jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/390187 )
Change subject: VectorTemplate: Refactor literal HTML by using Html methods
instead
......................................................................
VectorTemplate: Refactor literal HTML by using Html methods instead
To some degree the literal HTML was (maybe) useful and self-documenting
at some point when the template was really simple, but until and unless
we really use an Html template for this, it's probably a lot easier to
maintain, understand and review (incl. from security perspective) if
we consistently use the Html class abstraction.
For now, I'm only focussing on cases where there is mixed literal HTML
with embedded PHP statements. The cases where HTML is created plain without
embedded PHP I'm leaving untouched for now.
Any case where attribute or content comes from PHP, use the Html class
instead to clearly indicate which values are escaped, and which are not.
Change-Id: Ib2d6425994918b0c17ef29c1b5d0f9893f61a889
---
M VectorTemplate.php
1 file changed, 34 insertions(+), 22 deletions(-)
Approvals:
Bartosz Dziewoński: Looks good to me, but someone else must approve
jenkins-bot: Verified
Jdlrobson: Looks good to me, approved
diff --git a/VectorTemplate.php b/VectorTemplate.php
index 031e6f0..110d902 100644
--- a/VectorTemplate.php
+++ b/VectorTemplate.php
@@ -61,30 +61,40 @@
<a id="top"></a>
<?php
if ( $this->data['sitenotice'] ) {
- ?>
- <div id="siteNotice"
class="mw-body-content"><?php $this->html( 'sitenotice' ) ?></div>
- <?php
+ echo Html::rawElement( 'div',
+ [ 'class' => 'mw-body-content' ],
+ // Raw HTML
+ $this->get( 'sitenotice' )
+ );
}
- ?>
- <?php
if ( is_callable( [ $this, 'getIndicators' ] ) ) {
echo $this->getIndicators();
}
// Loose comparison with '!=' is intentional, to catch
null and false too, but not '0'
if ( $this->data['title'] != '' ) {
+ echo Html::rawElement( 'h1',
+ [
+ 'id' => 'firstHeading',
+ 'class' => 'firstHeading',
+ 'lang' => $this->get(
'pageLanguage' ),
+ ],
+ // Raw HTML
+ $this->get( 'title' )
+ );
+ }
+
+ $this->html( 'prebodyhtml' );
?>
- <h1 id="firstHeading" class="firstHeading" lang="<?php
$this->text( 'pageLanguage' ); ?>"><?php
- $this->html( 'title' )
- ?></h1>
- <?php
- } ?>
- <?php $this->html( 'prebodyhtml' ) ?>
<div id="bodyContent" class="mw-body-content">
<?php
if ( $this->data['isarticle'] ) {
- ?>
- <div id="siteSub" class="noprint"><?php
$this->msg( 'tagline' ) ?></div>
- <?php
+ echo Html::element( 'div',
+ [
+ 'id' => 'siteSub',
+ 'class' => 'noprint',
+ ],
+ $this->getMsg( 'tagline'
)->text()
+ );
}
?>
<div id="contentSub"<?php $this->html(
'userlangattributes' ) ?>><?php
@@ -92,16 +102,18 @@
?></div>
<?php
if ( $this->data['undelete'] ) {
- ?>
- <div id="contentSub2"><?php
$this->html( 'undelete' ) ?></div>
- <?php
+ echo Html::rawElement( 'div',
+ [ 'id' => 'contentSub2' ],
+ // Raw HTML
+ $this->get( 'undelete' )
+ );
}
- ?>
- <?php
if ( $this->data['newtalk'] ) {
- ?>
- <div class="usermessage"><?php
$this->html( 'newtalk' ) ?></div>
- <?php
+ echo Html::rawElement( 'div',
+ [ 'class' => 'usermessage' ],
+ // Raw HTML
+ $this->get( 'newtalk' )
+ );
}
?>
<div id="jump-to-nav" class="mw-jump">
--
To view, visit https://gerrit.wikimedia.org/r/390187
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib2d6425994918b0c17ef29c1b5d0f9893f61a889
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/skins/Vector
Gerrit-Branch: master
Gerrit-Owner: Krinkle <krinklem...@gmail.com>
Gerrit-Reviewer: Bartosz Dziewoński <matma....@gmail.com>
Gerrit-Reviewer: Jdlrobson <jrob...@wikimedia.org>
Gerrit-Reviewer: Jforrester <jforres...@wikimedia.org>
Gerrit-Reviewer: Krinkle <krinklem...@gmail.com>
Gerrit-Reviewer: Legoktm <lego...@member.fsf.org>
Gerrit-Reviewer: VolkerE <volke...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
