.org/TR/html4/
- $whitelist = array(
+ $whitelist = array (
# 7.5.4
'div' => $block,
'center' => $common, # deprecated
# 'title' may not be 100% valid here; it's XHTML
# http://www.w3.org/TR/REC-MathML/
'math' => array( 'class', 'style', 'id', 'title' ),
- );
-
- if ( $wgHtml5 ) {
- # HTML5 elements, defined by:
- # http://www.whatwg.org/specs/web-apps/current-work/multipage/
- $whitelist += array(
- 'data' => array_merge( $common, array( 'value' ) ),
- 'time' => array_merge( $common, array( 'datetime' ) ),
-
- // meta and link are only present when Microdata is allowed anyways
- // so we don't bother adding another condition here
- // meta and link are only valid for use as Microdata so we do not
- // allow the common attributes here.
- 'meta' => array( 'itemprop', 'content' ),
- 'link' => array( 'itemprop', 'href' ),
);
- }
-
- $staticInitialised = $globalContext;
-
return $whitelist;
}