Merge "Inject "srvCache" and local DB connections into LockManagerDB"

[lhc/web/wiklou.git] / includes / Html.php

diff --git a/includes/Html.php b/includes/Html.php
index 7cb75bb..2ef891d 100644 (file)
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -46,13 +46,12 @@
  * @since 1.16
  */
 class Html {
-       // List of void elements from HTML5, section 8.1.2 as of 2011-08-12
+       // List of void elements from HTML5, section 8.1.2 as of 2016-09-19
        private static $voidElements = [
                'area',
                'base',
                'br',
                'col',
-               'command',
                'embed',
                'hr',
                'img',
@@ -339,7 +338,6 @@ class Html {
                                'height' => '150',
                                'width' => '300',
                        ],
-                       'command' => [ 'type' => 'command' ],
                        'form' => [
                                'action' => 'GET',
                                'autocomplete' => 'on',
@@ -627,6 +625,17 @@ class Html {
         * @return string Raw HTML
         */
        public static function inlineStyle( $contents, $media = 'all' ) {
+               // Don't escape '>' since that is used
+               // as direct child selector.
+               // Remember, in css, there is no "x" for hexadecimal escapes, and
+               // the space immediately after an escape sequence is swallowed.
+               $contents = strtr( $contents, [
+                       '<' => '\3C ',
+                       // CDATA end tag for good measure, but the main security
+                       // is from escaping the '<'.
+                       ']]>' => '\5D\5D\3E '
+               ] );
+
                if ( preg_match( '/[<&]/', $contents ) ) {
                        $contents = "/*<![CDATA[*/$contents/*]]>*/";
                }