Have you tried seeing if changing the arguments to htmlspecialchars() will
work? Note that htmlspecialchars() takes an argument $double_encode, e.g.,
htmlspecialchars( 'text', ENT_QUOTES, 'UTF-8', false );
When set to false, the function will not encode existing HTML entities in
the text.
More info:
http://php.net/manual/en/function.htmlspecialchars.php
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
On Wed, Jun 5, 2013 at 2:47 PM, Thomas Gries <mail(a)tgries.de> wrote:
I recently try to modernize an extension [1] to use
the /_Html _/class
and found a problem (at least for me) .
Like to receive your comments, and tips.
In several cases, I had to use Htlm::rawElement (*) instead of the safer
Html::element because of a nested <div> structure I want to generate like
<div id=outerdiv>
outertext-with- -or-something-character
<div id=innerdiv>
innertext
</div>
</div>
Html::rawElement( 'div',
array( 'some-outer-attributes' => 'some-outer-attribute-values'),
$outertext .
Html:element( 'div'
array( 'some-inner-attributes' =>
'some-inner-attribute-values'),
$innertext
)
After having compared Html methods rawElement and Element, and after
having asked around the #mediawiki
I found that I have to escape the content manually and could/should use
basically one of these two possibilities:
i) The #mediawiki recommended *htmlspecialchars*()
ii) Inside Html:element method I found
*
strtr( $contents, array(**
** // There's no point in escaping quotes, >, etc. in the contents of**
** // elements.**
** '&' => '&',**
** '<' => '<'**
**)*
*Both *are not suited for my case, when $outertext has this " "
character in it.
After looking around in class Html and class Xml I found,
that some of the methods use $wgContLang->normalize( $string ), and this
works for me, too.
I put this is into a private wrapper function escapeContent() =
*$wg**ContLang->normalize() (not shown here)
*
Html::rawElement( 'div',
array( 'some-outer-attributes' => 'some-outer-attribute-values'),
* ***$wg**ContLang->normalize****( $outertext ) .
Html:element( 'div'
array( 'some-inner-attributes' =>
'some-inner-attribute-values'),
$innertext
)
I am however not happy with that approach, because I do not know, if it
is correctly applied.
Therefore my questions to you:
1. Is my approach of applying Html class and using ->normalize()
correct ?
2. What could I do better, perhaps should I apply a certain
Sanitizer::method - or what else ?
3. Perhaps I am fully wrong, then please guide me to find a correct
solution.
I will be available on #mediawiki during the evening hours (UTC+2;
Wikinaut )
[1]
https://gerrit.wikimedia.org/r/#/c/67002/
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l