revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-17 09:18:44 +01:00
Code Issues Releases Wiki Activity

Kill phutil_render_tag()

Browse source 
Summary: Fixes some double escaping.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4945
This commit is contained in:
vrana 2013-02-13 14:48:19 -08:00 committed by epriestley
parent 0a08951a7c
commit 6ae4066d18
4 changed files with 31 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/applications/phriction/controller/PhrictionDiffController.php
View file

@ -116,7 +116,7 @@ final class PhrictionDiffController
'href' => '/phriction/history/'.$document->getSlug().'/', 'href' => '/phriction/history/'.$document->getSlug().'/',
), ),
'History'), 'History'),
phutil_escape_html("Changes Between Version {$l} and Version {$r}"), "Changes Between Version {$l} and Version {$r}",
)); ));
$comparison_table = $this->renderComparisonTable( $comparison_table = $this->renderComparisonTable(

2
src/applications/search/view/PhabricatorSearchResultView.php
View file

@ -93,7 +93,7 @@ final class PhabricatorSearchResultView extends AphrontView {
private function emboldenQuery($str) { private function emboldenQuery($str) {
if (!$this->query) { if (!$this->query) {
return phutil_escape_html($str); return $str;
} }
$query = $this->query->getQuery(); $query = $this->query->getQuery();

6
src/docs/developer/rendering_html.diviner
View file

@ -168,11 +168,11 @@ following examples are dangerous:
phutil_tag('span', array($evil => $evil2)); phutil_tag('span', array($evil => $evil2));
// Use PhutilURI to check if $evil is valid HTTP link.
phutil_tag('a', array('href' => $evil));
phutil_tag('span', array('onmouseover' => $evil)); phutil_tag('span', array('onmouseover' => $evil));
// Use PhutilURI to check if $evil is valid HTTP link.
hsprintf('<a href="%s">', $evil);
hsprintf('<%s>%s</%s>', $evil, $evil2, $evil); hsprintf('<%s>%s</%s>', $evil, $evil2, $evil);
// We have a lint rule disallowing this. // We have a lint rule disallowing this.

50
src/view/form/control/AphrontFormCropControl.php
View file

@ -58,7 +58,7 @@ final class AphrontFormCropControl extends AphrontFormControl {
) )
); );
return javelin_render_tag( return javelin_tag(
'div', 'div',
array( array(
'id' => $c_id, 'id' => $c_id,
@ -66,32 +66,34 @@ final class AphrontFormCropControl extends AphrontFormControl {
'mustcapture' => true, 'mustcapture' => true,
'class' => 'crop-box' 'class' => 'crop-box'
), ),
javelin_render_tag( array(
'img', javelin_tag(
array( 'img',
'src' => $file->getBestURI(), array(
'class' => 'crop-image', 'src' => $file->getBestURI(),
'sigil' => 'crop-image' 'class' => 'crop-image',
'sigil' => 'crop-image'
),
''
), ),
'' javelin_tag(
). 'input',
javelin_render_tag( array(
'input', 'type' => 'hidden',
array( 'name' => 'image_x',
'type' => 'hidden', 'sigil' => 'crop-x',
'name' => 'image_x', ),
'sigil' => 'crop-x', ''
), ),
'' javelin_tag(
). 'input',
javelin_render_tag( array(
'input', 'type' => 'hidden',
array( 'name' => 'image_y',
'type' => 'hidden', 'sigil' => 'crop-y',
'name' => 'image_y', ),
'sigil' => 'crop-y', ''
), ),
''
) )
); );
} }