Kill phutil_render_tag()

Summary: Fixes some double escaping. Test Plan: None. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4945
2024-11-23 07:12:41 +01:00 · 2013-02-13 14:48:19 -08:00 · 2013-02-13 14:48:19 -08:00 · 6ae4066d18
commit 6ae4066d18
parent 0a08951a7c
4 changed files with 31 additions and 29 deletions
--- a/src/applications/phriction/controller/PhrictionDiffController.php
+++ b/src/applications/phriction/controller/PhrictionDiffController.php
@ -116,7 +116,7 @@ final class PhrictionDiffController
            'href' => '/phriction/history/'.$document->getSlug().'/',
          ),
          'History'),
-        phutil_escape_html("Changes Between Version {$l} and Version {$r}"),
+        "Changes Between Version {$l} and Version {$r}",
      ));

    $comparison_table = $this->renderComparisonTable(
--- a/src/applications/search/view/PhabricatorSearchResultView.php
+++ b/src/applications/search/view/PhabricatorSearchResultView.php
@ -93,7 +93,7 @@ final class PhabricatorSearchResultView extends AphrontView {

  private function emboldenQuery($str) {
    if (!$this->query) {
-      return phutil_escape_html($str);
+      return $str;
    }

    $query = $this->query->getQuery();
--- a/src/docs/developer/rendering_html.diviner
+++ b/src/docs/developer/rendering_html.diviner
@ -168,11 +168,11 @@ following examples are dangerous:

  phutil_tag('span', array($evil => $evil2));

-  // Use PhutilURI to check if $evil is valid HTTP link.
-  phutil_tag('a', array('href' => $evil));
-
  phutil_tag('span', array('onmouseover' => $evil));

+  // Use PhutilURI to check if $evil is valid HTTP link.
+  hsprintf('<a href="%s">', $evil);
+
  hsprintf('<%s>%s</%s>', $evil, $evil2, $evil);

  // We have a lint rule disallowing this.
--- a/src/view/form/control/AphrontFormCropControl.php
+++ b/src/view/form/control/AphrontFormCropControl.php
@ -58,7 +58,7 @@ final class AphrontFormCropControl extends AphrontFormControl {
      )
    );

-    return javelin_render_tag(
+    return javelin_tag(
      'div',
      array(
        'id' => $c_id,
@ -66,32 +66,34 @@ final class AphrontFormCropControl extends AphrontFormControl {
        'mustcapture' => true,
        'class' => 'crop-box'
      ),
-      javelin_render_tag(
-        'img',
-        array(
-          'src' => $file->getBestURI(),
-          'class' => 'crop-image',
-          'sigil' => 'crop-image'
+      array(
+        javelin_tag(
+          'img',
+          array(
+            'src' => $file->getBestURI(),
+            'class' => 'crop-image',
+            'sigil' => 'crop-image'
+          ),
+          ''
        ),
-        ''
-      ).
-      javelin_render_tag(
-        'input',
-        array(
-          'type' => 'hidden',
-          'name' => 'image_x',
-          'sigil' => 'crop-x',
+        javelin_tag(
+          'input',
+          array(
+            'type' => 'hidden',
+            'name' => 'image_x',
+            'sigil' => 'crop-x',
+          ),
+          ''
        ),
-        ''
-      ).
-      javelin_render_tag(
-        'input',
-        array(
-          'type' => 'hidden',
-          'name' => 'image_y',
-          'sigil' => 'crop-y',
+        javelin_tag(
+          'input',
+          array(
+            'type' => 'hidden',
+            'name' => 'image_y',
+            'sigil' => 'crop-y',
+          ),
+          ''
        ),
-        ''
      )
    );
  }