diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php index 4d18f54528..d175a175ad 100644 --- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php +++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php @@ -182,10 +182,9 @@ class AphrontDefaultApplicationConfiguration return $login_controller->processRequest(); } - $content = - '
'. - phutil_escape_html($ex->getMessage()). - '
'; + $content = hsprintf( + '
%s
', + $ex->getMessage()); $dialog = new AphrontDialogView(); $dialog diff --git a/src/applications/auth/controller/PhabricatorLoginValidateController.php b/src/applications/auth/controller/PhabricatorLoginValidateController.php index 9423199711..a365618bd8 100644 --- a/src/applications/auth/controller/PhabricatorLoginValidateController.php +++ b/src/applications/auth/controller/PhabricatorLoginValidateController.php @@ -43,9 +43,9 @@ final class PhabricatorLoginValidateController $list = array(); foreach ($failures as $failure) { - $list[] = '
  • '.phutil_escape_html($failure).'
    • '; + $list[] = phutil_tag('li', array(), $failure); } - $list = ''; + $list = phutil_tag('ul', array(), $list); $view = new AphrontRequestFailureView(); $view->setHeader(pht('Login Failed')); diff --git a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php index 183954eebe..b08f7432cc 100644 --- a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php +++ b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php @@ -45,7 +45,7 @@ final class PhabricatorMustVerifyEmailController '

    '. pht('You must verify your email address to login. You should have a new '. 'email message from Phabricator with verification instructions in your '. - 'inbox (%s).', phutil_escape_html($email_address)). + 'inbox (%s).', phutil_tag('strong', array(), $email_address)). '

    '); $error_view->appendChild( '

    '. diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php index 2a6c9da6e1..dbfcc81810 100644 --- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php +++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php @@ -69,14 +69,16 @@ final class PhabricatorOAuthLoginController $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle(pht('Already Linked to Another Account')); - $dialog->appendChild('

    '. + $dialog->appendChild(phutil_tag( + 'p', + array(), pht( 'The %s account you just authorized is already linked to '. 'another Phabricator account. Before you can associate your %s '. 'account with this Phabriactor account, you must unlink it from '. - 'the Phabricator account it is currently linked to.

    ', - phutil_escape_html($provider_name), - phutil_escape_html($provider_name))).'

    '; + 'the Phabricator account it is currently linked to.', + $provider_name, + $provider_name))); $dialog->addCancelButton($provider->getSettingsPanelURI()); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -97,13 +99,15 @@ final class PhabricatorOAuthLoginController $dialog->setUser($current_user); $dialog->setTitle( pht('Already Linked to an Account From This Provider')); - $dialog->appendChild('

    '. + $dialog->appendChild(phutil_tag( + 'p', + array(), pht( 'The account you are logged in with is already linked to a %s '. 'account. Before you can link it to a different %s account, you '. - 'must unlink the old account.

    ', - phutil_escape_html($provider_name), - phutil_escape_html($provider_name))).'

    '; + 'must unlink the old account.', + $provider_name, + $provider_name))); $dialog->addCancelButton($provider->getSettingsPanelURI()); return id(new AphrontDialogResponse())->setDialog($dialog); } @@ -170,13 +174,15 @@ final class PhabricatorOAuthLoginController $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle(pht('Already Linked to Another Account')); - $dialog->appendChild('

    '. + $dialog->appendChild(phutil_tag( + 'p', + array(), pht( 'The %s account you just authorized has an email address which '. 'is already in use by another Phabricator account. To link the '. 'accounts, log in to your Phabricator account and then go to '. 'Settings.', - phutil_escape_html($provider_name))).'

    '; + $provider_name))); $user = id(new PhabricatorUser()) ->loadOneWhere('phid = %s', $known_email->getUserPHID()); @@ -189,10 +195,12 @@ final class PhabricatorOAuthLoginController $providers[] = PhabricatorOAuthProvider::newProvider($provider) ->getProviderName(); } - $dialog->appendChild( + $dialog->appendChild(phutil_tag( + 'p', + array(), pht( - '

    The account is associated with: %s.

    ', - implode(', ', phutil_escape_html($providers)))); + 'The account is associated with: %s.', + implode(', ', $providers)))); } $dialog->addCancelButton('/login/'); @@ -205,13 +213,15 @@ final class PhabricatorOAuthLoginController $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle(pht('No Account Registration with %s', $provider_name)); - $dialog->appendChild('

    '. + $dialog->appendChild(phutil_tag( + 'p', + array(), pht( 'You can not register a new account using %s; you can only use '. 'your %s account to log into an existing Phabricator account which '. 'you have registered through other means.', - phutil_escape_html($provider_name), - phutil_escape_html($provider_name))).'

    '; + $provider_name, + $provider_name))); $dialog->addCancelButton('/login/'); return id(new AphrontDialogResponse())->setDialog($dialog); diff --git a/src/applications/countdown/controller/PhabricatorCountdownDeleteController.php b/src/applications/countdown/controller/PhabricatorCountdownDeleteController.php index d544723cd2..db1ab235f0 100644 --- a/src/applications/countdown/controller/PhabricatorCountdownDeleteController.php +++ b/src/applications/countdown/controller/PhabricatorCountdownDeleteController.php @@ -33,9 +33,9 @@ final class PhabricatorCountdownDeleteController $dialog = new AphrontDialogView(); $dialog->setUser($request->getUser()); $dialog->setTitle('Really delete this countdown?'); - $dialog->appendChild( - '

    Are you sure you want to delete the countdown "'. - phutil_escape_html($timer->getTitle()).'"?

    '); + $dialog->appendChild(hsprintf( + '

    Are you sure you want to delete the countdown "%s"?

    ', + $timer->getTitle())); $dialog->addSubmitButton('Delete'); $dialog->addCancelButton('/countdown/'); $dialog->setSubmitURI($request->getPath()); diff --git a/src/applications/countdown/controller/PhabricatorCountdownViewController.php b/src/applications/countdown/controller/PhabricatorCountdownViewController.php index 6e084a3835..ed27dfdb58 100644 --- a/src/applications/countdown/controller/PhabricatorCountdownViewController.php +++ b/src/applications/countdown/controller/PhabricatorCountdownViewController.php @@ -32,12 +32,9 @@ final class PhabricatorCountdownViewController $chrome_visible ? pht('Disable Chrome') : pht('Enable Chrome')); $container = celerity_generate_unique_node_id(); - $content = - '
    -

    '. - phutil_escape_html($timer->getTitle()).' · '. - phabricator_datetime($timer->getDatePoint(), $user). - '

    + $content = hsprintf( + '
    +

    %s · %s

    @@ -46,20 +43,19 @@ final class PhabricatorCountdownViewController - '. - javelin_tag('td', - array('sigil' => 'phabricator-timer-days'), ''). - javelin_tag('td', - array('sigil' => 'phabricator-timer-hours'), ''). - javelin_tag('td', - array('sigil' => 'phabricator-timer-minutes'), ''). - javelin_tag('td', - array('sigil' => 'phabricator-timer-seconds'), ''). - ' + %s%s%s%s
    Minutes Seconds
    -
    '. - $chrome_link. - '
    '; +
    + %s + ', + $container, + $timer->getTitle(), + phabricator_datetime($timer->getDatePoint(), $user), + javelin_tag('td', array('sigil' => 'phabricator-timer-days'), ''), + javelin_tag('td', array('sigil' => 'phabricator-timer-hours'), ''), + javelin_tag('td', array('sigil' => 'phabricator-timer-minutes'), ''), + javelin_tag('td', array('sigil' => 'phabricator-timer-seconds'), ''), + $chrome_link); Javelin::initBehavior('countdown-timer', array( 'timestamp' => $timer->getDatepoint(), diff --git a/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php b/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php index 732b3b6a44..e3cdc98779 100644 --- a/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php +++ b/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php @@ -63,7 +63,7 @@ final class PhabricatorDaemonLogEventsView extends AphrontView { phutil_escape_html($event->getLogType()), phabricator_date($event->getEpoch(), $this->user), phabricator_time($event->getEpoch(), $this->user), - str_replace("\n", '
    ', phutil_escape_html($message.$more)), + phutil_escape_html_newlines($message.$more), ); if ($this->combinedLog) { diff --git a/src/applications/differential/controller/DifferentialCommentSaveController.php b/src/applications/differential/controller/DifferentialCommentSaveController.php index f03b26c01a..d49232bb37 100644 --- a/src/applications/differential/controller/DifferentialCommentSaveController.php +++ b/src/applications/differential/controller/DifferentialCommentSaveController.php @@ -56,7 +56,7 @@ final class DifferentialCommentSaveController extends DifferentialController { $dialog->setTitle(pht('Action Has No Effect')); $dialog->appendChild( - '

    '.phutil_escape_html($no_effect->getMessage()).'

    '); + phutil_tag('p', array(), $no_effect->getMessage())); if (strlen($comment) || $has_inlines) { $dialog->addSubmitButton(pht('Post as Comment')); diff --git a/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php b/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php index 4efe69250a..3032e15cc1 100644 --- a/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php +++ b/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php @@ -70,10 +70,7 @@ abstract class DifferentialChangesetHTMLRenderer break; case DifferentialChangeType::TYPE_MOVE_HERE: - $from = - "". - phutil_escape_html($changeset->getOldFile()). - ""; + $from = phutil_tag('strong', array(), $changeset->getOldFile()); switch ($file) { case DifferentialChangeType::FILE_TEXT: $message = pht('This file was moved from %s.', $from); @@ -97,10 +94,7 @@ abstract class DifferentialChangesetHTMLRenderer break; case DifferentialChangeType::TYPE_COPY_HERE: - $from = - "". - phutil_escape_html($changeset->getOldFile()). - ""; + $from = phutil_tag('strong', array(), $changeset->getOldFile()); switch ($file) { case DifferentialChangeType::FILE_TEXT: $message = pht('This file was copied from %s.', $from); @@ -124,10 +118,10 @@ abstract class DifferentialChangesetHTMLRenderer break; case DifferentialChangeType::TYPE_MOVE_AWAY: - $paths = - "". - phutil_escape_html(implode(', ', $changeset->getAwayPaths())). - ""; + $paths = phutil_tag( + 'strong', + array(), + implode(', ', $changeset->getAwayPaths())); switch ($file) { case DifferentialChangeType::FILE_TEXT: $message = pht('This file was moved to %s.', $paths); @@ -151,10 +145,10 @@ abstract class DifferentialChangesetHTMLRenderer break; case DifferentialChangeType::TYPE_COPY_AWAY: - $paths = - "". - phutil_escape_html(implode(', ', $changeset->getAwayPaths())). - ""; + $paths = phutil_tag( + 'strong', + array(), + implode(', ', $changeset->getAwayPaths())); switch ($file) { case DifferentialChangeType::FILE_TEXT: $message = pht('This file was copied to %s.', $paths); @@ -178,10 +172,10 @@ abstract class DifferentialChangesetHTMLRenderer break; case DifferentialChangeType::TYPE_MULTICOPY: - $paths = - "". - phutil_escape_html(implode(', ', $changeset->getAwayPaths())). - ""; + $paths = phutil_tag( + 'strong', + array(), + implode(', ', $changeset->getAwayPaths())); switch ($file) { case DifferentialChangeType::FILE_TEXT: $message = pht( @@ -262,23 +256,26 @@ abstract class DifferentialChangesetHTMLRenderer $nval = idx($new, $key); if ($oval !== $nval) { if ($oval === null) { - $oval = 'null'; + $oval = phutil_tag('em', array(), 'null'); } else { - $oval = nl2br(phutil_escape_html($oval)); + $oval = phutil_escape_html_newlines($oval); } if ($nval === null) { - $nval = 'null'; + $nval = phutil_tag('em', array(), 'null'); } else { - $nval = nl2br(phutil_escape_html($nval)); + $nval = phutil_escape_html_newlines($nval); } - $rows[] = + $rows[] = hsprintf( ''. - ''.phutil_escape_html($key).''. - ''.$oval.''. - ''.$nval.''. - ''; + '%s'. + '%s'. + '%s'. + '', + $key, + $oval, + $nval); } } diff --git a/src/applications/differential/view/DifferentialLocalCommitsView.php b/src/applications/differential/view/DifferentialLocalCommitsView.php index 6a3cae9439..d1207252d2 100644 --- a/src/applications/differential/view/DifferentialLocalCommitsView.php +++ b/src/applications/differential/view/DifferentialLocalCommitsView.php @@ -54,17 +54,17 @@ final class DifferentialLocalCommitsView extends AphrontView { } else { $commit_hash = null; } - $row[] = ''.phutil_escape_html($commit_hash).''; + $row[] = phutil_tag('td', array(), $commit_hash); if ($has_tree) { $tree = idx($commit, 'tree'); $tree = substr($tree, 0, 16); - $row[] = ''.phutil_escape_html($tree).''; + $row[] = phutil_tag('td', array(), $tree); } if ($has_local) { $local_rev = idx($commit, 'local', null); - $row[] = ''.phutil_escape_html($local_rev).''; + $row[] = phutil_tag('td', array(), $local_rev); } $parents = idx($commit, 'parents', array()); @@ -72,15 +72,15 @@ final class DifferentialLocalCommitsView extends AphrontView { if (is_array($parent)) { $parent = idx($parent, 'rev'); } - $parents[$k] = phutil_escape_html(substr($parent, 0, 16)); + $parents[$k] = substr($parent, 0, 16); } - $parents = implode('
    ', $parents); - $row[] = ''.$parents.''; + $parents = array_interleave(phutil_tag('br'), $parents); + $row[] = phutil_tag('td', array(), $parents); $author = nonempty( idx($commit, 'user'), idx($commit, 'author')); - $row[] = ''.phutil_escape_html($author).''; + $row[] = phutil_tag('td', array(), $author); $message = idx($commit, 'message'); @@ -107,9 +107,9 @@ final class DifferentialLocalCommitsView extends AphrontView { if ($date) { $date = phabricator_datetime($date, $user); } - $row[] = ''.$date.''; + $row[] = phutil_tag('td', array(), $date); - $rows[] = ''.implode('', $row).''; + $rows[] = phutil_tag('tr', array('class' => $class), $row); } diff --git a/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php b/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php index 67e6ee4da4..45f3de6c0b 100644 --- a/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php +++ b/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php @@ -119,24 +119,22 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView { } if (++$idx % 2) { - $class = ' class="alt"'; + $class = 'alt'; } else { $class = null; } + $lint_attrs = array('class' => 'revhistory-star'); + $unit_attrs = array('class' => 'revhistory-star'); if ($diff) { $lint = self::renderDiffLintStar($row['obj']); $unit = self::renderDiffUnitStar($row['obj']); - $lint_message = self::getDiffLintMessage($diff); - $unit_message = self::getDiffUnitMessage($diff); - $lint_title = ' title="'.phutil_escape_html($lint_message).'"'; - $unit_title = ' title="'.phutil_escape_html($unit_message).'"'; + $lint_attrs['title'] = self::getDiffLintMessage($diff); + $unit_attrs['title'] = self::getDiffUnitMessage($diff); $base = $this->renderBaseRevision($diff); } else { $lint = null; $unit = null; - $lint_title = null; - $unit_title = null; $base = null; } @@ -149,18 +147,20 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView { 'a', array('href' => '/differential/diff/'.$id.'/'), $id); - $rows[] = - ''. - ''.phutil_escape_html($name).''. - ''.$id_link.''. - ''.phutil_escape_html($base).''. - ''.phutil_escape_html($desc).''. - ''.$age.''. - ''.$lint.''. - ''.$unit.''. - ''.$old.''. - ''.$new.''. - ''; + $rows[] = phutil_tag( + 'tr', + array('class' => $class), + array( + phutil_tag('td', array('class' => 'revhistory-name'), $name), + phutil_tag('td', array('class' => 'revhistory-id'), $id_link), + phutil_tag('td', array('class' => 'revhistory-base'), $base), + phutil_tag('td', array('class' => 'revhistory-desc'), $desc), + phutil_tag('td', array('class' => 'revhistory-age'), $age), + phutil_tag('td', $lint_attrs, $lint), + phutil_tag('td', $unit_attrs, $unit), + phutil_tag('td', array('class' => 'revhistory-old'.$old_class), $old), + phutil_tag('td', array('class' => 'revhistory-new'.$new_class), $new), + )); } Javelin::initBehavior( diff --git a/src/applications/diviner/controller/DivinerListController.php b/src/applications/diviner/controller/DivinerListController.php index 2125532b98..3d408fcc37 100644 --- a/src/applications/diviner/controller/DivinerListController.php +++ b/src/applications/diviner/controller/DivinerListController.php @@ -41,11 +41,13 @@ final class DivinerListController extends PhabricatorController { ), $name); - $out[] = + $out[] = hsprintf( '
    '. - '

    '.$link.'

    '. - '

    '.phutil_escape_html($flavor).'

    '. - '
    '; + '

    %s

    '. + '

    %s

    '. + '', + $link, + $flavor); } $out = diff --git a/src/applications/feed/story/PhabricatorFeedStory.php b/src/applications/feed/story/PhabricatorFeedStory.php index b9715efca6..c94392b302 100644 --- a/src/applications/feed/story/PhabricatorFeedStory.php +++ b/src/applications/feed/story/PhabricatorFeedStory.php @@ -243,15 +243,14 @@ abstract class PhabricatorFeedStory implements PhabricatorPolicyInterface { } final protected function renderString($str) { - return ''.phutil_escape_html($str).''; + return phutil_tag('strong', array(), $str); } final protected function renderSummary($text, $len = 128) { if ($len) { $text = phutil_utf8_shorten($text, $len); } - $text = phutil_escape_html($text); - $text = str_replace("\n", '
    ', $text); + $text = phutil_escape_html_newlines($text); return $text; } diff --git a/src/applications/files/controller/PhabricatorFileDeleteController.php b/src/applications/files/controller/PhabricatorFileDeleteController.php index 127f297680..5f54debdc9 100644 --- a/src/applications/files/controller/PhabricatorFileDeleteController.php +++ b/src/applications/files/controller/PhabricatorFileDeleteController.php @@ -33,9 +33,9 @@ final class PhabricatorFileDeleteController extends PhabricatorFileController { $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle('Really delete file?'); - $dialog->appendChild( - "

    Permanently delete '".phutil_escape_html($file->getName())."'? This ". - "action can not be undone."); + $dialog->appendChild(hsprintf( + "

    Permanently delete '%s'? This action can not be undone.

    ", + $file->getName())); $dialog->addSubmitButton('Delete'); $dialog->addCancelButton($file->getInfoURI()); diff --git a/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php b/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php index 73c300cc2f..784f223011 100644 --- a/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php +++ b/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php @@ -25,14 +25,16 @@ final class PhabricatorHelpKeyboardShortcutController foreach ($keys as $shortcut) { $keystrokes = array(); foreach ($shortcut['keys'] as $stroke) { - $keystrokes[] = ''.phutil_escape_html($stroke).''; + $keystrokes[] = phutil_tag('kbd', array(), $stroke); } - $keystrokes = implode(' or ', $keystrokes); - $rows[] = - ''. - ''.$keystrokes.''. - ''.phutil_escape_html($shortcut['description']).''. - ''; + $keystrokes = array_interleave(' or ', $keystrokes); + $rows[] = phutil_tag( + 'tr', + array(), + array( + phutil_tag('th', array(), $keystrokes), + phutil_tag('td', array(), $shortcut['description']), + )); } $table = diff --git a/src/applications/herald/controller/HeraldDeleteController.php b/src/applications/herald/controller/HeraldDeleteController.php index 179ad8c838..8649f63993 100644 --- a/src/applications/herald/controller/HeraldDeleteController.php +++ b/src/applications/herald/controller/HeraldDeleteController.php @@ -43,9 +43,9 @@ final class HeraldDeleteController extends HeraldController { $dialog = new AphrontDialogView(); $dialog->setUser($request->getUser()); $dialog->setTitle('Really delete this rule?'); - $dialog->appendChild( - "Are you sure you want to delete the rule ". - "'".phutil_escape_html($rule->getName())."'?"); + $dialog->appendChild(hsprintf( + "Are you sure you want to delete the rule '%s'?", + $rule->getName())); $dialog->addSubmitButton('Delete'); $dialog->addCancelButton('/herald/'); $dialog->setSubmitURI($request->getPath()); diff --git a/src/applications/herald/controller/HeraldTranscriptController.php b/src/applications/herald/controller/HeraldTranscriptController.php index 0b80cdf3b4..3903bbcb91 100644 --- a/src/applications/herald/controller/HeraldTranscriptController.php +++ b/src/applications/herald/controller/HeraldTranscriptController.php @@ -108,10 +108,7 @@ final class HeraldTranscriptController extends HeraldController { $value = implode(', ', $value); } - return - ''. - phutil_escape_html($value). - ''; + return hsprintf('%s', $value); } private function buildSideNav() { @@ -296,22 +293,22 @@ final class HeraldTranscriptController extends HeraldController { } break; } - $target = phutil_escape_html($target); if ($apply_xscript->getApplied()) { - $outcome = 'SUCCESS'; + $outcome = hsprintf('SUCCESS'); } else { - $outcome = 'FAILURE'; + $outcome = hsprintf('FAILURE'); } - $outcome .= ' '.phutil_escape_html($apply_xscript->getAppliedReason()); $rows[] = array( phutil_escape_html($action_names[$apply_xscript->getAction()]), - $target, - 'Taken because: '. - phutil_escape_html($apply_xscript->getReason()). - '
    '. - 'Outcome: '.$outcome, + phutil_escape_html($target), + hsprintf( + 'Taken because: %s
    '. + 'Outcome: %s %s', + $apply_xscript->getReason(), + $outcome, + $apply_xscript->getAppliedReason()), ); } @@ -351,48 +348,48 @@ final class HeraldTranscriptController extends HeraldController { $cond_markup = array(); foreach ($xscript->getConditionTranscriptsForRule($rule_id) as $cond) { if ($cond->getNote()) { - $note = - '
    '. - phutil_escape_html($cond->getNote()). - '
    '; + $note = hsprintf( + '
    %s
    ', + $cond->getNote()); } else { $note = null; } if ($cond->getResult()) { - $result = + $result = hsprintf( ''. "\xE2\x9C\x93". - ''; + ''); } else { - $result = + $result = hsprintf( ''. "\xE2\x9C\x98". - ''; + ''); } - $cond_markup[] = - '
  • '. - $result.' Condition: '. - phutil_escape_html($field_names[$cond->getFieldName()]). - ' '. - phutil_escape_html($condition_names[$cond->getCondition()]). - ' '. - $this->renderConditionTestValue($cond, $handles). - $note. - '
    • '; + $cond_markup[] = phutil_tag( + 'li', + array(), + hsprintf( + '%s Condition: %s %s %s%s', + $result, + $field_names[$cond->getFieldName()], + $condition_names[$cond->getCondition()], + $this->renderConditionTestValue($cond, $handles), + $note)); } if ($rule->getResult()) { - $result = 'PASS'; + $result = hsprintf( + 'PASS'); $class = 'herald-rule-pass'; } else { - $result = 'FAIL'; + $result = hsprintf( + 'FAIL'); $class = 'herald-rule-fail'; } - $cond_markup[] = - '
  • '.$result.' '.phutil_escape_html($rule->getReason()).'
    • '; + $cond_markup[] = hsprintf('
  • %s %s
    • ', $result, $rule->getReason()); /* if ($rule->getResult()) { @@ -426,16 +423,16 @@ final class HeraldTranscriptController extends HeraldController { } $rule_markup[] = - phutil_render_tag( + phutil_tag( 'li', array( 'class' => $class, ), - '
    '. - ''.phutil_escape_html($name).' '. - phutil_escape_html($handles[$rule->getRuleOwner()]->getName()). - '
    '. - ''); + hsprintf( + '
    %s %s
    %s', + $name, + $handles[$rule->getRuleOwner()]->getName(), + phutil_tag('ul', array(), $cond_markup))); } $panel = new AphrontPanelView(); diff --git a/src/applications/maniphest/controller/ManiphestSavedQueryDeleteController.php b/src/applications/maniphest/controller/ManiphestSavedQueryDeleteController.php index dd4f9a35d0..9fae6869aa 100644 --- a/src/applications/maniphest/controller/ManiphestSavedQueryDeleteController.php +++ b/src/applications/maniphest/controller/ManiphestSavedQueryDeleteController.php @@ -34,11 +34,9 @@ final class ManiphestSavedQueryDeleteController extends ManiphestController { $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle('Really delete this query?') - ->appendChild( - '

    '. - 'Really delete the query "'.phutil_escape_html($name).'"? '. - 'It will be lost forever!'. - '

    ') + ->appendChild(hsprintf( + '

    Really delete the query "%s"? It will be lost forever!

    ', + $name)) ->addCancelButton('/maniphest/custom/') ->addSubmitButton('Delete'); diff --git a/src/applications/owners/controller/PhabricatorOwnersDeleteController.php b/src/applications/owners/controller/PhabricatorOwnersDeleteController.php index 4aa31e8d51..8e45a4c98e 100644 --- a/src/applications/owners/controller/PhabricatorOwnersDeleteController.php +++ b/src/applications/owners/controller/PhabricatorOwnersDeleteController.php @@ -27,10 +27,10 @@ final class PhabricatorOwnersDeleteController $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle('Really delete this package?') - ->appendChild( - '

    Are you sure you want to delete the "'. - phutil_escape_html($package->getName()).'" package? This operation '. - 'can not be undone.

    ') + ->appendChild(hsprintf( + '

    Are you sure you want to delete the "%s" package? This operation '. + 'can not be undone.

    ', + $package->getName())) ->addSubmitButton('Delete') ->addCancelButton('/owners/package/'.$package->getID().'/') ->setSubmitURI($request->getRequestURI()); diff --git a/src/applications/owners/controller/PhabricatorOwnersDetailController.php b/src/applications/owners/controller/PhabricatorOwnersDetailController.php index fe07e5767d..58afadf36d 100644 --- a/src/applications/owners/controller/PhabricatorOwnersDetailController.php +++ b/src/applications/owners/controller/PhabricatorOwnersDetailController.php @@ -92,8 +92,7 @@ final class PhabricatorOwnersDetailController 'path' => $path->getPath(), 'action' => 'browse' )); - $repo_name = ''.phutil_escape_html($repo->getName()). - ''; + $repo_name = phutil_tag('strong', array(), $repo->getName()); $path_link = phutil_tag( 'a', array( diff --git a/src/applications/owners/controller/PhabricatorOwnersListController.php b/src/applications/owners/controller/PhabricatorOwnersListController.php index c23ed1eb5f..9a140620b1 100644 --- a/src/applications/owners/controller/PhabricatorOwnersListController.php +++ b/src/applications/owners/controller/PhabricatorOwnersListController.php @@ -253,7 +253,7 @@ final class PhabricatorOwnersListController )); $pkg_paths[$key] = ($path->getExcluded() ? '–' : '+').' '. - ''.phutil_escape_html($repo->getName()).' '. + phutil_tag('strong', array(), $repo->getName()). phutil_tag( 'a', array( diff --git a/src/applications/people/controller/PhabricatorPeopleProfileController.php b/src/applications/people/controller/PhabricatorPeopleProfileController.php index f88c7dfa0e..d16f5d948e 100644 --- a/src/applications/people/controller/PhabricatorPeopleProfileController.php +++ b/src/applications/people/controller/PhabricatorPeopleProfileController.php @@ -182,36 +182,36 @@ final class PhabricatorPeopleProfileController $viewer = $this->getRequest()->getUser(); - $content = + $content = hsprintf( '

    Basic Information

    - + - +
    PHID'.phutil_escape_html($user->getPHID()).'%s
    User Since'.phabricator_datetime($user->getDateCreated(), - $viewer). - '%s
    -
    '; - $content .= + '. '

    Flavor Text

    - +
    Blurb'.$blurb.'%s
    -
    '; + ', + $user->getPHID(), + phabricator_datetime($user->getDateCreated(), $viewer), + $blurb); return $content; } diff --git a/src/applications/phame/controller/blog/PhameBlogFeedController.php b/src/applications/phame/controller/blog/PhameBlogFeedController.php index 53593a0a9e..88d80a06a7 100644 --- a/src/applications/phame/controller/blog/PhameBlogFeedController.php +++ b/src/applications/phame/controller/blog/PhameBlogFeedController.php @@ -35,20 +35,19 @@ final class PhameBlogFeedController extends PhameController { ->execute(); $content = array(); - $content[] = ''; - $content[] = ''.phutil_escape_html($blog->getName()).''; - $content[] = ''.phutil_escape_html(PhabricatorEnv::getProductionURI( - '/phame/blog/view/'.$blog->getID().'/')).''; + $content[] = phutil_tag('title', array(), $blog->getName()); + $content[] = phutil_tag('id', array(), PhabricatorEnv::getProductionURI( + '/phame/blog/view/'.$blog->getID().'/')); $updated = $blog->getDateModified(); if ($posts) { $updated = max($updated, max(mpull($posts, 'getDateModified'))); } - $content[] = ''.date('c', $updated).''; + $content[] = phutil_tag('updated', array(), date('c', $updated)); $description = $blog->getDescription(); if ($description != '') { - $content[] = ''.phutil_escape_html($description).''; + $content[] = phutil_tag('subtitle', array(), $description); } $engine = id(new PhabricatorMarkupEngine())->setViewer($user); @@ -63,37 +62,39 @@ final class PhameBlogFeedController extends PhameController { ->loadHandles(); foreach ($posts as $post) { - $content[] = ''; - $content[] = ''.phutil_escape_html($post->getTitle()).''; - $content[] = ''; + $content[] = hsprintf(''); + $content[] = phutil_tag('title', array(), $post->getTitle()); + $content[] = phutil_tag('link', array('href' => $post->getViewURI())); - $content[] = ''.phutil_escape_html(PhabricatorEnv::getProductionURI( - '/phame/post/view/'.$post->getID().'/')).''; + $content[] = phutil_tag('id', array(), PhabricatorEnv::getProductionURI( + '/phame/post/view/'.$post->getID().'/')); - $content[] = - ''. - ''. - phutil_escape_html($bloggers[$post->getBloggerPHID()]->getFullName()). - ''. - ''; + $content[] = hsprintf( + '%s%s', + $bloggers[$post->getBloggerPHID()]->getFullName()); - $content[] = ''.date('c', $post->getDateModified()).''; + $content[] = phutil_tag( + 'updated', + array(), + date('c', $post->getDateModified())); - $content[] = + $content[] = hsprintf( ''. - '
    '. - $engine->getOutput($post, PhamePost::MARKUP_FIELD_BODY). - '
    '. - '    '; + '
    %s
    '. + '', + $engine->getOutput($post, PhamePost::MARKUP_FIELD_BODY)); - $content[] = '    '; + $content[] = hsprintf('    '); } - $content[] = '    '; + $content = phutil_tag( + 'feed', + array('xmlns' => 'http://www.w3.org/2005/Atom'), + $content); return id(new AphrontFileResponse()) ->setMimeType('application/xml') - ->setContent(implode('', $content)); + ->setContent($content); } } diff --git a/src/applications/phriction/controller/PhrictionDocumentController.php b/src/applications/phriction/controller/PhrictionDocumentController.php index 2e9fe01800..85f0b4b396 100644 --- a/src/applications/phriction/controller/PhrictionDocumentController.php +++ b/src/applications/phriction/controller/PhrictionDocumentController.php @@ -45,31 +45,16 @@ final class PhrictionDocumentController } } $create_uri = '/phriction/edit/?slug='.$slug; - $create_sentence = - 'You can '. - phutil_tag( - 'a', - array( - 'href' => $create_uri, - ), - 'create a new document'). - '.'; - $button = phutil_tag( - 'a', - array( - 'href' => $create_uri, - 'class' => 'green button', - ), - 'Create Page'); - $page_content = + $page_content = hsprintf( '
    '. 'No content here!
    '. - 'No document found at '.phutil_escape_html($slug).'. '. - $create_sentence. - '
    '; + 'No document found at %s. '. + 'You can create a new document.'. + '', + $slug, + $create_uri); $page_title = 'Page Not Found'; - $buttons = $button; } else { $version = $request->getInt('v'); if ($version) { diff --git a/src/applications/ponder/view/PonderQuestionSummaryView.php b/src/applications/ponder/view/PonderQuestionSummaryView.php index a06cdcc46d..530267f400 100644 --- a/src/applications/ponder/view/PonderQuestionSummaryView.php +++ b/src/applications/ponder/view/PonderQuestionSummaryView.php @@ -25,26 +25,23 @@ final class PonderQuestionSummaryView extends AphrontView { $authorlink = $handles[$author_phid] ->renderLink(); - $votecount = + $votecount = hsprintf( '
    '. - phutil_escape_html($question->getVoteCount()). - '
    '. - 'votes'. - '
    '. - '
    '; + '%s'. + '
    votes
    '. + '', + $question->getVoteCount()); $answerclass = "ponder-summary-answers"; if ($question->getAnswercount() == 0) { $answerclass .= " ponder-not-answered"; } - $answercount = + $answercount = hsprintf( '
    '. - phutil_escape_html($question->getAnswerCount()). - '
    '. - 'answers'. - '
    '. - '
    '; - + '%s'. + '
    answers
    '. + '', + $question->getAnswerCount()); $title = '

    '. diff --git a/src/applications/project/controller/PhabricatorProjectProfileController.php b/src/applications/project/controller/PhabricatorProjectProfileController.php index 9e18af9849..60e9639e9a 100644 --- a/src/applications/project/controller/PhabricatorProjectProfileController.php +++ b/src/applications/project/controller/PhabricatorProjectProfileController.php @@ -129,8 +129,7 @@ final class PhabricatorProjectProfileController $viewer = $this->getRequest()->getUser(); $blurb = $profile->getBlurb(); - $blurb = phutil_escape_html($blurb); - $blurb = str_replace("\n", '
    ', $blurb); + $blurb = phutil_escape_html_newlines($blurb); $phids = array($project->getAuthorPHID()); $phids = array_unique($phids); @@ -138,30 +137,34 @@ final class PhabricatorProjectProfileController $timestamp = phabricator_datetime($project->getDateCreated(), $viewer); - $about = + $about = hsprintf( '

    About

    - + - + - + - +
    Creator'.$handles[$project->getAuthorPHID()]->renderLink().'%s
    Created'.$timestamp.'%s
    PHID'.phutil_escape_html($project->getPHID()).'%s
    Blurb'.$blurb.'%s
    -
    '; + ', + $handles[$project->getAuthorPHID()]->renderLink(), + $timestamp, + $project->getPHID(), + $blurb); return $about; } diff --git a/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectDeleteController.php b/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectDeleteController.php index edce5a443d..3604513e69 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectDeleteController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectDeleteController.php @@ -28,10 +28,10 @@ final class PhabricatorRepositoryArcanistProjectDeleteController $dialog ->setUser($request->getUser()) ->setTitle('Really delete this arcanist project?') - ->appendChild( - '

    Really delete the "'.phutil_escape_html($arc_project->getName()). - '" arcanist project? '. - 'This operation can not be undone.

    ') + ->appendChild(hsprintf( + '

    Really delete the "%s" arcanist project? '. + 'This operation can not be undone.

    ', + $arc_project->getName())) ->setSubmitURI('/repository/project/delete/'.$this->id.'/') ->addSubmitButton('Delete Arcanist Project') ->addCancelButton('/repository/'); diff --git a/src/applications/repository/controller/PhabricatorRepositoryDeleteController.php b/src/applications/repository/controller/PhabricatorRepositoryDeleteController.php index da47f4304d..4e89e68839 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryDeleteController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryDeleteController.php @@ -24,8 +24,7 @@ final class PhabricatorRepositoryDeleteController $dialog = new AphrontDialogView(); $text_1 = pht('If you really want to delete the repository, you must run:'); - $command = 'bin/repository delete '. - phutil_escape_html($repository->getCallsign()); + $command = 'bin/repository delete '.$repository->getCallsign(); $text_2 = pht('Repositories touch many objects and as such deletes are '. 'prohibitively expensive to run from the web UI.'); $body = phutil_tag( diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php index 9ad348ed6b..86a0d10dbc 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php @@ -301,9 +301,9 @@ final class PhabricatorSettingsPanelEmailAddresses ->setUser($user) ->addHiddenInput('verify', $email_id) ->setTitle("Send Another Verification Email?") - ->appendChild( - '

    Send another copy of the verification email to '. - phutil_escape_html($address).'?

    ') + ->appendChild(hsprintf( + '

    Send another copy of the verification email to %s?

    ', + $address)) ->addSubmitButton('Send Email') ->addCancelButton($uri); @@ -342,9 +342,10 @@ final class PhabricatorSettingsPanelEmailAddresses ->setUser($user) ->addHiddenInput('primary', $email_id) ->setTitle("Change primary email address?") - ->appendChild( + ->appendChild(hsprintf( '

    If you change your primary address, Phabricator will send all '. - 'email to '.phutil_escape_html($address).'.

    ') + 'email to %s.

    ', + $address)) ->addSubmitButton('Change Primary Address') ->addCancelButton($uri); diff --git a/src/applications/uiexample/controller/PhabricatorUIExampleRenderController.php b/src/applications/uiexample/controller/PhabricatorUIExampleRenderController.php index 4da5cb002a..f386982964 100644 --- a/src/applications/uiexample/controller/PhabricatorUIExampleRenderController.php +++ b/src/applications/uiexample/controller/PhabricatorUIExampleRenderController.php @@ -43,16 +43,14 @@ final class PhabricatorUIExampleRenderController extends PhabricatorController { require_celerity_resource('phabricator-ui-example-css'); - $nav->appendChild( + $nav->appendChild(hsprintf( '
    '. - '

    '. - phutil_escape_html($example->getName()). - ' ('.get_class($example).')'. - '

    '. - '

    ' - .$example->getDescription(). - '

    '. - '
    '); + '

    %s (%s)

    '. + '

    %s

    '. + '', + $example->getName(), + get_class($example), + $example->getDescription())); $nav->appendChild($result); diff --git a/src/applications/uiexample/examples/PhabricatorActionListExample.php b/src/applications/uiexample/examples/PhabricatorActionListExample.php index 44f6e01791..33df2496b5 100644 --- a/src/applications/uiexample/examples/PhabricatorActionListExample.php +++ b/src/applications/uiexample/examples/PhabricatorActionListExample.php @@ -7,7 +7,8 @@ final class PhabricatorActionListExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use PhabricatorActionListView to render object actions.'; + return hsprintf( + 'Use PhabricatorActionListView to render object actions.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorButtonsExample.php b/src/applications/uiexample/examples/PhabricatorButtonsExample.php index d234bc2308..0a3e57f715 100644 --- a/src/applications/uiexample/examples/PhabricatorButtonsExample.php +++ b/src/applications/uiexample/examples/PhabricatorButtonsExample.php @@ -7,7 +7,7 @@ final class PhabricatorButtonsExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use <button> to render buttons.'; + return hsprintf('Use <button> to render buttons.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorErrorExample.php b/src/applications/uiexample/examples/PhabricatorErrorExample.php index 5f1a1a5cfb..b021c6f7fd 100644 --- a/src/applications/uiexample/examples/PhabricatorErrorExample.php +++ b/src/applications/uiexample/examples/PhabricatorErrorExample.php @@ -7,8 +7,8 @@ final class PhabricatorErrorExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use AphrontErrorView to render errors, warnings and '. - 'notices.'; + return hsprintf( + 'Use AphrontErrorView to render errors, warnings and notices.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorFormExample.php b/src/applications/uiexample/examples/PhabricatorFormExample.php index c045766fa7..ac65b37cd4 100644 --- a/src/applications/uiexample/examples/PhabricatorFormExample.php +++ b/src/applications/uiexample/examples/PhabricatorFormExample.php @@ -7,7 +7,7 @@ final class PhabricatorFormExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use AphrontFormView to render forms.'; + return hsprintf('Use AphrontFormView to render forms.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorPropertyListExample.php b/src/applications/uiexample/examples/PhabricatorPropertyListExample.php index 9ac216d82b..58b751830d 100644 --- a/src/applications/uiexample/examples/PhabricatorPropertyListExample.php +++ b/src/applications/uiexample/examples/PhabricatorPropertyListExample.php @@ -7,8 +7,8 @@ final class PhabricatorPropertyListExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use PhabricatorPropertyListView to render object '. - 'properties.'; + return hsprintf( + 'Use PhabricatorPropertyListView to render object properties.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorTagExample.php b/src/applications/uiexample/examples/PhabricatorTagExample.php index 4461ee11e8..e70a4f3a34 100644 --- a/src/applications/uiexample/examples/PhabricatorTagExample.php +++ b/src/applications/uiexample/examples/PhabricatorTagExample.php @@ -7,7 +7,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use PhabricatorTagView to render various tags.'; + return hsprintf('Use PhabricatorTagView to render various tags.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorTimelineExample.php b/src/applications/uiexample/examples/PhabricatorTimelineExample.php index 68e6878999..ced405e78c 100644 --- a/src/applications/uiexample/examples/PhabricatorTimelineExample.php +++ b/src/applications/uiexample/examples/PhabricatorTimelineExample.php @@ -7,7 +7,8 @@ final class PhabricatorTimelineExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use PhabricatorTimelineView to comments and transactions.'; + return hsprintf( + 'Use PhabricatorTimelineView to comments and transactions.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorUIListFilterExample.php b/src/applications/uiexample/examples/PhabricatorUIListFilterExample.php index 2ca377965a..81ce37b04c 100644 --- a/src/applications/uiexample/examples/PhabricatorUIListFilterExample.php +++ b/src/applications/uiexample/examples/PhabricatorUIListFilterExample.php @@ -7,8 +7,9 @@ final class PhabricatorUIListFilterExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use AphrontListFilterView to layout controls for '. - 'filtering and manipulating lists of objects.'; + return hsprintf( + 'Use AphrontListFilterView to layout controls for filtering '. + 'and manipulating lists of objects.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorUINotificationExample.php b/src/applications/uiexample/examples/PhabricatorUINotificationExample.php index 031bb42c30..429f6c1a12 100644 --- a/src/applications/uiexample/examples/PhabricatorUINotificationExample.php +++ b/src/applications/uiexample/examples/PhabricatorUINotificationExample.php @@ -7,7 +7,7 @@ final class PhabricatorUINotificationExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use JX.Notification to create notifications.'; + return hsprintf('Use JX.Notification to create notifications.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorUIPagerExample.php b/src/applications/uiexample/examples/PhabricatorUIPagerExample.php index aabacecd90..f50a335547 100644 --- a/src/applications/uiexample/examples/PhabricatorUIPagerExample.php +++ b/src/applications/uiexample/examples/PhabricatorUIPagerExample.php @@ -7,8 +7,9 @@ final class PhabricatorUIPagerExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use AphrontPagerView to create a control which allows '. - 'users to paginate through large amounts of content.'; + return hsprintf( + 'Use AphrontPagerView to create a control which allows '. + 'users to paginate through large amounts of content.'); } public function renderExample() { diff --git a/src/applications/uiexample/examples/PhabricatorUITooltipExample.php b/src/applications/uiexample/examples/PhabricatorUITooltipExample.php index 9f806e3516..178b16beb9 100644 --- a/src/applications/uiexample/examples/PhabricatorUITooltipExample.php +++ b/src/applications/uiexample/examples/PhabricatorUITooltipExample.php @@ -7,7 +7,7 @@ final class PhabricatorUITooltipExample extends PhabricatorUIExample { } public function getDescription() { - return 'Use JX.Tooltip to create tooltips.'; + return hsprintf('Use JX.Tooltip to create tooltips.'); } public function renderExample() { diff --git a/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php b/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php index 2fa90c9f01..de792665fb 100644 --- a/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php +++ b/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php @@ -39,12 +39,7 @@ final class PhabricatorInlineSummaryView extends AphrontView { } } - $rows[] = - ''. - ''. - phutil_escape_html($group). - ''. - ''; + $rows[] = hsprintf('%s', $group); foreach ($items as $item) { @@ -88,10 +83,8 @@ final class PhabricatorInlineSummaryView extends AphrontView { $rows[] = ''. ''.$lines.''. - ($has_where ? - ''. - phutil_escape_html($where). - '' + ($has_where + ? hsprintf('%s', $where) : null). ''. '
    '. diff --git a/src/view/AphrontDialogView.php b/src/view/AphrontDialogView.php index e1ebad90c8..04122e0027 100644 --- a/src/view/AphrontDialogView.php +++ b/src/view/AphrontDialogView.php @@ -156,9 +156,7 @@ final class AphrontDialogView extends AphrontView { } $content = - '
    '. - phutil_escape_html($this->title). - '
    '. + hsprintf('
    %s
    ', $this->title). '
    '. $this->renderChildren(). '
    '. diff --git a/src/view/control/PhabricatorObjectSelectorDialog.php b/src/view/control/PhabricatorObjectSelectorDialog.php index db60a6ba7c..1466d4918c 100644 --- a/src/view/control/PhabricatorObjectSelectorDialog.php +++ b/src/view/control/PhabricatorObjectSelectorDialog.php @@ -136,9 +136,9 @@ final class PhabricatorObjectSelectorDialog { $attached_box = '
    '. '
    '. - '
    '. - phutil_escape_html($this->header). - '
    '. + hsprintf( + '
    %s
    ', + $this->header). '
    '. '
    '. $instructions. diff --git a/src/view/layout/PhabricatorProfileHeaderView.php b/src/view/layout/PhabricatorProfileHeaderView.php index f1e9746cf5..ce86f56285 100644 --- a/src/view/layout/PhabricatorProfileHeaderView.php +++ b/src/view/layout/PhabricatorProfileHeaderView.php @@ -47,33 +47,29 @@ final class PhabricatorProfileHeaderView extends AphrontView { ''); } - $description = phutil_escape_html($this->profileDescription); + $description = $this->profileDescription; if ($this->profileStatus != '') { - $description = - ''.phutil_escape_html($this->profileStatus).''. - ($description != '' ? ' — ' : ''). - $description; + $description = hsprintf( + '%s%s', + $this->profileStatus, + ($description != '' ? "\xE2\x80\x94".$description : '')); } - return + return hsprintf( ' - - - + + + - + -
    '. - phutil_escape_html($this->profileName). - ''. - self::renderSingleView($this->profileActions). - ''. - $image. - '%s%s%s
    '. - $description. - '%s
    '. + ', + $this->profileName, + phutil_safe_html(self::renderSingleView($this->profileActions)), + $image, + $description). $this->renderChildren(); } } diff --git a/src/view/page/AphrontRequestFailureView.php b/src/view/page/AphrontRequestFailureView.php index bba198accb..026f3d8b61 100644 --- a/src/view/page/AphrontRequestFailureView.php +++ b/src/view/page/AphrontRequestFailureView.php @@ -16,7 +16,7 @@ final class AphrontRequestFailureView extends AphrontView { return '
    '. '
    '. - '

    '.phutil_escape_html($this->header).'

    '. + phutil_tag('h1', array(), $this->header). '
    '. '
    '. $this->renderChildren().