There is no need to escape double quotes in content of XML.
Html::element() also does not escape double quotes in content.
ENT_NOQUOTES escapes '<', '>' and '&' but not "'" and '"'.
https://secure.php.net/manual/en/function.htmlspecialchars.php
Change-Id: I3b585c43e532cca1a8951d6c9e8b4825fc3b012d
if ( $allowShortTag && $contents === '' ) {
$out .= ' />';
} else {
- $out .= '>' . htmlspecialchars( $contents ) . "</$element>";
+ $out .= '>' . htmlspecialchars( $contents, ENT_NOQUOTES ) . "</$element>";
}
}
return $out;
*/
public function testElementEscaping() {
$this->assertEquals(
- '<element>hello <there> you & you</element>',
- Xml::element( 'element', null, 'hello <there> you & you' ),
+ '<element>"hello <there> your\'s & you"</element>',
+ Xml::element( 'element', null, '"hello <there> your\'s & you"' ),
'Element with no attributes and content that needs escaping'
);
}
[ 'xslt' => 'DoesNotExist' ] ],
[ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should be in the MediaWiki namespace.</xml></warnings></api>',
[ 'xslt' => 'ApiFormatXmlTest' ] ],
- [ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should have ".xsl" extension.</xml></warnings></api>',
+ [ [], '<?xml version="1.0"?><api><warnings><xml xml:space="preserve">Stylesheet should have ".xsl" extension.</xml></warnings></api>',
[ 'xslt' => 'MediaWiki:ApiFormatXmlTest' ] ],
[ [],
'<?xml version="1.0"?><?xml-stylesheet href="' .