# Escape HTML id attributes
if ( $attribute === 'id' ) {
- $value = self::escapeIdForAttribute( $value, Sanitizer::ID_PRIMARY );
+ $value = self::escapeIdForAttribute( $value, self::ID_PRIMARY );
}
# Escape HTML id reference lists
global $wgExperimentalHtmlIds;
$options = (array)$options;
- $id = self::decodeCharReferences( $id );
-
if ( $wgExperimentalHtmlIds && !in_array( 'legacy', $options ) ) {
$id = preg_replace( '/[ \t\n\r\f_\'"&#%]+/', '_', $id );
$id = trim( $id, '_' );
$mode = $wgFragmentMode[self::ID_PRIMARY];
$id = self::escapeIdInternal( $id, $mode );
- $id = self::urlEscapeId( $id, $mode );
return $id;
}
global $wgExternalInterwikiFragmentMode;
$id = self::escapeIdInternal( $id, $wgExternalInterwikiFragmentMode );
- $id = self::urlEscapeId( $id, $wgExternalInterwikiFragmentMode );
-
- return $id;
- }
-
- /**
- * Helper for escapeIdFor*() functions. URL-escapes the ID if needed.
- *
- * @param string $id String to escape
- * @param string $mode One of modes from $wgFragmentMode
- * @return string
- */
- private static function urlEscapeId( $id, $mode ) {
- if ( $mode === 'html5' ) {
- $id = urlencode( $id );
- $id = str_replace( '%3A', ':', $id );
- }
return $id;
}
* @return string
*/
private static function escapeIdInternal( $id, $mode ) {
- $id = Sanitizer::decodeCharReferences( $id );
-
switch ( $mode ) {
case 'html5':
$id = str_replace( ' ', '_', $id );
$text = preg_replace_callback(
self::CHAR_REFS_REGEX,
[ 'Sanitizer', 'decodeCharReferencesCallback' ],
- $text, /* limit */ -1, $count );
+ $text,
+ -1, //limit
+ $count
+ );
if ( $count ) {
return $wgContLang->normalize( $text );
# Not usually allowed, but may be used for extension-style hooks
# such as <math> when it is rasterized, or if $wgAllowImageTag is
# true
- 'img' => array_merge( $common, [ 'alt', 'src', 'width', 'height' ] ),
+ 'img' => array_merge( $common, [ 'alt', 'src', 'width', 'height', 'srcset' ] ),
'video' => array_merge( $common, [ 'poster', 'controls', 'preload', 'width', 'height' ] ),
'source' => array_merge( $common, [ 'type', 'src' ] ),
# https://www.w3.org/TR/REC-MathML/
'math' => [ 'class', 'style', 'id', 'title' ],
+ // HTML 5 section 4.5
+ 'figure' => $common,
+ 'figcaption' => $common,
+
# HTML 5 section 4.6
'bdi' => $common,
// (ie: validateTag rejects tags missing the attributes needed for Microdata)
// So we don't bother including $common attributes that have no purpose.
'meta' => [ 'itemprop', 'content' ],
- 'link' => [ 'itemprop', 'href' ],
+ 'link' => [ 'itemprop', 'href', 'title' ],
];
return $whitelist;