/**
* Take a tag soup fragment listing an HTML element's attributes
* and normalize it to well-formed XML, discarding unwanted attributes.
* Output is safe for further wikitext processing, with escaping of
* values that could trigger problems.
*
* - Normalizes attribute names to lowercase
* - Discards attributes not on a whitelist for the given element
* - Turns broken or invalid entities into plaintext
* - Double-quotes all attribute values
* - Attributes without values are given the name as attribute
* - Double attributes are discarded
* - Unsafe style attributes are discarded
* - Prepends space if there are attributes.
*
* @param $text String
* @param $element String
* @return String
*/
static function fixTagAttributes($text, $element)
{
if (trim($text) == '') {
return '';
}
$decoded = Sanitizer::decodeTagAttributes($text);
$decoded = Sanitizer::fixDeprecatedAttributes($decoded, $element);
$stripped = Sanitizer::validateTagAttributes($decoded, $element);
$attribs = array();
foreach ($stripped as $attribute => $value) {
$encAttribute = htmlspecialchars($attribute);
$encValue = Sanitizer::safeEncodeAttribute($value);
$attribs[] = "{$encAttribute}=\"{$encValue}\"";
}
return count($attribs) ? ' ' . implode(' ', $attribs) : '';
}
/**
* Take a tag soup fragment listing an HTML element's attributes
* and normalize it to well-formed XML, discarding unwanted attributes.
* Output is safe for further wikitext processing, with escaping of
* values that could trigger problems.
*
* - Normalizes attribute names to lowercase
* - Discards attributes not on a whitelist for the given element
* - Turns broken or invalid entities into plaintext
* - Double-quotes all attribute values
* - Attributes without values are given the name as attribute
* - Double attributes are discarded
* - Unsafe style attributes are discarded
* - Prepends space if there are attributes.
*
* @param $text String
* @param $element String
* @return String
*/
static function fixTagAttributes($text, $element)
{
if (trim($text) == '') {
return '';
}
$decoded = Sanitizer::decodeTagAttributes($text);
$decoded = Sanitizer::fixDeprecatedAttributes($decoded, $element);
$stripped = Sanitizer::validateTagAttributes($decoded, $element);
$attribs = array();
foreach ($stripped as $attribute => $value) {
$encAttribute = htmlspecialchars($attribute);
$encValue = Sanitizer::safeEncodeAttribute($value);
# RTE (Rich Text Editor) - begin
# @author: Inez Korczyński, macbre
global $wgRTEParserEnabled;
if (!empty($wgRTEParserEnabled) && $encAttribute == 'style') {
// BugId:2462 - remove apostrophes from style attribute
$encValue = str_replace(''', '', $encValue);
$attribs[] = "data-rte-style=\"{$encValue}\"";
}
# RTE - end
$attribs[] = "{$encAttribute}=\"{$encValue}\"";
}
# RTE (Rich Text Editor) - begin
# @author: Inez Korczyński
global $wgRTEParserEnabled;
if (!empty($wgRTEParserEnabled)) {
if (strpos($text, "") !== false) {
RTE::$edgeCases[] = 'COMPLEX.08';
}
$attribs[] = RTEParser::encodeAttributesStr($text);
}
# RTE - end
return count($attribs) ? ' ' . implode(' ', $attribs) : '';
}
