mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-27 01:02:42 +01:00
Kill phutil_render_tag()
Summary: Fixes some double escaping. Test Plan: None. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4945
This commit is contained in:
parent
0a08951a7c
commit
6ae4066d18
4 changed files with 31 additions and 29 deletions
|
@ -116,7 +116,7 @@ final class PhrictionDiffController
|
|||
'href' => '/phriction/history/'.$document->getSlug().'/',
|
||||
),
|
||||
'History'),
|
||||
phutil_escape_html("Changes Between Version {$l} and Version {$r}"),
|
||||
"Changes Between Version {$l} and Version {$r}",
|
||||
));
|
||||
|
||||
$comparison_table = $this->renderComparisonTable(
|
||||
|
|
|
@ -93,7 +93,7 @@ final class PhabricatorSearchResultView extends AphrontView {
|
|||
|
||||
private function emboldenQuery($str) {
|
||||
if (!$this->query) {
|
||||
return phutil_escape_html($str);
|
||||
return $str;
|
||||
}
|
||||
|
||||
$query = $this->query->getQuery();
|
||||
|
|
|
@ -168,11 +168,11 @@ following examples are dangerous:
|
|||
|
||||
phutil_tag('span', array($evil => $evil2));
|
||||
|
||||
// Use PhutilURI to check if $evil is valid HTTP link.
|
||||
phutil_tag('a', array('href' => $evil));
|
||||
|
||||
phutil_tag('span', array('onmouseover' => $evil));
|
||||
|
||||
// Use PhutilURI to check if $evil is valid HTTP link.
|
||||
hsprintf('<a href="%s">', $evil);
|
||||
|
||||
hsprintf('<%s>%s</%s>', $evil, $evil2, $evil);
|
||||
|
||||
// We have a lint rule disallowing this.
|
||||
|
|
|
@ -58,7 +58,7 @@ final class AphrontFormCropControl extends AphrontFormControl {
|
|||
)
|
||||
);
|
||||
|
||||
return javelin_render_tag(
|
||||
return javelin_tag(
|
||||
'div',
|
||||
array(
|
||||
'id' => $c_id,
|
||||
|
@ -66,7 +66,8 @@ final class AphrontFormCropControl extends AphrontFormControl {
|
|||
'mustcapture' => true,
|
||||
'class' => 'crop-box'
|
||||
),
|
||||
javelin_render_tag(
|
||||
array(
|
||||
javelin_tag(
|
||||
'img',
|
||||
array(
|
||||
'src' => $file->getBestURI(),
|
||||
|
@ -74,8 +75,8 @@ final class AphrontFormCropControl extends AphrontFormControl {
|
|||
'sigil' => 'crop-image'
|
||||
),
|
||||
''
|
||||
).
|
||||
javelin_render_tag(
|
||||
),
|
||||
javelin_tag(
|
||||
'input',
|
||||
array(
|
||||
'type' => 'hidden',
|
||||
|
@ -83,8 +84,8 @@ final class AphrontFormCropControl extends AphrontFormControl {
|
|||
'sigil' => 'crop-x',
|
||||
),
|
||||
''
|
||||
).
|
||||
javelin_render_tag(
|
||||
),
|
||||
javelin_tag(
|
||||
'input',
|
||||
array(
|
||||
'type' => 'hidden',
|
||||
|
@ -92,6 +93,7 @@ final class AphrontFormCropControl extends AphrontFormControl {
|
|||
'sigil' => 'crop-y',
|
||||
),
|
||||
''
|
||||
),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue