9e033de4f2
It turns out this gets rid of a bunch of suppressed "SecurityCheck-DoubleEscaped" that appear to have been accurate warnings. There seems to have been some confusion about how ::truncateForVisual() is supposed to be used; in particular it is to be passed *unescaped* output, because it is not (generally speaking) safe to truncate HTML-escaped strings. The goal of ::truncateForVisual() is to have a specific number of codepoints in the output for display purposes, the encoding of those codepoints is not an issue (htmlspecialchars can be applied to the *return value*.) If you need a specific number of *bytes* you should be using ::truncateForDatabase(). If you want a certain number of *HTML bytes* then the ::truncateHtml() method is probably what you want. Slightly refactor some code in RevDelLogItem to avoid a false positive. Bug: T301205 Bug: T290624 Change-Id: I893362e049aedfa699043fcf27caf4815196f748 |
||
|---|---|---|
| .. | ||
| Hook | ||
| RevDelArchivedFileItem.php | ||
| RevDelArchivedFileList.php | ||
| RevDelArchivedRevisionItem.php | ||
| RevDelArchiveItem.php | ||
| RevDelArchiveList.php | ||
| RevDelFileItem.php | ||
| RevDelFileList.php | ||
| RevDelItem.php | ||
| RevDelList.php | ||
| RevDelLogItem.php | ||
| RevDelLogList.php | ||
| RevDelRevisionItem.php | ||
| RevDelRevisionList.php | ||
| RevisionDeleter.php | ||
| RevisionDeleteUser.php | ||