aboutsummaryrefslogtreecommitdiffstats
path: root/includes/Html
Commit message (Collapse)AuthorAgeFilesLines
* Use type declaration on undocumented private functionsUmherirrender2025-04-021-1/+1
| | | | Change-Id: I0d8d2237500ed6f18439410c902d47c42e4119bc
* TemplateParser: Add use statement for ExceptionReedy2025-03-201-1/+2
| | | | Change-Id: Ic9cd94e8844043b87885b6c7f1768cdcd2e86837
* Html: Fix "substr(): Passing null to parameter #1 ($string) of type string ↵Paladox2025-03-171-1/+1
| | | | | | | is deprecated" Bug: T388944 Change-Id: Iaba9973aa774f0bac9cf56efc76bc249d4f578ee
* Re-apply "Drop all 49 remaining class_aliases from MediaWiki 1.40"Daimona Eaytoy2025-03-055-15/+0
| | | | | | | | | This reverts commit 1695950bccb1ca7eba98952753708ae7c4b76d8d and re-applies commit I8f3c2ea021d0f6e. Reason for revert: the remaining usages have been updated in Ida665f486eff384. Bug: T166010 Change-Id: I43f06e6872b264e43aef7fa7c2ac47159926a694
* Revert "Drop all 49 remaining class_aliases from MediaWiki 1.40"Ahmon Dancy2025-03-045-0/+15
| | | | | | | | | This reverts commit db47e7f7154a2121bce6d3d9e93a74486bf765f3. Reason for revert: Broke scap sync-world in beta, and possibly caused T387938 Bug: T166010 Change-Id: If608c3e27081bb36b284ad16a5b912dd51b3557e
* Drop all 49 remaining class_aliases from MediaWiki 1.40James D. Forrester2025-03-045-15/+0
| | | | | | | Bug: T166010 Depends-On: Iba93dd9749656e641c427e01790d7a14cd1a2dc2 Depends-On: I97ccc2c49ce09ca96192bf6ffdc833c1765c3faa Change-Id: I8f3c2ea021d0f6e574dde901f0bfd4a0408f5455
* Use Remex/HtmlHelper to implement Parser::replaceTableOfContentsC. Scott Ananian2025-01-092-2/+7
| | | | | | | | | | | | | | | | This is more robust and secure than the regular expression previously used to extract the <meta> tag. We also improve HtmlHelper slightly be adding the ability to replace an element with an 'outerHTML' string. Because our output is being run through Remex, there is a slightly larger degree of HTML normalization in the output than previously, which is visible in some small tweaks to test case outputs. Bug: T381617 Depends-On: I2712e0fa9272106e8cd686980f847ee7f6385b6f Change-Id: I4cb2f29cf890af90f295624c586d9e1eb1939b95
* Html: Add hint about mediawiki.codex.messagebox.styles to Html::*BoxUmherirrender2024-11-271-0/+20
| | | | | Bug: T375287 Change-Id: I27ac42bb82f5c81b72bf129f81cbc48ae4465202
* Support 'include' parameter in namespace select inputsSTran2024-10-301-0/+8
| | | | | | | | | | | | | | | | | Namespace select inputs already support an 'exclude' parameter, ignoring any namespaces that match ids in that array. For Special:GlobalContributions, it would be useful to have the opposite - an array of namespaces to be included, as it only wants to support filtering on common namespaces. - Allow an 'include' parameter to be passed through to the namespace select input - Support 'include' in Html inputs and OOUI inputs TODO: Support 'include in Codex inputs (see T378582) Bug: T378179 Change-Id: I4170beb588292fbec26926ca3afe559c25de9f55
* Drop legacy classes from HTML message box outputJon Robson2024-09-231-5/+0
| | | | | | | | | The use of this markup is triggering the loading of mediawiki.legacy.messageBox and deprecation notices on all pages that use the Html method. Bug: T360668 Depends-On: I4bd1a8a9d4eda1b3e89d067d6671d3f8bad4f584 Change-Id: I0195d4b0f790f6595cc626a6db96b4fc6380a0f4
* mediawiki.special.block: add reason fieldhmonroy2024-09-111-0/+25
| | | | | | | | | | | | | | | Add Html::listDropdownOptionsCodex() that takes a bulleted list like [[MediaWiki:Ipbreason-dropdown]] and adapts the data struture for use with a Codex Select component. Currently optgroups are not supported (T367241) so we show the optgroup labels as disabled options instead. URL query string parameters do not yet prefill any fields. This will be tackled as part of T368583. Bug: T362912 Change-Id: Ib89dcf35ca2a1cd74404c42f5411d7c095b98952
* Add missing documentation to class properties (frontend-related)Umherirrender2024-09-052-0/+2
| | | | | | | | | | Add doc-typehints to class properties found by the PropertyDocumentation sniff to improve the documentation. Once the sniff is enabled it avoids that new code is missing type declarations. This is focused on documentation and does not change code. Change-Id: Id75cb2e5fbee0fe7600f92473d876f23730d46b7
* html: Add param-taint annotation to Html::errorBoxUmherirrender2024-08-221-0/+5
| | | | | | | | | | | | | | Warn on unescaped html passed to Html::errorBox Allow to find the situation fixed in ac5c18327a83668e749c4bd731f212a96255dbf0 via phan-taint-check Follow-Up: I0a613819cb2b19693a3e461ad45c793cce2bd989 Depends-On: Ia44c9a7a20bd8efc6619210bcf7056068ac87f1a Depends-On: I9dbca9939bf8b2b1b31b26f20eb3530554f05f6f Depends-On: I4cbcb6763042b51a198ce66138c171f41ce52457 Depends-On: Ic1abdf3814f5bed75531107f0ac983223e531e82 Depends-On: I4169bbe23ec8d8e302c4b6754a54d89ad3115410 Change-Id: I6897388ef05b5f1d61f09caaa9c328cdbe84f431
* Add namespace to the root classes of ObjectCacheEbrahim Byagowi2024-07-101-1/+1
| | | | | | | | | And deprecated aliases for the the no namespaced classes. ReplicatedBagOStuff that already is deprecated isn't moved. Bug: T353458 Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
* Consolidate minor code duplication in Html::dropDefaultsthiemowmde2024-05-161-12/+5
| | | | | | | | | The idea here is that the attribute can be both a value in the array (with an integer key) or a string key (with a meaningless value, except for false). This is needed because the normalization via self::$boolAttribs is done later. Change-Id: I8c4adab45b84b0cfa607eb1b04944fa2c3a2aa3e
* Add namespace and deprecation alias to FormatJsonEbrahim Byagowi2024-05-161-1/+1
| | | | | | | | | This patch introduces a namespace declaration for the MediaWiki\Json to FormatJson and establishes a class alias marked as deprecated since version 1.43. Bug: T353458 Change-Id: I5e1311e4eb7a878a7db319b725ae262f40671c32
* fix: use objectcachefactory methods instead of deprecated objectcache methodsIrina Balaban2024-05-051-2/+2
| | | | | Bug: T363770 Change-Id: Ie732f6925ec2b1316a60bebbe3c27f963c9dacb1
* Avoid deprecated Xml::checkLabelTimo Tijhof2024-03-261-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See also I61c8f671273 in CentralAuth. For improved clarify, I'm mostly replacing it with Html::element() rather than Html::input(). While at it: * Fix incorrect docs that state the opposite of what is true in Html::input. Especially confusing when coming from Xml::input, as it implies that the behaviour is less secure, when actually its the same (plain text, automatically escaped by Html::element as any other attribute value). * Make $attrs optional in Html::submitButton, like Xml::submitButton. * Improve the Basic form rendering in RecentChanges/Watchlist to build the two copies of the same inputs the exact same way, and to do so without needless `<input id><label for>` complexity, but instead wrap the label around the input. Rendering is pixel-identical (verified in Firefox) and removes the need to attach the same title="" attribute twice in the HTML output (on both the input and the label element previously). * As side-effect of this chnage, SpecialUserRights no longer unexpectedly sets `class="mw-userrights-groupcheckbox"` on both the checkbox `<input>` and on the `<label>`, something the userrights.css stylesheet works around by narrowing the selector to just `input.groupcheckbox` because otherwise it would never be `:checked` since the label element is by definition never checked. Yet another indication that the abstraction is a bad fit, and yet people stuck with it well beyond even the narrow case where it happens to work. Change-Id: I33bf6ab5e013f046c5f31c6ceae118d6240c5294
* Standardise all our class alias deprecation comments for ease of greppingJames D. Forrester2024-03-196-16/+6
| | | | Change-Id: I7f85d931d3b79da23e87b4e5692b2e14be8fcaa0
* Rename dropdown-related methods to avoid random camel-caseBartosz Dziewoński2024-03-091-4/+4
| | | | | | | | | | | | | | | | It's a dropdown, not a drop down, therefore rename: * Html::listDropDownOptions → Html::listDropdownOptions * Xml::listDropDownOptions → Xml::listDropdownOptions * Html::listDropDownOptionsOoui → Html::listDropdownOptionsOoui * Xml::listDropDownOptionsOoui → Xml::listDropdownOptionsOoui * Xml::listDropDown → Xml::listDropdown In PHP, method names are case-insensitive, therefore we can do this without a breaking change or deprecation. This also matches the naming convention in OOUI. Change-Id: Ifda13ba9dee316709c424636ec3b285de8d0e9b1
* HtmlHelper: Fix entity encoding when $html5format = falseBartosz Dziewoński2024-02-091-2/+13
| | | | | | | Follow-up to 84d0dff9680bed2aeaa491dfb5958634e0f27ec6. Bug: T354361 Change-Id: I44a98f667a89d0baa25188fc6d43f92b3ad19b84
* Deprecate Html::buttonAttributes() and Html::getTextInputAttributes()Bartosz Dziewoński2024-02-051-27/+10
| | | | | | | | These methods no longer do anything after the removal of $wgUseMediaWikiUIEverywhere. They're not used in WMF production, so let's emit deprecation warnings immediately. Change-Id: I83d15104d56bcfd78cb5ef1214b560d593dfc9c8
* Merge "Remove uses of $wgUseMediaWikiUIEverywhere"jenkins-bot2024-02-051-53/+5
|\
| * Remove uses of $wgUseMediaWikiUIEverywhereBartosz Dziewoński2024-02-041-53/+5
| | | | | | | | | | | | | | | | | | Removing the config variable in a separate change: Ib9966bc6a4a94f771cb99a5aa52fb6a1dc826ca5 (just in case something depends on its existence). Bug: T182050 Change-Id: Ic3e038df16fc540ec7f6bcb9a54d73f8d596d305
* | Html: Copy listDropDownOptions() and listDropDownOptionsOoui() from Xml and ↵James D. Forrester2024-02-031-0/+80
| | | | | | | | | | | | | | migrate users Bug: T356544 Change-Id: Ibcc13c92a48b3fd2a33914418dfbefb0dd890c82
* | Html: Remove unused ?? nullFomafix2024-01-301-1/+1
|/ | | | | | | I93845e8d6f870d147bd55cfe3827bc94b375d0ba the value in $selectAttribs['id'] is not null. Change-Id: I6ca9bba7d73fe1328bb08e0f97b8d34c017424dd
* Replace more instances of deprecated MWExceptionDaimona Eaytoy2024-01-191-12/+7
| | | | | Bug: T328220 Change-Id: Iba90f7f9b5766bccc05380d040138d74d5e9558a
* Replace more usages of deprecated MWExceptionDaimona Eaytoy2024-01-192-7/+5
| | | | | Bug: T328220 Change-Id: Ie9b56bcf5e962e275d80570cad98d676da505894
* Replace a few array_key_exists with the ??= syntaxthiemowmde2024-01-081-7/+2
| | | | | | | | Or just remove it. It's not needed when the structure is already an array. PHP will happily initialize multi-dimentional arrays when needed. Change-Id: I93845e8d6f870d147bd55cfe3827bc94b375d0ba
* HtmlHelper: Add "legacy compatibility" modeC. Scott Ananian2023-12-112-32/+59
| | | | | | | | | | | | | When using HtmlHelper for style deduplication, slight differences in the serialization format used by the legacy parser caused test failures. Add a "compatibility" mode which tries to better match legacy parser behavior for void elements, character escapes, and other details. Parsoid HTML has always been serialized using an HTML5 serializer, so this compatibility mode will be disabled when processing Parsoid HTML. Change-Id: I0441aa3e44f6562e05e95a18cc282c53fe446788
* Make use of str_contains/str_starts_with in a few placesthiemowmde2023-10-041-1/+1
| | | | Change-Id: I1946717d919a5ceb42cfbe61b9a184958f603d25
* Html: allow to pass a custom icon to noticeBoxSergio Gimeno2023-10-031-4/+12
| | | | | | | | Facilitate overriding the default CdxMessage notice icon. Bug: T300273 Change-Id: If51bc977e0cb42cfe9800caaf6a789a041d22e5c
* Annotate FormOptions::getValue as returning an unsafe valueDaimona Eaytoy2023-09-281-0/+2
| | | | | | | | | | | | Taint-check can actually determine this on its own, but this way the error messages are more concise because they don't go into the details of why the return value is tainted. Note that the return value may actually be safe depending on its type, but that's not easy for taint-check to know, and a core principle of taint-check is to prefer false positives to false negatives. Change-Id: I1e690f535a144cc53cbf3483a8f1d7d8d8eb4519
* Add another batch of taint-check annotationsDaimona Eaytoy2023-09-231-0/+5
| | | | | | | | | | | | | | | | Copied from MediaWikiSecurityCheckPlugin.php. Duplicate annotations from Xml::encode* to the corresponding Html::encode* methods, given that these were moved recently but not hardcoded in taint-check. As the only difference, remove the HTML taintedness type from the return value of Message::rawParams. If the argument is unsafe, it's reported immediately thanks to exec_html. Else, it does not contribute to the taintedness of the return value. Bug: T321806 Change-Id: I5ed340e1d127fb3eab6d6f9b905693d05a393360
* Add first batch of taint-check annotationsDaimona Eaytoy2023-09-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | These are the same as taint-check's MediaWikiSecurityCheckPlugin.php. The notable exception is methods in WebRequest that were previously hardcoded as returning a safe value. This was a consequence of said methods return safe types (e.g., int, bool). Instead of adding taint-check annotations, add return typehints instead, which let taint-check remove any taintedness. Fix some taint-check issues that were previously not spotted or whose suppressions were removed in other patches. Also fix the following bugs spotted by phan thanks to the type hints: - SpecialExport did not have explicit handling of null $depth, and just returned 0 because null fails both the < and the > comparisons. - Improve documentation of params and props in ProtectedPagesPager. SpecialProtectedPages can pass null $namespace and $size. - Remove unused parameter from SpecialProtectedPages::showOptions, of which $ns and $size were not documented as nullable. - Add FIXMEs in SpecialVersion about very inconsistent escaping. Bug: T321806 Change-Id: I726f528856614c92329683a0ad8936a42e262748
* Reorg: Move WebRequest to includes\RequestAmir Sarabadani2023-09-111-1/+1
| | | | | | | This has been approved as part of RFC T166010 Bug: T321882 Change-Id: I6bbdbbe6ea48cc1f50bc568bb8780fc7c5361a6f
* Bump phan to 0.13.0Amir Sarabadani2023-09-111-1/+1
| | | | Change-Id: I57c25d953700ca1cd97cc71ec2a28cbeb9ee875f
* Reorg: Move three output related classes to includes/Output/Amir Sarabadani2023-09-051-1/+1
| | | | | | | | | | And namesapce them: - StreamFile - OutputHandler - OutputPage Bug: T321882 Change-Id: Iedf8d88c595e580f2d8f0734c92aa5c45618ba33
* Html: Reject nested arrays from web request in FormOptionsUmherirrender2023-08-291-0/+5
| | | | | | | This is similiar to 58087fb7 Bug: T344931 Change-Id: I567b01c0e06cd6c11c1891b5ae7704087296693c
* Follow-up 7d8768e: Add in-code comment on aliases for when they were addedJames D. Forrester2023-08-255-0/+15
| | | | Change-Id: I34f9de9dd4a426f9950a45ab70828adf1aa3532d
* ResourceLoader: wrap module definitions in functionsTim Starling2023-08-111-5/+22
| | | | | | | | This is an intermediate step towards the linked bug, to help untangle the performance impacts. Bug: T343407 Change-Id: I086f173f811fb44683f4a67bf6bc415d7e27f593
* ResourceLoader: Remove support for CSP nonceTimo Tijhof2023-08-091-9/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The "nonce" CSP feature has been never been properly tested and is not on track to be enabled at WMF or in MW by default. The use of nonce-protected eval is not particularly meaningful. It is trivially bypassed by mw.loader.implement, mw.loader.store, or importScript(); all of which allow any code to be executed directly, or to be stored and loaded from a first-party origin. The "nonce" feature is not required for the T208188 roadmap, and with change I51b8535b2b21a3 there is now also a (small) performance reason to keep this disabled long-term. Until and unless there is a plan for enabling this particular aspect of CSP, we might as well remove it so that we don't waste time our time building abstraction layers and satisfying dependency injection through many years for something that might never be used. Note that this does not remove CSP support from ResourceLoader, and does not take away from the future of enabling CSP in MediaWiki to e.g. strictly block third-party scripts, or to require domains to opt-in by site config or user pref (T208188). Change-Id: I5a176c41a06a484a11e64bdacdc42b40811fe72e
* Html: Move encodeJsVar() + encodeJsCall() from XmlLucas Werkmeister2023-07-142-0/+126
| | | | | | | | | These methods really belong in the Html class, not Xml. Leave behind soft-deprecated Xml methods that forward to the Html ones, as well as a class alias for HtmlJsCode (renamed from XmlJsCode). Bug: T341779 Change-Id: I99a5f9de1411d4eb5ee30226b4e8ace3ea8b2c3b
* Merge "Html: Support more attr types in getTextInputAttributes()"jenkins-bot2023-07-121-5/+17
|\
| * Html: Support more attr types in getTextInputAttributes()Lucas Werkmeister2023-07-111-5/+17
| | | | | | | | | | | | | | | | | | | | Properly support class values that are strings, lists, or associative arrays, while ensuring that strings stay string for the usage in the Xml class (because Xml::expandAttributes(), unlike Html::expandAttributes(), doesn’t support array values). Bug: T341566 Change-Id: I3ee2be956d4b239901fa16440890bbcfb2fcf930
* | Merge "Remove obsolete remark from docblock"jenkins-bot2023-07-111-1/+1
|\ \ | |/ |/|
| * Remove obsolete remark from docblockMatěj Suchánek2023-07-111-1/+1
| | | | | | | | | | | | The code hasn't done that since 98ef0a2f5. Change-Id: Icd3fdc4104fe9997d531c05f0b32445bc0aba636
* | Always return the class as string from Html::getTextInputAttributesMatěj Suchánek2023-07-111-1/+1
|/ | | | | | | | | Iba9101e5f is not compatible with existing callers. E.g., I4ded6b4e fails with FlaggedRevs in stacktrace. Better stick to returning string in all cases. Bug: T341566 Change-Id: Id3bae3ded872d99320b5f7a60a8328c1d18c77f8
* Html: Fixes Error: [] operator not supported for stringsJon Robson2023-07-101-1/+2
| | | | | Bug: T341534 Change-Id: Iba9101e5fcf83f547b864c5782866962a3772a3f
* Login page: Use Codex CSS componentsJon Robson2023-07-061-3/+5
| | | | | | | | | | | | | | Changes: * Use Codex markup instead of mediawiki ui markup * We limit what can be customized by the skin * Current rules for touch area and snapping of inputs is moved from Minerva into core so other skins benefit from the styling * A placeholder text is adding to the "real name" field. * Introduce CodexHTMLForm Bug: T182050 Change-Id: I834cc0e07fc1e705753df6866a5eeda2ac77fb8e
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-21 22:15:21 +0000