daniel at svn
Nov 7, 2009, 8:46 AM
Post #1 of 1
(11 views)
Permalink
|
|
SVN: [58717] trunk/phase3/includes
|
|
http://www.mediawiki.org/wiki/Special:Code/MediaWiki/58717
Revision: 58717
Author: daniel
Date: 2009-11-07 16:46:34 +0000 (Sat, 07 Nov 2009)
Log Message:
-----------
adding support for <a> tags as a parser tag hook, in order to support rdfa output
Modified Paths:
--------------
trunk/phase3/includes/Linker.php
trunk/phase3/includes/Sanitizer.php
trunk/phase3/includes/parser/Parser.php
Modified: trunk/phase3/includes/Linker.php
===================================================================
--- trunk/phase3/includes/Linker.php 2009-11-07 15:59:45 UTC (rev 58716)
+++ trunk/phase3/includes/Linker.php 2009-11-07 16:46:34 UTC (rev 58717)
@@ -760,7 +760,10 @@
* hook play with them, *then* expand it all at once.
*/
function makeExternalLink( $url, $text, $escape = true, $linktype = '', $attribs = array() ) {
- $attribsText = $this->getExternalLinkAttributes( 'external ' . $linktype );
+ if ( isset( $attribs[ 'class' ] ) ) $class = $attribs[ 'class' ]; # yet another hack :(
+ else $class = 'external ' . $linktype;
+
+ $attribsText = $this->getExternalLinkAttributes( $class );
$url = htmlspecialchars( $url );
if( $escape ) {
$text = htmlspecialchars( $text );
Modified: trunk/phase3/includes/Sanitizer.php
===================================================================
--- trunk/phase3/includes/Sanitizer.php 2009-11-07 15:59:45 UTC (rev 58716)
+++ trunk/phase3/includes/Sanitizer.php 2009-11-07 16:46:34 UTC (rev 58717)
@@ -610,6 +610,8 @@
*/
static function validateAttributes( $attribs, $whitelist ) {
$whitelist = array_flip( $whitelist );
+ $hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
+
$out = array();
foreach( $attribs as $attribute => $value ) {
if( !isset( $whitelist[$attribute] ) ) {
@@ -641,6 +643,15 @@
}
}
+ # NOTE: even though elements using href/src are not allowed directly, supply
+ # validation code that can be used by tag hook handlers, etc
+ if ( $attribute === 'href' || $attribute === 'src' ) {
+ if ( !preg_match( $hrefExp, $value ) ) {
+ continue; //drop any href or src attributes not using an allowed protocol.
+ //NOTE: this also drops all relative URLs
+ }
+ }
+
// If this attribute was previously set, override it.
// Output should only have one attribute of each name.
$out[$attribute] = $value;
@@ -1279,6 +1290,9 @@
'td' => array_merge( $common, $tablecell, $tablealign ),
'th' => array_merge( $common, $tablecell, $tablealign ),
+ # 12.2 # NOTE: <a> is not allowed directly, but the attrib whitelist is used from the Parser object
+ 'a' => array_merge( $common, array( 'href', 'rel', 'rev' ) ), # rel/rev esp. for RDFa
+
# 13.2
# Not usually allowed, but may be used for extension-style hooks
# such as <math> when it is rasterized
Modified: trunk/phase3/includes/parser/Parser.php
===================================================================
--- trunk/phase3/includes/parser/Parser.php 2009-11-07 15:59:45 UTC (rev 58716)
+++ trunk/phase3/includes/parser/Parser.php 2009-11-07 16:46:34 UTC (rev 58717)
@@ -129,7 +129,7 @@
$this->mFunctionHooks = array();
$this->mFunctionTagHooks = array();
$this->mFunctionSynonyms = array( 0 => array(), 1 => array() );
- $this->mDefaultStripList = $this->mStripList = array( 'nowiki', 'gallery' );
+ $this->mDefaultStripList = $this->mStripList = array( 'nowiki', 'gallery', 'a' );
$this->mUrlProtocols = wfUrlProtocols();
$this->mExtLinkBracketedRegex = '/\[(\b(' . wfUrlProtocols() . ')'.
'[^][<>"\\x00-\\x20\\x7F]+) *([^\]\\x0a\\x0d]*?)\]/S';
@@ -3284,6 +3284,9 @@
case 'gallery':
$output = $this->renderImageGallery( $content, $attributes );
break;
+ case 'a':
+ $output = $this->renderHyperlink( $content, $attributes, $frame );
+ break;
case 'math':
if ( $this->mOptions->getUseTeX() ) {
$output = $wgContLang->armourMath(
@@ -4333,6 +4336,35 @@
}
/**
+ * Tag hook handler for 'a'. Renders a HTML <a> tag, allowing most attributes, filtering href against
+ * allowed protocols and spam blacklist.
+ **/
+ function renderHyperlink( $text, $params, $frame = false ) {
+ foreach ( $params as $name => $value ) {
+ $params[ $name ] = $this->replaceVariables( $value, $frame );
+ }
+
+ $whitelist = Sanitizer::attributeWhitelist( 'a' );
+ $params = Sanitizer::validateAttributes( $params, $whitelist );
+
+ $content = $this->recursiveTagParse( trim( $text ), $frame );
+
+ if ( isset( $params[ 'href' ] ) ) {
+ $href = $params[ 'href' ];
+ $this->mOutput->addExternalLink( $href );
+ unset( $params[ 'href' ] );
+ } else {
+ # Non-link <a> tag
+ return Xml::openElement( 'a', $params ) . $content . Xml::closeElement( 'a' );
+ }
+
+ $sk = $this->mOptions->getSkin();
+ $html = $sk->makeExternalLink( $href, $content, false, '', $params );
+
+ return $html;
+ }
+
+ /**
* Renders an image gallery from a text with one line per image.
* text labels may be given by using |-style alternative text. E.g.
* Image:one.jpg|The number "1"
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS[at]lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
|
