[MediaWiki-commits] [Gerrit] Xml.php: Do not escape double quotes in $contents of Xml::el... - change (mediawiki/core)

Gerrit Patch Uploader (Code Review) Wed, 24 Feb 2016 10:23:18 -0800

Gerrit Patch Uploader has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/273014


Change subject: Xml.php: Do not escape double quotes in $contents of 
Xml::element()
......................................................................

Xml.php: Do not escape double quotes in $contents of Xml::element()

There is no need to escape double quotes in content of XML.
Html::element() also does not escape double quotes in content.

ENT_NOQUOTES escapes '<', '>', '&' but not "'" and '"'.
https://secure.php.net/manual/en/function.htmlspecialchars.php

Change-Id: I3b585c43e532cca1a8951d6c9e8b4825fc3b012d
---
M includes/Xml.php
M tests/phpunit/includes/XmlTest.php
2 files changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/14/273014/1

diff --git a/includes/Xml.php b/includes/Xml.php
index 43f7217..4ceb717 100644
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -49,7 +49,7 @@
                        if ( $allowShortTag && $contents === '' ) {
                                $out .= ' />';
                        } else {
-                               $out .= '>' . htmlspecialchars( $contents ) . 
"</$element>";
+                               $out .= '>' . htmlspecialchars( $contents, 
ENT_NOQUOTES ) . "</$element>";
                        }
                }
                return $out;
diff --git a/tests/phpunit/includes/XmlTest.php 
b/tests/phpunit/includes/XmlTest.php
index c5314cb..0061861 100644
--- a/tests/phpunit/includes/XmlTest.php
+++ b/tests/phpunit/includes/XmlTest.php
@@ -92,8 +92,8 @@
         */
        public function testElementEscaping() {
                $this->assertEquals(
-                       '<element>hello &lt;there&gt; you &amp; you</element>',
-                       Xml::element( 'element', null, 'hello <there> you & 
you' ),
+                       '<element>"hello &lt;there&gt; your\'s &amp; 
you"</element>',
+                       Xml::element( 'element', null, '"hello <there> your\'s 
& you"' ),
                        'Element with no attributes and content that needs 
escaping'
                );
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/273014
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3b585c43e532cca1a8951d6c9e8b4825fc3b012d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Gerrit Patch Uploader <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Xml.php: Do not escape double quotes in $contents of Xml::el... - change (mediawiki/core)

Reply via email to