I recently try to modernize an extension [1] to use the /_Html _/class and found a problem (at least for me) . Like to receive your comments, and tips.
In several cases, I had to use Htlm::rawElement (*) instead of the safer Html::element because of a nested <div> structure I want to generate like
<div id=outerdiv> outertext-with- -or-something-character
<div id=innerdiv> innertext </div>
</div>
Html::rawElement( 'div', array( 'some-outer-attributes' => 'some-outer-attribute-values'), $outertext . Html:element( 'div' array( 'some-inner-attributes' => 'some-inner-attribute-values'), $innertext
)
After having compared Html methods rawElement and Element, and after having asked around the #mediawiki I found that I have to escape the content manually and could/should use basically one of these two possibilities:
i) The #mediawiki recommended *htmlspecialchars*()
ii) Inside Html:element method I found * strtr( $contents, array(** ** // There's no point in escaping quotes, >, etc. in the contents of** ** // elements.** ** '&' => '&',** ** '<' => '<'** **)*
*Both *are not suited for my case, when $outertext has this " " character in it.
After looking around in class Html and class Xml I found, that some of the methods use $wgContLang->normalize( $string ), and this works for me, too. I put this is into a private wrapper function escapeContent() = *$wg**ContLang->normalize() (not shown here) *
Html::rawElement( 'div', array( 'some-outer-attributes' => 'some-outer-attribute-values'), * ***$wg**ContLang->normalize****( $outertext ) . Html:element( 'div' array( 'some-inner-attributes' => 'some-inner-attribute-values'), $innertext
)
I am however not happy with that approach, because I do not know, if it is correctly applied.
Therefore my questions to you:
1. Is my approach of applying Html class and using ->normalize() correct ? 2. What could I do better, perhaps should I apply a certain Sanitizer::method - or what else ? 3. Perhaps I am fully wrong, then please guide me to find a correct solution.
I will be available on #mediawiki during the evening hours (UTC+2; Wikinaut )