* Cleans up HTML, removes dangerous tags and attributes, and
* removes HTML comments
* @private
- * @param string $text
- * @param callback $processCallback to do any variable or parameter replacements in HTML attribute values
- * @param array $args for the processing callback
- * @param array $extratags for any extra tags to include
- * @param array $removetags for any tags (default or extra) to exclude
+ * @param $text String
+ * @param $processCallback Callback to do any variable or parameter replacements in HTML attribute values
+ * @param $args Array for the processing callback
+ * @param $extratags Array for any extra tags to include
+ * @param $removetags Array for any tags (default or extra) to exclude
* @return string
*/
static function removeHTMLtags( $text, $processCallback = null, $args = array(), $extratags = array(), $removetags = array() ) {
* trailing spaces and one of the newlines.
*
* @private
- * @param string $text
+ * @param $text String
* @return string
*/
static function removeHTMLcomments( $text ) {
* - Unsafe style attributes are discarded
* - Invalid id attributes are reencoded
*
- * @param array $attribs
- * @param string $element
- * @return array
+ * @param $attribs Array
+ * @param $element String
+ * @return Array
*
* @todo Check for legal values where the DTD limits things.
* @todo Check for unique id attribute :P
* - Unsafe style attributes are discarded
* - Invalid id attributes are reencoded
*
- * @param array $attribs
- * @param array $whitelist list of allowed attribute names
- * @return array
+ * @param $attribs Array
+ * @param $whitelist Array: list of allowed attribute names
+ * @return Array
*
* @todo Check for legal values where the DTD limits things.
* @todo Check for unique id attribute :P
* will be combined (if they're both strings).
*
* @todo implement merging for other attributes such as style
- * @param array $a
- * @param array $b
+ * @param $a Array
+ * @param $b Array
* @return array
*/
static function mergeAttributes( $a, $b ) {
*
* Currently URL references, 'expression', 'tps' are forbidden.
*
- * @param string $value
- * @return mixed
+ * @param $value String
+ * @return Mixed
*/
static function checkCss( $value ) {
$stripped = Sanitizer::decodeCharReferences( $value );
* - Unsafe style attributes are discarded
* - Prepends space if there are attributes.
*
- * @param string $text
- * @param string $element
- * @return string
+ * @param $text String
+ * @param $element String
+ * @return String
*/
static function fixTagAttributes( $text, $element ) {
if( trim( $text ) == '' ) {
/**
* Encode an attribute value for HTML output.
- * @param $text
+ * @param $text String
* @return HTML-encoded text fragment
*/
static function encodeAttribute( $text ) {
/**
* Encode an attribute value for HTML tags, with extra armoring
* against further wiki processing.
- * @param $text
+ * @param $text String
* @return HTML-encoded text fragment
*/
static function safeEncodeAttribute( $text ) {
* name attributes
* @see http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with the id attribute
*
- * @param string $id Id to validate
- * @param mixed $options String or array of strings (default is array()):
+ * @param $id String: id to validate
+ * @param $options Mixed: string or array of strings (default is array()):
* 'noninitial': This is a non-initial fragment of an id, not a full id,
* so don't pay attention if the first character isn't valid at the
* beginning of an id.
* Therefore, it also completely changes the type of escaping: instead
* of weird dot-encoding, runs of invalid characters (mostly
* whitespace) are just compressed into a single underscore.
- * @return string
+ * @return String
*/
static function escapeId( $id, $options = array() ) {
$options = (array)$options;
*
* @see http://www.w3.org/TR/CSS21/syndata.html Valid characters/format
*
- * @param string $class
- * @return string
+ * @param $class String
+ * @return String
*/
static function escapeClass( $class ) {
// Convert ugly stuff to underscores and kill underscores in ugly places
* Given HTML input, escape with htmlspecialchars but un-escape entites.
* This allows (generally harmless) entities like to survive.
*
- * @param string $html String to escape
- * @return string Escaped input
+ * @param $html String to escape
+ * @return String: escaped input
*/
static function escapeHtmlAllowEntities( $html ) {
# It seems wise to escape ' as well as ", as a matter of course. Can't
/**
* Regex replace callback for armoring links against further processing.
- * @param array $matches
+ * @param $matches Array
* @return string
- * @private
*/
private static function armorLinksCallback( $matches ) {
return str_replace( ':', ':', $matches[1] );
* a partial tag string. Attribute names are forces to lowercase,
* character references are decoded to UTF-8 text.
*
- * @param string
- * @return array
+ * @param $text String
+ * @return Array
*/
public static function decodeTagAttributes( $text ) {
$attribs = array();
* Pick the appropriate attribute value from a match set from the
* MW_ATTRIBS_REGEX matches.
*
- * @param array $set
- * @return string
- * @private
+ * @param $set Array
+ * @return String
*/
private static function getTagAttributeCallback( $set ) {
if( isset( $set[6] ) ) {
* but note that we're not returning the value, but are returning
* XML source fragments that will be slapped into output.
*
- * @param string $text
- * @return string
- * @private
+ * @param $text String
+ * @return String
*/
private static function normalizeAttributeValue( $text ) {
return str_replace( '"', '"',
* c. use &#x, not &#X
* d. fix or reject non-valid attributes
*
- * @param string $text
- * @return string
+ * @param $text String
+ * @return String
* @private
*/
static function normalizeCharReferences( $text ) {
$text );
}
/**
- * @param string $matches
- * @return string
+ * @param $matches String
+ * @return String
*/
static function normalizeCharReferencesCallback( $matches ) {
$ret = null;
* MediaWiki-specific alias, returns the HTML equivalent. Otherwise,
* returns HTML-escaped text of pseudo-entity source (eg &foo;)
*
- * @param string $name
- * @return string
- * @static
+ * @param $name String
+ * @return String
*/
static function normalizeEntity( $name ) {
global $wgHtmlEntities, $wgHtmlEntityAliases;
/**
* Returns true if a given Unicode codepoint is a valid character in XML.
- * @param int $codepoint
- * @return bool
+ * @param $codepoint Integer
+ * @return Boolean
*/
private static function validateCodepoint( $codepoint ) {
return ($codepoint == 0x09)
* Decode any character references, numeric or named entities,
* in the text and return a UTF-8 string.
*
- * @param string $text
- * @return string
- * @public
- * @static
+ * @param $text String
+ * @return String
*/
public static function decodeCharReferences( $text ) {
return preg_replace_callback(
}
/**
- * @param string $matches
- * @return string
+ * @param $matches String
+ * @return String
*/
static function decodeCharReferencesCallback( $matches ) {
if( $matches[1] != '' ) {
/**
* Return UTF-8 string for a codepoint if that is a valid
* character reference, otherwise U+FFFD REPLACEMENT CHARACTER.
- * @param int $codepoint
- * @return string
+ * @param $codepoint Integer
+ * @return String
* @private
*/
static function decodeChar( $codepoint ) {
* return the UTF-8 encoding of that character. Otherwise, returns
* pseudo-entity source (eg &foo;)
*
- * @param string $name
- * @return string
+ * @param $name Strings
+ * @return String
*/
static function decodeEntity( $name ) {
global $wgHtmlEntities, $wgHtmlEntityAliases;
}
/**
- * Fetch the whitelist of acceptable attributes for a given
- * element name.
+ * Fetch the whitelist of acceptable attributes for a given element name.
*
- * @param string $element
- * @return array
+ * @param $element String
+ * @return Array
*/
static function attributeWhitelist( $element ) {
static $list;
/**
* Foreach array key (an allowed HTML element), return an array
* of allowed attributes
- * @return array
+ * @return Array
*/
static function setupAttributeWhitelist() {
$common = array( 'id', 'class', 'lang', 'dir', 'title', 'style' );
* Warning: this return value must be further escaped for literal
* inclusion in HTML output as of 1.10!
*
- * @param string $text HTML fragment
- * @return string
+ * @param $text String: HTML fragment
+ * @return String
*/
static function stripAllTags( $text ) {
# Actual <tags>
*
* Use for passing XHTML fragments to PHP's XML parsing functions
*
- * @return string
- * @static
+ * @return String
*/
static function hackDocType() {
global $wgHtmlEntities;