Have you tried seeing if changing the arguments to htmlspecialchars() will work? Note that htmlspecialchars() takes an argument $double_encode, e.g.,
htmlspecialchars( 'text', ENT_QUOTES, 'UTF-8', false );
When set to false, the function will not encode existing HTML entities in the text. More info: http://php.net/manual/en/function.htmlspecialchars.php
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Wed, Jun 5, 2013 at 2:47 PM, Thomas Gries mail@tgries.de wrote:
I recently try to modernize an extension [1] to use the /_Html _/class and found a problem (at least for me) . Like to receive your comments, and tips.
In several cases, I had to use Htlm::rawElement (*) instead of the safer Html::element because of a nested <div> structure I want to generate like
<div id=outerdiv> outertext-with- -or-something-character
<div id=innerdiv> innertext </div>
</div>
Html::rawElement( 'div', array( 'some-outer-attributes' => 'some-outer-attribute-values'), $outertext . Html:element( 'div' array( 'some-inner-attributes' => 'some-inner-attribute-values'), $innertext
)
After having compared Html methods rawElement and Element, and after having asked around the #mediawiki I found that I have to escape the content manually and could/should use basically one of these two possibilities:
i) The #mediawiki recommended *htmlspecialchars*()
ii) Inside Html:element method I found
strtr( $contents, array(** ** // There's no point in escaping quotes, >, etc. in the contents of** ** // elements.** ** '&' => '&',** ** '<' => '<'** **)*
*Both *are not suited for my case, when $outertext has this " " character in it.
After looking around in class Html and class Xml I found, that some of the methods use $wgContLang->normalize( $string ), and this works for me, too. I put this is into a private wrapper function escapeContent() = *$wg**ContLang->normalize() (not shown here)
Html::rawElement( 'div', array( 'some-outer-attributes' => 'some-outer-attribute-values'),
- ***$wg**ContLang->normalize****( $outertext ) . Html:element( 'div' array( 'some-inner-attributes' => 'some-inner-attribute-values'), $innertext
)
I am however not happy with that approach, because I do not know, if it is correctly applied.
Therefore my questions to you:
- Is my approach of applying Html class and using ->normalize()
correct ? 2. What could I do better, perhaps should I apply a certain Sanitizer::method - or what else ? 3. Perhaps I am fully wrong, then please guide me to find a correct solution.
I will be available on #mediawiki during the evening hours (UTC+2; Wikinaut )
[1] https://gerrit.wikimedia.org/r/#/c/67002/
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l