1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 01:02:42 +01:00

Kill phutil_render_tag()

Summary: Fixes some double escaping.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4945
This commit is contained in:
vrana 2013-02-13 14:48:19 -08:00 committed by epriestley
parent 0a08951a7c
commit 6ae4066d18
4 changed files with 31 additions and 29 deletions

View file

@ -116,7 +116,7 @@ final class PhrictionDiffController
'href' => '/phriction/history/'.$document->getSlug().'/',
),
'History'),
phutil_escape_html("Changes Between Version {$l} and Version {$r}"),
"Changes Between Version {$l} and Version {$r}",
));
$comparison_table = $this->renderComparisonTable(

View file

@ -93,7 +93,7 @@ final class PhabricatorSearchResultView extends AphrontView {
private function emboldenQuery($str) {
if (!$this->query) {
return phutil_escape_html($str);
return $str;
}
$query = $this->query->getQuery();

View file

@ -168,11 +168,11 @@ following examples are dangerous:
phutil_tag('span', array($evil => $evil2));
// Use PhutilURI to check if $evil is valid HTTP link.
phutil_tag('a', array('href' => $evil));
phutil_tag('span', array('onmouseover' => $evil));
// Use PhutilURI to check if $evil is valid HTTP link.
hsprintf('<a href="%s">', $evil);
hsprintf('<%s>%s</%s>', $evil, $evil2, $evil);
// We have a lint rule disallowing this.

View file

@ -58,7 +58,7 @@ final class AphrontFormCropControl extends AphrontFormControl {
)
);
return javelin_render_tag(
return javelin_tag(
'div',
array(
'id' => $c_id,
@ -66,7 +66,8 @@ final class AphrontFormCropControl extends AphrontFormControl {
'mustcapture' => true,
'class' => 'crop-box'
),
javelin_render_tag(
array(
javelin_tag(
'img',
array(
'src' => $file->getBestURI(),
@ -74,8 +75,8 @@ final class AphrontFormCropControl extends AphrontFormControl {
'sigil' => 'crop-image'
),
''
).
javelin_render_tag(
),
javelin_tag(
'input',
array(
'type' => 'hidden',
@ -83,8 +84,8 @@ final class AphrontFormCropControl extends AphrontFormControl {
'sigil' => 'crop-x',
),
''
).
javelin_render_tag(
),
javelin_tag(
'input',
array(
'type' => 'hidden',
@ -92,6 +93,7 @@ final class AphrontFormCropControl extends AphrontFormControl {
'sigil' => 'crop-y',
),
''
),
)
);
}