Hi, On 05/16/2016 07:51 AM, Chris Steipp wrote: > Is there any way we can default to having the body of the link not be > passed as html? It's called $html, well documented that it's raw html, and > I've lost track of the number of times people pass unsanitized text to it. > I'd rather it not be something developers have to worry about, unless they > know they need to handle the sanitization themselves. Maybe typehint a > Message object, and people can add raw params if they really need to send > it raw html?
Yeah, that sounds good, I implemented that change in PS22. Clients that still need to pass in raw HTML can use the new MediaWiki\Linker\HtmlArmor class to prevent it from being escaped. -- Legoktm _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
