forked from wikimedia/mediawiki-extensions-HTMLTags
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathHTMLTags_body.php
72 lines (60 loc) · 1.74 KB
/
HTMLTags_body.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
/**
* Main code for the HTML Tags extension
*
* @file
* @ingroup HTML Tags
*/
class HTMLTags {
/**
* @param $parser Parser
* @return bool
*/
public static function register( &$parser ) {
// Register the hook with the parser
for ( $i = 0 ; $i <= 50 ; $i++ ) {
$parser->setHook( 'htmltag' . $i, array( 'HTMLTags', 'render' ) );
}
// Continue
return true;
}
/**
* Handle the <htmltag> tag.
*
* @param $input string
* @param $args array
* @param $parser Parser
* @param $frame PPFrame
* @return string
*/
public static function render( $input, $args, $parser, $frame ) {
global $wgHTMLTagsAttributes;
if ( !array_key_exists( 'tagname', $args ) ) {
return wfMessage( 'htmltags-notagname' )->text();
}
$tagName = $args['tagname'];
if ( !array_key_exists( $tagName, $wgHTMLTagsAttributes ) ) {
return wfMessage( 'htmltags-unsupportedtag', $tagName )->escaped();
}
$input = $parser->replaceVariables( $input, $frame );
$attributes = array();
foreach ( $args as $key => $value ) {
if ( $key == 'tagname' ) { continue; }
if ( in_array( $key, $wgHTMLTagsAttributes[$tagName] )
|| in_array( '*', $wgHTMLTagsAttributes[$tagName] ) ) {
$value = $parser->replaceVariables( $value, $frame );
// Prevent JS injection into, for instance,
// the "href" attribute.
$value = htmlspecialchars( $value, ENT_QUOTES );
// Undo the escaping of '&', since it's used
// frequently in URLs. (Hopefully this isn't
// by itself unsafe.)
$value = str_replace( '&', '&', $value );
$attributes[$key] = $value;
}
}
// The use of Html::element() should prevent any further attempt
// at JavaScript injection.
return Html::element( $tagName, $attributes, $input );
}
}