This fixes a few minor discrepancies, like Vector outputting dir=""
(redundant to the one on <html>), and non-Monobook-based skins omitting
the capitalize-all-nouns class (!). This adds Html::openElement() and
refactors Html::rawElement() accordingly, so I checked that all parser
tests still pass.
I wasn't able to figure out if I broke some feature of right-floating
quickbars in the Standard skin, because I wasn't able to figure out what
the feature was in the first place. Hopefully either it works, or
nobody cares, or someone else will figure out what it was supposed to
do. (This is the stuff in getBodyOptions() in Standard.php I deleted;
I'm not sure the addition to sticky.js does what I want.)
Bug 16921. maxlength is not allowed on textareas in HTML4, so this only
works in HTML5. Note that Firefox 3.5 and Opera 9.22 ignore the
attribute (didn't test IE), so this isn't a complete fix. Recent WebKit
does respect the attribute (tested in Chrome 4).
Of course, the length limit of 200 is a hack, just like for edit
summaries, and we really need to move to a non-varchar(255) backend for
all these fields.
Relevant to r45517, r45571.
* spellcheck is not a boolean attribute; it is an enumerated attribute
whose possible values are "true" and "false". If it were boolean, the
permitted constructs would be <input spellcheck>, <input
spellcheck="spellcheck">, and <input spellcheck="">, which would all
set it true, and it would only be set to false if omitted entirely.
(It would be boolean if HTML5 had invented it, but can't be for
historical reasons.)
* spellcheck is valid on any HTML element, not just input, and so should
be stripped on any element.
For reference, a table of all HTML5 attributes can be found at:
<http://www.whatwg.org/specs/web-apps/current-work/multipage/section-index.html#attributes-0>
- EditPage::showEditForm broken up into task specific methods
- Subclasses can indicate they can't support section mode
- Standard inputs should all be now in methods they can be grabbed from by subclasses that want to re-arange things
- Many more places to override and hook into to change behavior
- showTextbox1 parameters changed from $classes to $customAttribs and $textoverride
- showContentForm and importContentFormData added; New workflow to override the wpTextbox1 behavior to use an alternate edit form ui or handle wpTextbox1 content in an alternate way.
- getActionURL added for EditPage subclasses used in places where $this->action isn't enough (ie: EditPage on special pages)
Html::textarea added
This fixes r56407, which fixed bug 20655. Now $wgWellFormedXml is used,
not $wgHtml5. The previous code was outputting malformed XML if
$wgHtml5 and $wgWellFormedXml were both true.
I wish we had unit tests for this. :(
As suggested by Nikerabbit on code review for r56778, noted how boolean
attributes are handled in a function-level comment. Also adjusted
comments to reduce duplication by referring to other functions'
comments.
Reported by Nikerabbit on IRC to happen on Preferences, although I
couldn't reproduce immediately. The change should be helpful for this
kind of thing anyway.
Only affects wikis with $wgWellFormedXml = false. In principle, the old
behavior might have permitted XSS in IE if that setting is false (which
is not the default), but I haven't checked. See
<http://code.google.com/p/html5lib/issues/detail?id=92>.
Some attributes that have defaults in HTML5 don't have defaults in
XHTML1, particularly type="" on scripts and styles (bug 20713). There's
not much point in trying to maintain two separate sets of defaults,
so I've just kept the HTML5 ones and haven't tried to strip any defaults
in XHTML1 mode.
This fixes some possible XML invalidity from r54767: CDATA stuff was
being added only if $wgHtml5 was false, instead of whenever
$wgWellFormedXml is true. Also, it uses CDATA for script as well as
style, but in both cases only uses it if there's a & or < somewhere.
This fixes r54567. That made the password fields on Special:ResetPass
always required, but in fact the current password should never be
required (existing users always might have empty passwords), and the new
password is only required if $wgMinimalPasswordLength > 0.
This commit also permits passing array( 'required' ) to
Html::(rawE|e)lement() instead of array( 'required' => 'meaningless' ),
for boolean attribs only. This syntax is used in SpecialResetpass.
On second thought, if you're outputting user-supplied JS without careful
validation, it doesn't really matter if it's HTML-escaped or not. :D
CSS has expr() and such too.
Split the giant arrays of attributes/values to one item per line, which makes them easier to look at, easier to grep, and easier to see what's happening when they're changed in diffs.
We're not printing; vertical space isn't at a premium. ;)
Added rawElement() to allow unescaped input (like Xml::tags() but
better-named :) ). This makes sure the easier case is the safer one as
well, and trades a risk of XSS for a risk of double-escaping. After
discussion in #mediawiki a few days ago.
This time done in a nice, centralized fashion, reducing LOC for callers
even if HTML 5 is disabled. The implementation is a new Html class,
similar to Xml but intended to be HTML-specific from the beginning
instead of half-heartedly attempting to provide generic XML services but
actually with lots of HTML-specific stuff tacked on.
As part of the new Html class, a global config option $wgWellFormedXml
is added. It's set to true by default, but if set to false, the Html
class will drop some things that HTML 5 doesn't require, like
self-closing " />" syntax and attribute quotation marks (sometimes).
