X-Git-Url: http://git.cyclocoop.org/%7B%7B%20url_for%28%27admin_vote_del%27%2C%20idvote=vote.voteid%29%20%7D%7D?a=blobdiff_plain;f=includes%2FSanitizer.php;h=4dbc9dd9db5367a54d0286cf7b5b86463a5ab79e;hb=853c6852ecb28f1a4bbcfa9b7f14a4759050b05b;hp=1432a8b02d60d3ee250d040dc67cc231ec87d34b;hpb=f8b7cc890d9fa6fbb6c9673391f37e81abde274e;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 1432a8b02d..4dbc9dd9db 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -54,7 +54,6 @@ class Sanitizer { * List of all named character entities defined in HTML 4.01 * http://www.w3.org/TR/html4/sgml/entities.html * As well as ' which is only defined starting in XHTML1. - * @private */ private static $htmlEntities = array( 'Aacute' => 193, @@ -322,7 +321,6 @@ class Sanitizer { /** * Lazy-initialised attributes regex, see getAttribsRegex() - * @private */ private static $attribsRegex; @@ -389,10 +387,10 @@ class Sanitizer { 'kbd', 'samp', 'data', 'time', 'mark' ); $htmlsingle = array( - 'br', 'hr', 'li', 'dt', 'dd' + 'br', 'wbr', 'hr', 'li', 'dt', 'dd' ); $htmlsingleonly = array( # Elements that cannot have close tags - 'br', 'hr' + 'br', 'wbr', 'hr' ); if ( $wgAllowMicrodataAttributes ) { $htmlsingle[] = $htmlsingleonly[] = 'meta'; @@ -1486,7 +1484,7 @@ class Sanitizer { } $block = array_merge( $common, array( 'align' ) ); - $tablealign = array( 'align', 'char', 'charoff', 'valign' ); + $tablealign = array( 'align', 'valign' ); $tablecell = array( 'abbr', 'axis', @@ -1506,7 +1504,7 @@ class Sanitizer { # 7.5.4 'div' => $block, 'center' => $common, # deprecated - 'span' => $block, # ?? + 'span' => $common, # 7.5.5 'h1' => $block, @@ -1520,7 +1518,7 @@ class Sanitizer { # address # 8.2.4 - # bdo + 'bdo' => $common, # 9.2.1 'em' => $common, @@ -1536,7 +1534,7 @@ class Sanitizer { # 9.2.2 'blockquote' => array_merge( $common, array( 'cite' ) ), - # q + 'q' => array_merge( $common, array( 'cite' ) ), # 9.2.3 'sub' => $common, @@ -1546,7 +1544,10 @@ class Sanitizer { 'p' => $block, # 9.3.2 - 'br' => array( 'id', 'class', 'title', 'style', 'clear' ), + 'br' => array_merge( $common, array( 'clear' ) ), + + # http://www.whatwg.org/html/text-level-semantics.html#the-wbr-element + 'wbr' => $common, # 9.3.4 'pre' => array_merge( $common, array( 'width' ) ), @@ -1573,16 +1574,16 @@ class Sanitizer { ) ), # 11.2.2 - 'caption' => array_merge( $common, array( 'align' ) ), + 'caption' => $block, # 11.2.3 - 'thead' => array_merge( $common, $tablealign ), - 'tfoot' => array_merge( $common, $tablealign ), - 'tbody' => array_merge( $common, $tablealign ), + 'thead' => $common, + 'tfoot' => $common, + 'tbody' => $common, # 11.2.4 - 'colgroup' => array_merge( $common, array( 'span', 'width' ), $tablealign ), - 'col' => array_merge( $common, array( 'span', 'width' ), $tablealign ), + 'colgroup' => array_merge( $common, array( 'span' ) ), + 'col' => array_merge( $common, array( 'span' ) ), # 11.2.5 'tr' => array_merge( $common, array( 'bgcolor' ), $tablealign ), @@ -1617,7 +1618,7 @@ class Sanitizer { # basefont # 15.3 - 'hr' => array_merge( $common, array( 'noshade', 'size', 'width' ) ), + 'hr' => array_merge( $common, array( 'width' ) ), # HTML Ruby annotation text module, simple ruby only. # http://www.whatwg.org/html/text-level-semantics.html#the-ruby-element @@ -1799,6 +1800,6 @@ class Sanitizer { $ # End of string /ix"; // case Insensitive, eXtended - return (bool) preg_match( $HTML5_email_regexp, $addr ); + return (bool)preg_match( $HTML5_email_regexp, $addr ); } }