/** * Take an array of attribute names and values and normalize or discard * illegal values for the given element type. * * - Discards attributes not on a whitelist for the given element * - Unsafe style attributes are discarded * - Invalid id attributes are re-encoded * * @param array $attribs * @param string $element * @return array * * @todo Check for legal values where the DTD limits things. * @todo Check for unique id attribute :P */ static function validateTagAttributes($attribs, $element) { return Sanitizer::validateAttributes($attribs, Sanitizer::attributeWhitelist($element)); }
/** * Parser hook * * @param string $text * @param array $args * @param Parser $parser * @return string */ public static function parserHook($text, $args = array(), $parser) { global $wgUseTidy; // Don't trim leading spaces away, just the linefeeds $out = preg_replace('/^\\n+/', '', rtrim($text)); // Convert deprecated attributes if (isset($args['enclose'])) { if ($args['enclose'] === 'none') { $args['inline'] = true; } unset($args['enclose']); } $lexer = isset($args['lang']) ? $args['lang'] : ''; $result = self::highlight($out, $lexer, $args); if (!$result->isGood()) { $parser->addTrackingCategory('syntaxhighlight-error-category'); } $out = $result->getValue(); // HTML Tidy will convert tabs to spaces incorrectly (bug 30930). // But the conversion from tab to space occurs while reading the input, // before the conversion from 	 to tab, so we can armor it that way. if ($wgUseTidy) { $out = str_replace("\t", '	', $out); } // Allow certain HTML attributes $htmlAttribs = Sanitizer::validateAttributes($args, array('style', 'class', 'id', 'dir')); if (!isset($htmlAttribs['class'])) { $htmlAttribs['class'] = self::HIGHLIGHT_CSS_CLASS; } else { $htmlAttribs['class'] .= ' ' . self::HIGHLIGHT_CSS_CLASS; } if (!(isset($htmlAttribs['dir']) && $htmlAttribs['dir'] === 'rtl')) { $htmlAttribs['dir'] = 'ltr'; } if (isset($args['inline'])) { // Enforce inlineness. Stray newlines may result in unexpected list and paragraph processing // (also known as doBlockLevels()). $out = str_replace("\n", ' ', $out); $out = Html::rawElement('code', $htmlAttribs, $out); } else { // Not entirely sure what benefit this provides, but it was here already $htmlAttribs['class'] .= ' ' . 'mw-content-' . $htmlAttribs['dir']; // Unwrap Pygments output to provide our own wrapper. We can't just always use the 'nowrap' // option (pass 'inline'), since it disables other useful things like line highlighting. // Tolerate absence of quotes for Html::element() and wgWellFormedXml=false. $m = array(); if (preg_match('/^<div class="?mw-highlight"?>(.*)<\\/div>$/s', trim($out), $m)) { $out = trim($m[1]); } else { throw new MWException('Unexpected output from Pygments encountered'); } // Use 'nowiki' strip marker to prevent list processing (also known as doBlockLevels()). // However, leave the wrapping <div/> outside to prevent <p/>-wrapping. $marker = $parser->mUniqPrefix . '-syntaxhighlightinner-' . sprintf('%08X', $parser->mMarkerIndex++) . $parser::MARKER_SUFFIX; $parser->mStripState->addNoWiki($marker, $out); $out = Html::openElement('div', $htmlAttribs) . $marker . Html::closeElement('div'); } // Register CSS $parser->getOutput()->addModuleStyles('ext.pygments'); return $out; }