Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

html: Add param-taint annotation to Html::errorBox

Browse source 
Warn on unescaped html passed to Html::errorBox
Allow to find the situation fixed in
ac5c18327a83668e749c4bd731f212a96255dbf0 via phan-taint-check

Follow-Up: I0a613819cb2b19693a3e461ad45c793cce2bd989
Depends-On: Ia44c9a7a20bd8efc6619210bcf7056068ac87f1a
Depends-On: I9dbca9939bf8b2b1b31b26f20eb3530554f05f6f
Depends-On: I4cbcb6763042b51a198ce66138c171f41ce52457
Depends-On: Ic1abdf3814f5bed75531107f0ac983223e531e82
Depends-On: I4169bbe23ec8d8e302c4b6754a54d89ad3115410
Change-Id: I6897388ef05b5f1d61f09caaa9c328cdbe84f431
This commit is contained in:
Umherirrender 2024-08-21 22:16:00 +02:00
parent 018a15848c
commit 03468c8f30
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
includes/Html/Html.php
View file

@ -688,6 +688,7 @@ class Html {
* Return the HTML for a message box.
* @since 1.31
* @param string $html of contents of box
* @param-taint $html tainted
* @param string|array $className corresponding to box
* @param string $heading (optional)
* @param string $iconClassName (optional) corresponding to box icon
@ -725,6 +726,7 @@ class Html {
* Return the HTML for a notice message box.
* @since 1.38
* @param string $html of contents of notice
* @param-taint $html tainted
* @param string|array $className corresponding to notice
* @param string $heading (optional)
* @param string|array $iconClassName (optional) corresponding to notice icon
@ -743,6 +745,7 @@ class Html {
* @since 1.31
* @since 1.34 $className optional parameter added
* @param string $html of contents of box
* @param-taint $html tainted
* @param string $className (optional) corresponding to box
* @return string of HTML representing a warning box.
*/
@ -757,6 +760,7 @@ class Html {
* @since 1.31
* @since 1.34 $className optional parameter added
* @param string $html of contents of error box
* @param-taint $html tainted
* @param string $heading (optional)
* @param string $className (optional) corresponding to box
* @return string of HTML representing an error box.
@ -772,6 +776,7 @@ class Html {
* @since 1.31
* @since 1.34 $className optional parameter added
* @param string $html of contents of box
* @param-taint $html tainted
* @param string $className (optional) corresponding to box
* @return string of HTML representing a success box.
*/