MediaWiki  master
Sanitizer.php
Go to the documentation of this file.
1 <?php
28 use Wikimedia\RemexHtml\HTMLData;
29 use Wikimedia\RemexHtml\Tokenizer\Tokenizer as RemexTokenizer;
30 
35 class Sanitizer {
42  private const CHAR_REFS_REGEX =
43  '/&([A-Za-z0-9\x80-\xff]+;)
44  |&\#([0-9]+);
45  |&\#[xX]([0-9A-Fa-f]+);
46  |(&)/x';
47 
52  private const ELEMENT_BITS_REGEX = '!^(/?)([A-Za-z][^\t\n\v />\0]*+)([^>]*?)(/?>)([^<]*)$!';
53 
63  private const EVIL_URI_PATTERN = '!(^|\s|\*/\s*)(javascript|vbscript)([^\w]|$)!i';
64  private const XMLNS_ATTRIBUTE_PATTERN = "/^xmlns:[:A-Z_a-z-.0-9]+$/";
65 
71  public const ID_PRIMARY = 0;
72 
79  public const ID_FALLBACK = 1;
80 
85  private const MW_ENTITY_ALIASES = [
86  'רלמ;' => 'rlm;',
87  'رلم;' => 'rlm;',
88  ];
89 
93  private static $attribsRegex;
94 
101  private static function getAttribsRegex() {
102  if ( self::$attribsRegex === null ) {
103  $spaceChars = '\x09\x0a\x0c\x0d\x20';
104  $space = "[{$spaceChars}]";
105  $attrib = "[^{$spaceChars}\/>=]";
106  $attribFirst = "(?:{$attrib}|=)";
107  self::$attribsRegex =
108  "/({$attribFirst}{$attrib}*)
109  ($space*=$space*
110  (?:
111  # The attribute value: quoted or alone
112  \"([^\"]*)(?:\"|\$)
113  | '([^']*)(?:'|\$)
114  | (((?!$space|>).)*)
115  )
116  )?/sxu";
117  }
118  return self::$attribsRegex;
119  }
120 
124  private static $attribNameRegex;
125 
130  private static function getAttribNameRegex() {
131  if ( self::$attribNameRegex === null ) {
132  $attribFirst = "[:_\p{L}\p{N}]";
133  $attrib = "[:_\.\-\p{L}\p{N}]";
134  self::$attribNameRegex = "/^({$attribFirst}{$attrib}*)$/sxu";
135  }
136  return self::$attribNameRegex;
137  }
138 
145  public static function getRecognizedTagData( $extratags = [], $removetags = [] ) {
146  global $wgAllowImageTag;
147 
148  static $htmlpairsStatic, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags,
149  $htmllist, $listtags, $htmlsingleallowed, $htmlelementsStatic, $staticInitialised;
150 
151  // Base our staticInitialised variable off of the global config state so that if the globals
152  // are changed (like in the screwed up test system) we will re-initialise the settings.
153  $globalContext = $wgAllowImageTag;
154  if ( !$staticInitialised || $staticInitialised != $globalContext ) {
155  $htmlpairsStatic = [ # Tags that must be closed
156  'b', 'bdi', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1',
157  'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's',
158  'strike', 'strong', 'tt', 'var', 'div', 'center',
159  'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre',
160  'ruby', 'rb', 'rp', 'rt', 'rtc', 'p', 'span', 'abbr', 'dfn',
161  'kbd', 'samp', 'data', 'time', 'mark'
162  ];
163  $htmlsingle = [
164  'br', 'wbr', 'hr', 'li', 'dt', 'dd', 'meta', 'link'
165  ];
166 
167  # Elements that cannot have close tags. This is (not coincidentally)
168  # also the list of tags for which the HTML 5 parsing algorithm
169  # requires you to "acknowledge the token's self-closing flag", i.e.
170  # a self-closing tag like <br/> is not an HTML 5 parse error only
171  # for this list.
172  $htmlsingleonly = [
173  'br', 'wbr', 'hr', 'meta', 'link'
174  ];
175 
176  $htmlnest = [ # Tags that can be nested--??
177  'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul',
178  'li', 'dl', 'dt', 'dd', 'font', 'big', 'small', 'sub', 'sup', 'span',
179  'var', 'kbd', 'samp', 'em', 'strong', 'q', 'ruby', 'bdo'
180  ];
181  $tabletags = [ # Can only appear inside table, we will close them
182  'td', 'th', 'tr',
183  ];
184  $htmllist = [ # Tags used by list
185  'ul', 'ol',
186  ];
187  $listtags = [ # Tags that can appear in a list
188  'li',
189  ];
190 
191  if ( $wgAllowImageTag ) {
192  wfDeprecatedMsg( 'Setting $wgAllowImageTag to true ' .
193  'is deprecated since MediaWiki 1.35', '1.35', false, false );
194  $htmlsingle[] = 'img';
195  $htmlsingleonly[] = 'img';
196  }
197 
198  $htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) );
199  $htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) );
200 
201  # Convert them all to hashtables for faster lookup
202  $vars = [ 'htmlpairsStatic', 'htmlsingle', 'htmlsingleonly', 'htmlnest', 'tabletags',
203  'htmllist', 'listtags', 'htmlsingleallowed', 'htmlelementsStatic' ];
204  foreach ( $vars as $var ) {
205  $$var = array_fill_keys( $$var, true );
206  }
207  $staticInitialised = $globalContext;
208  }
209 
210  # Populate $htmlpairs and $htmlelements with the $extratags and $removetags arrays
211  $extratags = array_fill_keys( $extratags, true );
212  $removetags = array_fill_keys( $removetags, true );
213  $htmlpairs = array_merge( $extratags, $htmlpairsStatic );
214  $htmlelements = array_diff_key( array_merge( $extratags, $htmlelementsStatic ), $removetags );
215 
216  return [
217  'htmlpairs' => $htmlpairs,
218  'htmlsingle' => $htmlsingle,
219  'htmlsingleonly' => $htmlsingleonly,
220  'htmlnest' => $htmlnest,
221  'tabletags' => $tabletags,
222  'htmllist' => $htmllist,
223  'listtags' => $listtags,
224  'htmlsingleallowed' => $htmlsingleallowed,
225  'htmlelements' => $htmlelements,
226  ];
227  }
228 
240  public static function removeHTMLtags( $text, $processCallback = null,
241  $args = [], $extratags = [], $removetags = []
242  ) {
243  $tagData = self::getRecognizedTagData( $extratags, $removetags );
244  $htmlpairs = $tagData['htmlpairs'];
245  $htmlsingle = $tagData['htmlsingle'];
246  $htmlsingleonly = $tagData['htmlsingleonly'];
247  $htmlnest = $tagData['htmlnest'];
248  $tabletags = $tagData['tabletags'];
249  $htmllist = $tagData['htmllist'];
250  $listtags = $tagData['listtags'];
251  $htmlsingleallowed = $tagData['htmlsingleallowed'];
252  $htmlelements = $tagData['htmlelements'];
253 
254  # Remove HTML comments
255  $text = self::removeHTMLcomments( $text );
256  $bits = explode( '<', $text );
257  $text = str_replace( '>', '&gt;', array_shift( $bits ) );
258 
259  # this might be possible using remex tidy itself
260  foreach ( $bits as $x ) {
261  if ( preg_match( self::ELEMENT_BITS_REGEX, $x, $regs ) ) {
262  list( /* $qbar */, $slash, $t, $params, $brace, $rest ) = $regs;
263 
264  $badtag = false;
265  $t = strtolower( $t );
266  if ( isset( $htmlelements[$t] ) ) {
267  if ( is_callable( $processCallback ) ) {
268  call_user_func_array( $processCallback, [ &$params, $args ] );
269  }
270 
271  if ( $brace == '/>' && !( isset( $htmlsingle[$t] ) || isset( $htmlsingleonly[$t] ) ) ) {
272  // Remove the self-closing slash, to be consistent
273  // with HTML5 semantics. T134423
274  $brace = '>';
275  }
276  if ( !self::validateTag( $params, $t ) ) {
277  $badtag = true;
278  }
279 
280  $newparams = self::fixTagAttributes( $params, $t );
281  if ( !$badtag ) {
282  if ( $brace === '/>' && !isset( $htmlsingleonly[$t] ) ) {
283  # Interpret self-closing tags as empty tags even when
284  # HTML 5 would interpret them as start tags. Such input
285  # is commonly seen on Wikimedia wikis with this intention.
286  $brace = "></$t>";
287  }
288 
289  $rest = str_replace( '>', '&gt;', $rest );
290  $text .= "<$slash$t$newparams$brace$rest";
291  continue;
292  }
293  }
294  }
295  $text .= '&lt;' . str_replace( '>', '&gt;', $x );
296  }
297  return $text;
298  }
299 
309  public static function removeHTMLcomments( $text ) {
310  while ( ( $start = strpos( $text, '<!--' ) ) !== false ) {
311  $end = strpos( $text, '-->', $start + 4 );
312  if ( $end === false ) {
313  # Unterminated comment; bail out
314  break;
315  }
316 
317  $end += 3;
318 
319  # Trim space and newline if the comment is both
320  # preceded and followed by a newline
321  $spaceStart = max( $start - 1, 0 );
322  $spaceLen = $end - $spaceStart;
323  while ( substr( $text, $spaceStart, 1 ) === ' ' && $spaceStart > 0 ) {
324  $spaceStart--;
325  $spaceLen++;
326  }
327  while ( substr( $text, $spaceStart + $spaceLen, 1 ) === ' ' ) {
328  $spaceLen++;
329  }
330  if ( substr( $text, $spaceStart, 1 ) === "\n"
331  && substr( $text, $spaceStart + $spaceLen, 1 ) === "\n" ) {
332  # Remove the comment, leading and trailing
333  # spaces, and leave only one newline.
334  $text = substr_replace( $text, "\n", $spaceStart, $spaceLen + 1 );
335  } else {
336  # Remove just the comment.
337  $text = substr_replace( $text, '', $start, $end - $start );
338  }
339  }
340  return $text;
341  }
342 
355  private static function validateTag( $params, $element ) {
356  $params = self::decodeTagAttributes( $params );
357 
358  if ( $element == 'meta' || $element == 'link' ) {
359  if ( !isset( $params['itemprop'] ) ) {
360  // <meta> and <link> must have an itemprop="" otherwise they are not valid or safe in content
361  return false;
362  }
363  if ( $element == 'meta' && !isset( $params['content'] ) ) {
364  // <meta> must have a content="" for the itemprop
365  return false;
366  }
367  if ( $element == 'link' && !isset( $params['href'] ) ) {
368  // <link> must have an associated href=""
369  return false;
370  }
371  }
372 
373  return true;
374  }
375 
391  public static function validateTagAttributes( $attribs, $element ) {
392  return self::validateAttributes( $attribs,
393  self::attributesAllowedInternal( $element ) );
394  }
395 
414  public static function validateAttributes( $attribs, $allowed ) {
415  if ( isset( $allowed[0] ) ) {
416  // Calling this function with a sequential array is
417  // deprecated. For now just convert it.
418  wfDeprecated( __METHOD__ . ' with sequential array', '1.35' );
419  $allowed = array_fill_keys( $allowed, true );
420  }
421  $hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
422 
423  $out = [];
424  foreach ( $attribs as $attribute => $value ) {
425  # Allow XML namespace declaration to allow RDFa
426  if ( preg_match( self::XMLNS_ATTRIBUTE_PATTERN, $attribute ) ) {
427  if ( !preg_match( self::EVIL_URI_PATTERN, $value ) ) {
428  $out[$attribute] = $value;
429  }
430 
431  continue;
432  }
433 
434  # Allow any attribute beginning with "data-"
435  # However:
436  # * Disallow data attributes used by MediaWiki code
437  # * Ensure that the attribute is not namespaced by banning
438  # colons.
439  if ( (
440  !preg_match( '/^data-[^:]*$/i', $attribute ) &&
441  !array_key_exists( $attribute, $allowed )
442  ) || self::isReservedDataAttribute( $attribute ) ) {
443  continue;
444  }
445 
446  # Strip javascript "expression" from stylesheets.
447  # https://msdn.microsoft.com/en-us/library/ms537634.aspx
448  if ( $attribute == 'style' ) {
449  $value = self::checkCss( $value );
450  }
451 
452  # Escape HTML id attributes
453  if ( $attribute === 'id' ) {
454  $value = self::escapeIdForAttribute( $value, self::ID_PRIMARY );
455  }
456 
457  # Escape HTML id reference lists
458  if ( $attribute === 'aria-describedby'
459  || $attribute === 'aria-flowto'
460  || $attribute === 'aria-labelledby'
461  || $attribute === 'aria-owns'
462  ) {
463  $value = self::escapeIdReferenceListInternal( $value );
464  }
465 
466  // RDFa and microdata properties allow URLs, URIs and/or CURIs.
467  // Check them for sanity.
468  if ( $attribute === 'rel' || $attribute === 'rev'
469  # RDFa
470  || $attribute === 'about' || $attribute === 'property'
471  || $attribute === 'resource' || $attribute === 'datatype'
472  || $attribute === 'typeof'
473  # HTML5 microdata
474  || $attribute === 'itemid' || $attribute === 'itemprop'
475  || $attribute === 'itemref' || $attribute === 'itemscope'
476  || $attribute === 'itemtype'
477  ) {
478  // Paranoia. Allow "simple" values but suppress javascript
479  if ( preg_match( self::EVIL_URI_PATTERN, $value ) ) {
480  continue;
481  }
482  }
483 
484  # NOTE: even though elements using href/src are not allowed directly, supply
485  # validation code that can be used by tag hook handlers, etc
486  if ( $attribute === 'href' || $attribute === 'src' || $attribute === 'poster' ) {
487  if ( !preg_match( $hrefExp, $value ) ) {
488  continue; // drop any href or src attributes not using an allowed protocol.
489  // NOTE: this also drops all relative URLs
490  }
491  }
492 
493  if ( $attribute === 'tabindex' && $value !== '0' ) {
494  // Only allow tabindex of 0, which is useful for accessibility.
495  continue;
496  }
497 
498  // If this attribute was previously set, override it.
499  // Output should only have one attribute of each name.
500  $out[$attribute] = $value;
501  }
502 
503  # itemtype, itemid, itemref don't make sense without itemscope
504  if ( !array_key_exists( 'itemscope', $out ) ) {
505  unset( $out['itemtype'] );
506  unset( $out['itemid'] );
507  unset( $out['itemref'] );
508  }
509  # TODO: Strip itemprop if we aren't descendants of an itemscope or pointed to by an itemref.
510 
511  return $out;
512  }
513 
521  public static function isReservedDataAttribute( $attr ) {
522  // data-ooui is reserved for ooui.
523  // data-mw and data-parsoid are reserved for parsoid.
524  // data-mw-<name here> is reserved for extensions (or core) if
525  // they need to communicate some data to the client and want to be
526  // sure that it isn't coming from an untrusted user.
527  // We ignore the possibility of namespaces since user-generated HTML
528  // can't use them anymore.
529  return (bool)preg_match( '/^data-(ooui|mw|parsoid)/i', $attr );
530  }
531 
542  public static function mergeAttributes( $a, $b ) {
543  $out = array_merge( $a, $b );
544  if ( isset( $a['class'] ) && isset( $b['class'] )
545  && is_string( $a['class'] ) && is_string( $b['class'] )
546  && $a['class'] !== $b['class']
547  ) {
548  $classes = preg_split( '/\s+/', "{$a['class']} {$b['class']}",
549  -1, PREG_SPLIT_NO_EMPTY );
550  $out['class'] = implode( ' ', array_unique( $classes ) );
551  }
552  return $out;
553  }
554 
563  public static function normalizeCss( $value ) {
564  // Decode character references like &#123;
565  $value = self::decodeCharReferences( $value );
566 
567  // Decode escape sequences and line continuation
568  // See the grammar in the CSS 2 spec, appendix D.
569  // This has to be done AFTER decoding character references.
570  // This means it isn't possible for this function to return
571  // unsanitized escape sequences. It is possible to manufacture
572  // input that contains character references that decode to
573  // escape sequences that decode to character references, but
574  // it's OK for the return value to contain character references
575  // because the caller is supposed to escape those anyway.
576  static $decodeRegex;
577  if ( !$decodeRegex ) {
578  $space = '[\\x20\\t\\r\\n\\f]';
579  $nl = '(?:\\n|\\r\\n|\\r|\\f)';
580  $backslash = '\\\\';
581  $decodeRegex = "/ $backslash
582  (?:
583  ($nl) | # 1. Line continuation
584  ([0-9A-Fa-f]{1,6})$space? | # 2. character number
585  (.) | # 3. backslash cancelling special meaning
586  () | # 4. backslash at end of string
587  )/xu";
588  }
589  $value = preg_replace_callback( $decodeRegex,
590  [ __CLASS__, 'cssDecodeCallback' ], $value );
591 
592  // Let the value through if it's nothing but a single comment, to
593  // allow other functions which may reject it to pass some error
594  // message through.
595  if ( !preg_match( '! ^ \s* /\* [^*\\/]* \*/ \s* $ !x', $value ) ) {
596  // Remove any comments; IE gets token splitting wrong
597  // This must be done AFTER decoding character references and
598  // escape sequences, because those steps can introduce comments
599  // This step cannot introduce character references or escape
600  // sequences, because it replaces comments with spaces rather
601  // than removing them completely.
602  $value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value );
603 
604  // Remove anything after a comment-start token, to guard against
605  // incorrect client implementations.
606  $commentPos = strpos( $value, '/*' );
607  if ( $commentPos !== false ) {
608  $value = substr( $value, 0, $commentPos );
609  }
610  }
611 
612  return $value;
613  }
614 
633  public static function checkCss( $value ) {
634  $value = self::normalizeCss( $value );
635 
636  // Reject problematic keywords and control characters
637  if ( preg_match( '/[\000-\010\013\016-\037\177]/', $value ) ||
638  strpos( $value, UtfNormal\Constants::UTF8_REPLACEMENT ) !== false ) {
639  return '/* invalid control char */';
640  } elseif ( preg_match(
641  '! expression
642  | filter\s*:
643  | accelerator\s*:
644  | -o-link\s*:
645  | -o-link-source\s*:
646  | -o-replace\s*:
647  | url\s*\‍(
648  | image\s*\‍(
649  | image-set\s*\‍(
650  | attr\s*\‍([^)]+[\s,]+url
651  | var\s*\‍(
652  !ix', $value ) ) {
653  return '/* insecure input */';
654  }
655  return $value;
656  }
657 
662  private static function cssDecodeCallback( $matches ) {
663  if ( $matches[1] !== '' ) {
664  // Line continuation
665  return '';
666  } elseif ( $matches[2] !== '' ) {
667  $char = UtfNormal\Utils::codepointToUtf8( hexdec( $matches[2] ) );
668  } elseif ( $matches[3] !== '' ) {
669  $char = $matches[3];
670  } else {
671  $char = '\\';
672  }
673  if ( $char == "\n" || $char == '"' || $char == "'" || $char == '\\' ) {
674  // These characters need to be escaped in strings
675  // Clean up the escape sequence to avoid parsing errors by clients
676  return '\\' . dechex( ord( $char ) ) . ' ';
677  } else {
678  // Decode unnecessary escape
679  return $char;
680  }
681  }
682 
704  public static function fixTagAttributes( $text, $element, $sorted = false ) {
705  if ( trim( $text ) == '' ) {
706  return '';
707  }
708 
709  $decoded = self::decodeTagAttributes( $text );
710  $stripped = self::validateTagAttributes( $decoded, $element );
711 
712  if ( $sorted ) {
713  ksort( $stripped );
714  }
715 
716  return self::safeEncodeTagAttributes( $stripped );
717  }
718 
724  public static function encodeAttribute( $text ) {
725  $encValue = htmlspecialchars( $text, ENT_QUOTES );
726 
727  // Whitespace is normalized during attribute decoding,
728  // so if we've been passed non-spaces we must encode them
729  // ahead of time or they won't be preserved.
730  $encValue = strtr( $encValue, [
731  "\n" => '&#10;',
732  "\r" => '&#13;',
733  "\t" => '&#9;',
734  ] );
735 
736  return $encValue;
737  }
738 
747  public static function armorFrenchSpaces( $text, $space = '&#160;' ) {
748  // Replace $ with \$ and \ with \\
749  $space = preg_replace( '#(?<!\\\\‍)(\\$|\\\\‍)#', '\\\\$1', $space );
750  $fixtags = [
751  # French spaces, last one Guillemet-left
752  # only if it isn't followed by a word character.
753  '/ (?=[?:;!%»›](?!\w))/u' => "$space",
754  # French spaces, Guillemet-right
755  '/([«‹]) /u' => "\\1$space",
756  ];
757  return preg_replace( array_keys( $fixtags ), array_values( $fixtags ), $text );
758  }
759 
766  public static function safeEncodeAttribute( $text ) {
767  $encValue = self::encodeAttribute( $text );
768 
769  # Templates and links may be expanded in later parsing,
770  # creating invalid or dangerous output. Suppress this.
771  $encValue = strtr( $encValue, [
772  '<' => '&lt;', // This should never happen,
773  '>' => '&gt;', // we've received invalid input
774  '"' => '&quot;', // which should have been escaped.
775  '{' => '&#123;',
776  '}' => '&#125;', // prevent unpaired language conversion syntax
777  '[' => '&#91;',
778  ']' => '&#93;',
779  "''" => '&#39;&#39;',
780  'ISBN' => '&#73;SBN',
781  'RFC' => '&#82;FC',
782  'PMID' => '&#80;MID',
783  '|' => '&#124;',
784  '__' => '&#95;_',
785  ] );
786 
787  # Stupid hack
788  $encValue = preg_replace_callback(
789  '/((?i)' . wfUrlProtocols() . ')/',
790  static function ( $matches ) {
791  return str_replace( ':', '&#58;', $matches[1] );
792  },
793  $encValue );
794  return $encValue;
795  }
796 
812  public static function escapeIdForAttribute( $id, $mode = self::ID_PRIMARY ) {
813  global $wgFragmentMode;
814 
815  if ( !isset( $wgFragmentMode[$mode] ) ) {
816  if ( $mode === self::ID_PRIMARY ) {
817  throw new UnexpectedValueException( '$wgFragmentMode is configured with no primary mode' );
818  }
819  return false;
820  }
821 
822  $internalMode = $wgFragmentMode[$mode];
823 
824  return self::escapeIdInternal( $id, $internalMode );
825  }
826 
839  public static function escapeIdForLink( $id ) {
840  global $wgFragmentMode;
841 
842  if ( !isset( $wgFragmentMode[self::ID_PRIMARY] ) ) {
843  throw new UnexpectedValueException( '$wgFragmentMode is configured with no primary mode' );
844  }
845 
847 
848  $id = self::escapeIdInternalUrl( $id, $mode );
849 
850  return $id;
851  }
852 
862  public static function escapeIdForExternalInterwiki( $id ) {
864 
866 
867  return $id;
868  }
869 
879  private static function escapeIdInternalUrl( $id, $mode ) {
880  $id = self::escapeIdInternal( $id, $mode );
881  if ( $mode === 'html5' ) {
882  $id = preg_replace( '/%([a-fA-F0-9]{2})/', '%25$1', $id );
883  }
884  return $id;
885  }
886 
894  private static function escapeIdInternal( $id, $mode ) {
895  // Truncate overly-long IDs. This isn't an HTML limit, it's just
896  // griefer protection. [T251506]
897  $id = mb_substr( $id, 0, 1024 );
898 
899  switch ( $mode ) {
900  case 'html5':
901  // html5 spec says ids must not have any of the following:
902  // U+0009 TAB, U+000A LF, U+000C FF, U+000D CR, or U+0020 SPACE
903  // In practice, in wikitext, only tab, LF, CR (and SPACE) are
904  // possible using either Lua or html entities.
905  $id = str_replace( [ "\t", "\n", "\f", "\r", " " ], '_', $id );
906  break;
907  case 'legacy':
908  // This corresponds to 'noninitial' mode of the former escapeId()
909  static $replace = [
910  '%3A' => ':',
911  '%' => '.'
912  ];
913 
914  $id = urlencode( str_replace( ' ', '_', $id ) );
915  $id = strtr( $id, $replace );
916  break;
917  default:
918  throw new InvalidArgumentException( "Invalid mode '$mode' passed to '" . __METHOD__ );
919  }
920 
921  return $id;
922  }
923 
934  public static function escapeIdReferenceList( $referenceString ) {
935  wfDeprecated( __METHOD__, '1.36' );
936  return self::escapeIdReferenceListInternal( $referenceString );
937  }
938 
946  private static function escapeIdReferenceListInternal( $referenceString ) {
947  # Explode the space delimited list string into an array of tokens
948  $references = preg_split( '/\s+/', "{$referenceString}", -1, PREG_SPLIT_NO_EMPTY );
949 
950  # Escape each token as an id
951  foreach ( $references as &$ref ) {
952  $ref = self::escapeIdForAttribute( $ref );
953  }
954 
955  # Merge the array back to a space delimited list string
956  # If the array is empty, the result will be an empty string ('')
957  $referenceString = implode( ' ', $references );
958 
959  return $referenceString;
960  }
961 
973  public static function escapeClass( $class ) {
974  // Convert ugly stuff to underscores and kill underscores in ugly places
975  return rtrim( preg_replace(
976  [ '/(^[0-9\\-])|[\\x00-\\x20!"#$%&\'()*+,.\\/:;<=>?@[\\]^`{|}~]|\\xC2\\xA0/', '/_+/' ],
977  '_',
978  $class ), '_' );
979  }
980 
988  public static function escapeHtmlAllowEntities( $html ) {
989  $html = self::decodeCharReferences( $html );
990  # It seems wise to escape ' as well as ", as a matter of course. Can't
991  # hurt. Use ENT_SUBSTITUTE so that incorrectly truncated multibyte characters
992  # don't cause the entire string to disappear.
993  $html = htmlspecialchars( $html, ENT_QUOTES | ENT_SUBSTITUTE );
994  return $html;
995  }
996 
1005  public static function decodeTagAttributes( $text ) {
1006  if ( trim( $text ) == '' ) {
1007  return [];
1008  }
1009 
1010  $pairs = [];
1011  if ( !preg_match_all(
1012  self::getAttribsRegex(),
1013  $text,
1014  $pairs,
1015  PREG_SET_ORDER ) ) {
1016  return [];
1017  }
1018 
1019  $attribs = [];
1020  foreach ( $pairs as $set ) {
1021  $attribute = strtolower( $set[1] );
1022 
1023  // Filter attribute names with unacceptable characters
1024  if ( !preg_match( self::getAttribNameRegex(), $attribute ) ) {
1025  continue;
1026  }
1027 
1028  $value = self::getTagAttributeCallback( $set );
1029 
1030  // Normalize whitespace
1031  $value = preg_replace( '/[\t\r\n ]+/', ' ', $value );
1032  $value = trim( $value );
1033 
1034  // Decode character references
1035  $attribs[$attribute] = self::decodeCharReferences( $value );
1036  }
1037  return $attribs;
1038  }
1039 
1047  public static function safeEncodeTagAttributes( $assoc_array ) {
1048  $attribs = [];
1049  foreach ( $assoc_array as $attribute => $value ) {
1050  $encAttribute = htmlspecialchars( $attribute );
1051  $encValue = self::safeEncodeAttribute( $value );
1052 
1053  $attribs[] = "$encAttribute=\"$encValue\"";
1054  }
1055  return count( $attribs ) ? ' ' . implode( ' ', $attribs ) : '';
1056  }
1057 
1066  private static function getTagAttributeCallback( $set ) {
1067  if ( isset( $set[5] ) ) {
1068  # No quotes.
1069  return $set[5];
1070  } elseif ( isset( $set[4] ) ) {
1071  # Single-quoted
1072  return $set[4];
1073  } elseif ( isset( $set[3] ) ) {
1074  # Double-quoted
1075  return $set[3];
1076  } elseif ( !isset( $set[2] ) ) {
1077  # In XHTML, attributes must have a value so return an empty string.
1078  # See "Empty attribute syntax",
1079  # https://www.w3.org/TR/html5/syntax.html#syntax-attribute-name
1080  return "";
1081  } else {
1082  throw new MWException( "Tag conditions not met. This should never happen and is a bug." );
1083  }
1084  }
1085 
1090  private static function normalizeWhitespace( $text ) {
1091  return trim( preg_replace(
1092  '/(?:\r\n|[\x20\x0d\x0a\x09])+/',
1093  ' ',
1094  $text ) );
1095  }
1096 
1105  public static function normalizeSectionNameWhitespace( $section ) {
1106  return trim( preg_replace( '/[ _]+/', ' ', $section ) );
1107  }
1108 
1124  public static function normalizeCharReferences( $text ) {
1125  return preg_replace_callback(
1126  self::CHAR_REFS_REGEX,
1127  [ self::class, 'normalizeCharReferencesCallback' ],
1128  $text );
1129  }
1130 
1135  private static function normalizeCharReferencesCallback( $matches ) {
1136  $ret = null;
1137  if ( $matches[1] != '' ) {
1138  $ret = self::normalizeEntity( $matches[1] );
1139  } elseif ( $matches[2] != '' ) {
1140  $ret = self::decCharReference( $matches[2] );
1141  } elseif ( $matches[3] != '' ) {
1142  $ret = self::hexCharReference( $matches[3] );
1143  }
1144  if ( $ret === null ) {
1145  return htmlspecialchars( $matches[0] );
1146  } else {
1147  return $ret;
1148  }
1149  }
1150 
1161  private static function normalizeEntity( $name ) {
1162  if ( isset( self::MW_ENTITY_ALIASES[$name] ) ) {
1163  // Non-standard MediaWiki-specific entities
1164  return '&' . self::MW_ENTITY_ALIASES[$name];
1165  } elseif ( in_array( $name, [ 'lt;', 'gt;', 'amp;', 'quot;' ], true ) ) {
1166  // Keep these in word form
1167  return "&$name";
1168  } elseif ( isset( HTMLData::$namedEntityTranslations[$name] ) ) {
1169  // Beware: some entities expand to more than 1 codepoint
1170  return preg_replace_callback( '/./Ssu', static function ( $m ) {
1171  return '&#' . UtfNormal\Utils::utf8ToCodepoint( $m[0] ) . ';';
1172  }, HTMLData::$namedEntityTranslations[$name] );
1173  } else {
1174  return "&amp;$name";
1175  }
1176  }
1177 
1182  private static function decCharReference( $codepoint ) {
1183  $point = intval( $codepoint );
1184  if ( self::validateCodepoint( $point ) ) {
1185  return sprintf( '&#%d;', $point );
1186  } else {
1187  return null;
1188  }
1189  }
1190 
1195  private static function hexCharReference( $codepoint ) {
1196  $point = hexdec( $codepoint );
1197  if ( self::validateCodepoint( $point ) ) {
1198  return sprintf( '&#x%x;', $point );
1199  } else {
1200  return null;
1201  }
1202  }
1203 
1210  private static function validateCodepoint( $codepoint ) {
1211  # U+000C is valid in HTML5 but not allowed in XML.
1212  # U+000D is valid in XML but not allowed in HTML5.
1213  # U+007F - U+009F are disallowed in HTML5 (control characters).
1214  return $codepoint == 0x09
1215  || $codepoint == 0x0a
1216  || ( $codepoint >= 0x20 && $codepoint <= 0x7e )
1217  || ( $codepoint >= 0xa0 && $codepoint <= 0xd7ff )
1218  || ( $codepoint >= 0xe000 && $codepoint <= 0xfffd )
1219  || ( $codepoint >= 0x10000 && $codepoint <= 0x10ffff );
1220  }
1221 
1229  public static function decodeCharReferences( $text ) {
1230  return preg_replace_callback(
1231  self::CHAR_REFS_REGEX,
1232  [ self::class, 'decodeCharReferencesCallback' ],
1233  $text );
1234  }
1235 
1246  public static function decodeCharReferencesAndNormalize( $text ) {
1247  $text = preg_replace_callback(
1248  self::CHAR_REFS_REGEX,
1249  [ self::class, 'decodeCharReferencesCallback' ],
1250  $text,
1251  -1, // limit
1252  $count
1253  );
1254 
1255  if ( $count ) {
1256  return MediaWikiServices::getInstance()->getContentLanguage()->normalize( $text );
1257  } else {
1258  return $text;
1259  }
1260  }
1261 
1266  private static function decodeCharReferencesCallback( $matches ) {
1267  if ( $matches[1] != '' ) {
1268  return self::decodeEntity( $matches[1] );
1269  } elseif ( $matches[2] != '' ) {
1270  return self::decodeChar( intval( $matches[2] ) );
1271  } elseif ( $matches[3] != '' ) {
1272  return self::decodeChar( hexdec( $matches[3] ) );
1273  }
1274  # Last case should be an ampersand by itself
1275  return $matches[0];
1276  }
1277 
1285  private static function decodeChar( $codepoint ) {
1286  if ( self::validateCodepoint( $codepoint ) ) {
1287  return UtfNormal\Utils::codepointToUtf8( $codepoint );
1288  } else {
1289  return UtfNormal\Constants::UTF8_REPLACEMENT;
1290  }
1291  }
1292 
1301  private static function decodeEntity( $name ) {
1302  // These are MediaWiki-specific entities, not in the HTML standard
1303  if ( isset( self::MW_ENTITY_ALIASES[$name] ) ) {
1304  $name = self::MW_ENTITY_ALIASES[$name];
1305  }
1306  $trans = HTMLData::$namedEntityTranslations[$name] ?? null;
1307  return $trans ?? "&$name";
1308  }
1309 
1317  private static function attributesAllowedInternal( $element ) {
1319  return $list[$element] ?? [];
1320  }
1321 
1329  private static function setupAttributesAllowedInternal() {
1330  static $allowed;
1331 
1332  if ( $allowed !== null ) {
1333  return $allowed;
1334  }
1335 
1336  // For lookup efficiency flip each attributes array so the keys are
1337  // the valid attributes.
1338  $merge = static function ( $a, $b, $c = [] ) {
1339  return array_merge(
1340  $a,
1341  array_fill_keys( $b, true ),
1342  array_fill_keys( $c, true ) );
1343  };
1344  $common = $merge( [], [
1345  # HTML
1346  'id',
1347  'class',
1348  'style',
1349  'lang',
1350  'dir',
1351  'title',
1352  'tabindex',
1353 
1354  # WAI-ARIA
1355  'aria-describedby',
1356  'aria-flowto',
1357  'aria-hidden',
1358  'aria-label',
1359  'aria-labelledby',
1360  'aria-owns',
1361  'role',
1362 
1363  # RDFa
1364  # These attributes are specified in section 9 of
1365  # https://www.w3.org/TR/2008/REC-rdfa-syntax-20081014
1366  'about',
1367  'property',
1368  'resource',
1369  'datatype',
1370  'typeof',
1371 
1372  # Microdata. These are specified by
1373  # https://html.spec.whatwg.org/multipage/microdata.html#the-microdata-model
1374  'itemid',
1375  'itemprop',
1376  'itemref',
1377  'itemscope',
1378  'itemtype',
1379  ] );
1380 
1381  $block = $merge( $common, [ 'align' ] );
1382 
1383  $tablealign = [ 'align', 'valign' ];
1384  $tablecell = [
1385  'abbr',
1386  'axis',
1387  'headers',
1388  'scope',
1389  'rowspan',
1390  'colspan',
1391  'nowrap', # deprecated
1392  'width', # deprecated
1393  'height', # deprecated
1394  'bgcolor', # deprecated
1395  ];
1396 
1397  # Numbers refer to sections in HTML 4.01 standard describing the element.
1398  # See: https://www.w3.org/TR/html4/
1399  $allowed = [
1400  # 7.5.4
1401  'div' => $block,
1402  'center' => $common, # deprecated
1403  'span' => $common,
1404 
1405  # 7.5.5
1406  'h1' => $block,
1407  'h2' => $block,
1408  'h3' => $block,
1409  'h4' => $block,
1410  'h5' => $block,
1411  'h6' => $block,
1412 
1413  # 7.5.6
1414  # address
1415 
1416  # 8.2.4
1417  'bdo' => $common,
1418 
1419  # 9.2.1
1420  'em' => $common,
1421  'strong' => $common,
1422  'cite' => $common,
1423  'dfn' => $common,
1424  'code' => $common,
1425  'samp' => $common,
1426  'kbd' => $common,
1427  'var' => $common,
1428  'abbr' => $common,
1429  # acronym
1430 
1431  # 9.2.2
1432  'blockquote' => $merge( $common, [ 'cite' ] ),
1433  'q' => $merge( $common, [ 'cite' ] ),
1434 
1435  # 9.2.3
1436  'sub' => $common,
1437  'sup' => $common,
1438 
1439  # 9.3.1
1440  'p' => $block,
1441 
1442  # 9.3.2
1443  'br' => $merge( $common, [ 'clear' ] ),
1444 
1445  # https://www.w3.org/TR/html5/text-level-semantics.html#the-wbr-element
1446  'wbr' => $common,
1447 
1448  # 9.3.4
1449  'pre' => $merge( $common, [ 'width' ] ),
1450 
1451  # 9.4
1452  'ins' => $merge( $common, [ 'cite', 'datetime' ] ),
1453  'del' => $merge( $common, [ 'cite', 'datetime' ] ),
1454 
1455  # 10.2
1456  'ul' => $merge( $common, [ 'type' ] ),
1457  'ol' => $merge( $common, [ 'type', 'start', 'reversed' ] ),
1458  'li' => $merge( $common, [ 'type', 'value' ] ),
1459 
1460  # 10.3
1461  'dl' => $common,
1462  'dd' => $common,
1463  'dt' => $common,
1464 
1465  # 11.2.1
1466  'table' => $merge( $common,
1467  [ 'summary', 'width', 'border', 'frame',
1468  'rules', 'cellspacing', 'cellpadding',
1469  'align', 'bgcolor',
1470  ] ),
1471 
1472  # 11.2.2
1473  'caption' => $block,
1474 
1475  # 11.2.3
1476  'thead' => $common,
1477  'tfoot' => $common,
1478  'tbody' => $common,
1479 
1480  # 11.2.4
1481  'colgroup' => $merge( $common, [ 'span' ] ),
1482  'col' => $merge( $common, [ 'span' ] ),
1483 
1484  # 11.2.5
1485  'tr' => $merge( $common, [ 'bgcolor' ], $tablealign ),
1486 
1487  # 11.2.6
1488  'td' => $merge( $common, $tablecell, $tablealign ),
1489  'th' => $merge( $common, $tablecell, $tablealign ),
1490 
1491  # 12.2
1492  # NOTE: <a> is not allowed directly, but this list of allowed
1493  # attributes is used from the Parser object
1494  'a' => $merge( $common, [ 'href', 'rel', 'rev' ] ), # rel/rev esp. for RDFa
1495 
1496  # 13.2
1497  # Not usually allowed, but may be used for extension-style hooks
1498  # such as <math> when it is rasterized, or if $wgAllowImageTag is
1499  # true
1500  'img' => $merge( $common, [ 'alt', 'src', 'width', 'height', 'srcset' ] ),
1501  # Attributes for A/V tags added in T163583 / T133673
1502  'audio' => $merge( $common, [ 'controls', 'preload', 'width', 'height' ] ),
1503  'video' => $merge( $common, [ 'poster', 'controls', 'preload', 'width', 'height' ] ),
1504  'source' => $merge( $common, [ 'type', 'src' ] ),
1505  'track' => $merge( $common, [ 'type', 'src', 'srclang', 'kind', 'label' ] ),
1506 
1507  # 15.2.1
1508  'tt' => $common,
1509  'b' => $common,
1510  'i' => $common,
1511  'big' => $common,
1512  'small' => $common,
1513  'strike' => $common,
1514  's' => $common,
1515  'u' => $common,
1516 
1517  # 15.2.2
1518  'font' => $merge( $common, [ 'size', 'color', 'face' ] ),
1519  # basefont
1520 
1521  # 15.3
1522  'hr' => $merge( $common, [ 'width' ] ),
1523 
1524  # HTML Ruby annotation text module, simple ruby only.
1525  # https://www.w3.org/TR/html5/text-level-semantics.html#the-ruby-element
1526  'ruby' => $common,
1527  # rbc
1528  'rb' => $common,
1529  'rp' => $common,
1530  'rt' => $common, # $merge( $common, [ 'rbspan' ] ),
1531  'rtc' => $common,
1532 
1533  # MathML root element, where used for extensions
1534  # 'title' may not be 100% valid here; it's XHTML
1535  # https://www.w3.org/TR/REC-MathML/
1536  'math' => $merge( [], [ 'class', 'style', 'id', 'title' ] ),
1537 
1538  // HTML 5 section 4.5
1539  'figure' => $common,
1540  'figcaption' => $common,
1541 
1542  # HTML 5 section 4.6
1543  'bdi' => $common,
1544 
1545  # HTML5 elements, defined by:
1546  # https://html.spec.whatwg.org/multipage/semantics.html#the-data-element
1547  'data' => $merge( $common, [ 'value' ] ),
1548  'time' => $merge( $common, [ 'datetime' ] ),
1549  'mark' => $common,
1550 
1551  // meta and link are only permitted by removeHTMLtags when Microdata
1552  // is enabled so we don't bother adding a conditional to hide these
1553  // Also meta and link are only valid in WikiText as Microdata elements
1554  // (ie: validateTag rejects tags missing the attributes needed for Microdata)
1555  // So we don't bother including $common attributes that have no purpose.
1556  'meta' => $merge( [], [ 'itemprop', 'content' ] ),
1557  'link' => $merge( [], [ 'itemprop', 'href', 'title' ] ),
1558 
1559  # HTML 5 section 4.3.5
1560  'aside' => $common,
1561  ];
1562 
1563  return $allowed;
1564  }
1565 
1577  public static function stripAllTags( $html ) {
1578  // Use RemexHtml to tokenize $html and extract the text
1579  $handler = new RemexStripTagHandler;
1580  $tokenizer = new RemexTokenizer( $handler, $html, [
1581  'ignoreErrors' => true,
1582  // don't ignore char refs, we want them to be decoded
1583  'ignoreNulls' => true,
1584  'skipPreprocess' => true,
1585  ] );
1586  $tokenizer->execute();
1587  $text = $handler->getResult();
1588 
1589  $text = self::normalizeWhitespace( $text );
1590  return $text;
1591  }
1592 
1604  public static function hackDocType() {
1605  $out = "<!DOCTYPE html [\n";
1606  foreach ( HTMLData::$namedEntityTranslations as $entity => $translation ) {
1607  if ( substr( $entity, -1 ) !== ';' ) {
1608  // Some HTML entities omit the trailing semicolon;
1609  // wikitext does not permit these.
1610  continue;
1611  }
1612  $name = substr( $entity, 0, -1 );
1613  $expansion = self::normalizeEntity( $entity );
1614  if ( $entity === $expansion ) {
1615  // Skip &lt; &gt; etc
1616  continue;
1617  }
1618  $out .= "<!ENTITY $name \"$expansion\">";
1619  }
1620  $out .= "]>\n";
1621  return $out;
1622  }
1623 
1628  public static function cleanUrl( $url ) {
1629  # Normalize any HTML entities in input. They will be
1630  # re-escaped by makeExternalLink().
1631  $url = self::decodeCharReferences( $url );
1632 
1633  # Escape any control characters introduced by the above step
1634  $url = preg_replace_callback( '/[\][<>"\\x00-\\x20\\x7F\|]/',
1635  [ __CLASS__, 'cleanUrlCallback' ], $url );
1636 
1637  # Validate hostname portion
1638  $matches = [];
1639  if ( preg_match( '!^([^:]+:)(//[^/]+)?(.*)$!iD', $url, $matches ) ) {
1640  list( /* $whole */, $protocol, $host, $rest ) = $matches;
1641 
1642  // Characters that will be ignored in IDNs.
1643  // https://datatracker.ietf.org/doc/html/rfc8264#section-9.13
1644  // https://www.unicode.org/Public/UCD/latest/ucd/DerivedCoreProperties.txt
1645  // Strip them before further processing so deny lists and such work.
1646  $strip = "/
1647  \\s| # general whitespace
1648  \u{00AD}| # SOFT HYPHEN
1649  \u{034F}| # COMBINING GRAPHEME JOINER
1650  \u{061C}| # ARABIC LETTER MARK
1651  [\u{115F}-\u{1160}]| # HANGUL CHOSEONG FILLER..
1652  # HANGUL JUNGSEONG FILLER
1653  [\u{17B4}-\u{17B5}]| # KHMER VOWEL INHERENT AQ..
1654  # KHMER VOWEL INHERENT AA
1655  [\u{180B}-\u{180D}]| # MONGOLIAN FREE VARIATION SELECTOR ONE..
1656  # MONGOLIAN FREE VARIATION SELECTOR THREE
1657  \u{180E}| # MONGOLIAN VOWEL SEPARATOR
1658  [\u{200B}-\u{200F}]| # ZERO WIDTH SPACE..
1659  # RIGHT-TO-LEFT MARK
1660  [\u{202A}-\u{202E}]| # LEFT-TO-RIGHT EMBEDDING..
1661  # RIGHT-TO-LEFT OVERRIDE
1662  [\u{2060}-\u{2064}]| # WORD JOINER..
1663  # INVISIBLE PLUS
1664  \u{2065}| # <reserved-2065>
1665  [\u{2066}-\u{206F}]| # LEFT-TO-RIGHT ISOLATE..
1666  # NOMINAL DIGIT SHAPES
1667  \u{3164}| # HANGUL FILLER
1668  [\u{FE00}-\u{FE0F}]| # VARIATION SELECTOR-1..
1669  # VARIATION SELECTOR-16
1670  \u{FEFF}| # ZERO WIDTH NO-BREAK SPACE
1671  \u{FFA0}| # HALFWIDTH HANGUL FILLER
1672  [\u{FFF0}-\u{FFF8}]| # <reserved-FFF0>..
1673  # <reserved-FFF8>
1674  [\u{1BCA0}-\u{1BCA3}]| # SHORTHAND FORMAT LETTER OVERLAP..
1675  # SHORTHAND FORMAT UP STEP
1676  [\u{1D173}-\u{1D17A}]| # MUSICAL SYMBOL BEGIN BEAM..
1677  # MUSICAL SYMBOL END PHRASE
1678  \u{E0000}| # <reserved-E0000>
1679  \u{E0001}| # LANGUAGE TAG
1680  [\u{E0002}-\u{E001F}]| # <reserved-E0002>..
1681  # <reserved-E001F>
1682  [\u{E0020}-\u{E007F}]| # TAG SPACE..
1683  # CANCEL TAG
1684  [\u{E0080}-\u{E00FF}]| # <reserved-E0080>..
1685  # <reserved-E00FF>
1686  [\u{E0100}-\u{E01EF}]| # VARIATION SELECTOR-17..
1687  # VARIATION SELECTOR-256
1688  [\u{E01F0}-\u{E0FFF}]| # <reserved-E01F0>..
1689  # <reserved-E0FFF>
1690  /xuD";
1691 
1692  $host = preg_replace( $strip, '', $host );
1693 
1694  // IPv6 host names are bracketed with []. Url-decode these.
1695  if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 &&
1696  preg_match( '!^//%5B([0-9A-Fa-f:.]+)%5D((:\d+)?)$!', $host, $matches )
1697  ) {
1698  $host = '//[' . $matches[1] . ']' . $matches[2];
1699  }
1700 
1701  // @todo FIXME: Validate hostnames here
1702 
1703  return $protocol . $host . $rest;
1704  } else {
1705  return $url;
1706  }
1707  }
1708 
1713  private static function cleanUrlCallback( $matches ) {
1714  return urlencode( $matches[0] );
1715  }
1716 
1745  public static function validateEmail( $addr ) {
1746  $result = null;
1747  // TODO This method should be non-static, and have a HookRunner injected
1748  if ( !Hooks::runner()->onIsValidEmailAddr( $addr, $result ) ) {
1749  return $result;
1750  }
1751 
1752  // Please note strings below are enclosed in brackets [], this make the
1753  // hyphen "-" a range indicator. Hence it is double backslashed below.
1754  // See T28948
1755  $rfc5322_atext = "a-z0-9!#$%&'*+\\-\/=?^_`{|}~";
1756  $rfc1034_ldh_str = "a-z0-9\\-";
1757 
1758  $html5_email_regexp = "/
1759  ^ # start of string
1760  [$rfc5322_atext\\.]+ # user part which is liberal :p
1761  @ # 'apostrophe'
1762  [$rfc1034_ldh_str]+ # First domain part
1763  (\\.[$rfc1034_ldh_str]+)* # Following part prefixed with a dot
1764  $ # End of string
1765  /ix"; // case Insensitive, eXtended
1766 
1767  return (bool)preg_match( $html5_email_regexp, $addr );
1768  }
1769 }
Sanitizer\ID_FALLBACK
const ID_FALLBACK
Tells escapeUrlForHtml() to encode the ID using the fallback encoding, or return false if no fallback...
Definition: Sanitizer.php:79
Sanitizer\normalizeEntity
static normalizeEntity( $name)
If the named entity is defined in HTML5 return the equivalent numeric entity reference (except for th...
Definition: Sanitizer.php:1161
Sanitizer\getTagAttributeCallback
static getTagAttributeCallback( $set)
Pick the appropriate attribute value from a match set from the attribs regex matches.
Definition: Sanitizer.php:1066
Sanitizer\removeHTMLcomments
static removeHTMLcomments( $text)
Remove '', and everything between.
Definition: Sanitizer.php:309
Sanitizer\stripAllTags
static stripAllTags( $html)
Take a fragment of (potentially invalid) HTML and return a version with any tags removed,...
Definition: Sanitizer.php:1577
Sanitizer\EVIL_URI_PATTERN
const EVIL_URI_PATTERN
Pattern matching evil uris like javascript: WARNING: DO NOT use this in any place that actually requi...
Definition: Sanitizer.php:63
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:200
$wgExternalInterwikiFragmentMode
$wgExternalInterwikiFragmentMode
Which ID escaping mode should be used for external interwiki links? See documentation for $wgFragment...
Definition: DefaultSettings.php:3892
Sanitizer\escapeIdForAttribute
static escapeIdForAttribute( $id, $mode=self::ID_PRIMARY)
Given a section name or other user-generated or otherwise unsafe string, escapes it to be a valid HTM...
Definition: Sanitizer.php:812
Sanitizer\removeHTMLtags
static removeHTMLtags( $text, $processCallback=null, $args=[], $extratags=[], $removetags=[])
Cleans up HTML, removes dangerous tags and attributes, and removes HTML comments.
Definition: Sanitizer.php:240
Sanitizer\decodeEntity
static decodeEntity( $name)
If the named entity is defined in HTML5 return the UTF-8 encoding of that character.
Definition: Sanitizer.php:1301
Sanitizer\mergeAttributes
static mergeAttributes( $a, $b)
Merge two sets of HTML attributes.
Definition: Sanitizer.php:542
Sanitizer\validateAttributes
static validateAttributes( $attribs, $allowed)
Take an array of attribute names and values and normalize or discard illegal values.
Definition: Sanitizer.php:414
Sanitizer\normalizeSectionNameWhitespace
static normalizeSectionNameWhitespace( $section)
Normalizes whitespace in a section name, such as might be returned by Parser::stripSectionName(),...
Definition: Sanitizer.php:1105
Sanitizer\escapeIdInternal
static escapeIdInternal( $id, $mode)
Helper for escapeIdFor*() functions.
Definition: Sanitizer.php:894
Sanitizer\validateEmail
static validateEmail( $addr)
Does a string look like an e-mail address?
Definition: Sanitizer.php:1745
Sanitizer\attributesAllowedInternal
static attributesAllowedInternal( $element)
Fetch the list of acceptable attributes for a given element name.
Definition: Sanitizer.php:1317
Sanitizer\decCharReference
static decCharReference( $codepoint)
Definition: Sanitizer.php:1182
Sanitizer\safeEncodeTagAttributes
static safeEncodeTagAttributes( $assoc_array)
Build a partial tag string from an associative array of attribute names and values as returned by dec...
Definition: Sanitizer.php:1047
Sanitizer\decodeCharReferencesAndNormalize
static decodeCharReferencesAndNormalize( $text)
Decode any character references, numeric or named entities, in the next and normalize the resulting s...
Definition: Sanitizer.php:1246
Sanitizer\$attribsRegex
static $attribsRegex
Lazy-initialised attributes regex, see getAttribsRegex()
Definition: Sanitizer.php:93
$wgFragmentMode
$wgFragmentMode
How should section IDs be encoded? This array can contain 1 or 2 elements, each of them can be one of...
Definition: DefaultSettings.php:3882
Sanitizer\escapeClass
static escapeClass( $class)
Given a value, escape it so that it can be used as a CSS class and return it.
Definition: Sanitizer.php:973
Sanitizer\normalizeCharReferencesCallback
static normalizeCharReferencesCallback( $matches)
Definition: Sanitizer.php:1135
Sanitizer\armorFrenchSpaces
static armorFrenchSpaces( $text, $space='&#160;')
Armor French spaces with a replacement character.
Definition: Sanitizer.php:747
RemexStripTagHandler
Definition: RemexStripTagHandler.php:9
Sanitizer\validateTag
static validateTag( $params, $element)
Takes attribute names and values for a tag and the tag name and validates that the tag is allowed to ...
Definition: Sanitizer.php:355
Sanitizer\$attribNameRegex
static $attribNameRegex
Lazy-initialised attribute name regex, see getAttribNameRegex()
Definition: Sanitizer.php:124
Sanitizer\hackDocType
static hackDocType()
Hack up a private DOCTYPE with HTML's standard entity declarations.
Definition: Sanitizer.php:1604
Sanitizer\XMLNS_ATTRIBUTE_PATTERN
const XMLNS_ATTRIBUTE_PATTERN
Definition: Sanitizer.php:64
$wgAllowImageTag
$wgAllowImageTag
A different approach to the above: simply allow the "<img>" tag to be used.
Definition: DefaultSettings.php:4943
wfDeprecatedMsg
wfDeprecatedMsg( $msg, $version=false, $component=false, $callerOffset=2)
Log a deprecation warning with arbitrary message text.
Definition: GlobalFunctions.php:1020
MWException
MediaWiki exception.
Definition: MWException.php:29
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Logs a warning that a deprecated feature was used.
Definition: GlobalFunctions.php:989
Sanitizer\safeEncodeAttribute
static safeEncodeAttribute( $text)
Encode an attribute value for HTML tags, with extra armoring against further wiki processing.
Definition: Sanitizer.php:766
$matches
$matches
Definition: NoLocalSettings.php:24
Sanitizer\encodeAttribute
static encodeAttribute( $text)
Encode an attribute value for HTML output.
Definition: Sanitizer.php:724
$args
if( $line===false) $args
Definition: mcc.php:124
Sanitizer\escapeIdReferenceListInternal
static escapeIdReferenceListInternal( $referenceString)
Given a string containing a space delimited list of ids, escape each id to match ids escaped by the e...
Definition: Sanitizer.php:946
Sanitizer\hexCharReference
static hexCharReference( $codepoint)
Definition: Sanitizer.php:1195
Sanitizer\validateCodepoint
static validateCodepoint( $codepoint)
Returns true if a given Unicode codepoint is a valid character in both HTML5 and XML.
Definition: Sanitizer.php:1210
wfUrlProtocols
wfUrlProtocols( $includeProtocolRelative=true)
Returns a regular expression of url protocols.
Definition: GlobalFunctions.php:702
Sanitizer\MW_ENTITY_ALIASES
const MW_ENTITY_ALIASES
Character entity aliases accepted by MediaWiki in wikitext.
Definition: Sanitizer.php:85
Sanitizer\validateTagAttributes
static validateTagAttributes( $attribs, $element)
Take an array of attribute names and values and normalize or discard illegal values for the given ele...
Definition: Sanitizer.php:391
Sanitizer\ELEMENT_BITS_REGEX
const ELEMENT_BITS_REGEX
Acceptable tag name charset from HTML5 parsing spec https://www.w3.org/TR/html5/syntax....
Definition: Sanitizer.php:52
Hooks\runner
static runner()
Get a HookRunner instance for calling hooks using the new interfaces.
Definition: Hooks.php:173
Sanitizer\escapeIdForExternalInterwiki
static escapeIdForExternalInterwiki( $id)
Given a section name or other user-generated or otherwise unsafe string, escapes it to be a valid URL...
Definition: Sanitizer.php:862
Sanitizer\isReservedDataAttribute
static isReservedDataAttribute( $attr)
Given an attribute name, checks whether it is a reserved data attribute (such as data-mw-foo) which i...
Definition: Sanitizer.php:521
Sanitizer\cleanUrl
static cleanUrl( $url)
Definition: Sanitizer.php:1628
Sanitizer\setupAttributesAllowedInternal
static setupAttributesAllowedInternal()
Foreach array key (an allowed HTML element), return an array of allowed attributes.
Definition: Sanitizer.php:1329
Sanitizer\cssDecodeCallback
static cssDecodeCallback( $matches)
Definition: Sanitizer.php:662
Sanitizer\getRecognizedTagData
static getRecognizedTagData( $extratags=[], $removetags=[])
Return the various lists of recognized tags.
Definition: Sanitizer.php:145
Sanitizer\fixTagAttributes
static fixTagAttributes( $text, $element, $sorted=false)
Take a tag soup fragment listing an HTML element's attributes and normalize it to well-formed XML,...
Definition: Sanitizer.php:704
Sanitizer\escapeIdInternalUrl
static escapeIdInternalUrl( $id, $mode)
Do percent encoding of percent signs for href (but not id) attributes.
Definition: Sanitizer.php:879
Sanitizer\normalizeCss
static normalizeCss( $value)
Normalize CSS into a format we can easily search for hostile input.
Definition: Sanitizer.php:563
Sanitizer\ID_PRIMARY
const ID_PRIMARY
Tells escapeUrlForHtml() to encode the ID using the wiki's primary encoding.
Definition: Sanitizer.php:71
Sanitizer\CHAR_REFS_REGEX
const CHAR_REFS_REGEX
Regular expression to match various types of character references in Sanitizer::normalizeCharReferenc...
Definition: Sanitizer.php:42
Sanitizer\normalizeWhitespace
static normalizeWhitespace( $text)
Definition: Sanitizer.php:1090
Sanitizer\decodeChar
static decodeChar( $codepoint)
Return UTF-8 string for a codepoint if that is a valid character reference, otherwise U+FFFD REPLACEM...
Definition: Sanitizer.php:1285
Sanitizer\getAttribNameRegex
static getAttribNameRegex()
Used in Sanitizer::decodeTagAttributes to filter attributes.
Definition: Sanitizer.php:130
StringUtils\delimiterReplace
static delimiterReplace( $startDelim, $endDelim, $replace, $subject, $flags='')
Perform an operation equivalent to preg_replace() with flags.
Definition: StringUtils.php:248
Sanitizer\normalizeCharReferences
static normalizeCharReferences( $text)
Ensure that any entities and character references are legal for XML and XHTML specifically.
Definition: Sanitizer.php:1124
Sanitizer\escapeIdForLink
static escapeIdForLink( $id)
Given a section name or other user-generated or otherwise unsafe string, escapes it to be a valid URL...
Definition: Sanitizer.php:839
Sanitizer\decodeTagAttributes
static decodeTagAttributes( $text)
Return an associative array of attribute names and values from a partial tag string.
Definition: Sanitizer.php:1005
$t
$t
Definition: testCompression.php:74
Sanitizer\decodeCharReferences
static decodeCharReferences( $text)
Decode any character references, numeric or named entities, in the text and return a UTF-8 string.
Definition: Sanitizer.php:1229
Sanitizer
HTML sanitizer for MediaWiki.
Definition: Sanitizer.php:35
Sanitizer\checkCss
static checkCss( $value)
Pick apart some CSS and check it for forbidden or unsafe structures.
Definition: Sanitizer.php:633
Sanitizer\escapeIdReferenceList
static escapeIdReferenceList( $referenceString)
Given a string containing a space delimited list of ids, escape each id to match ids escaped by the e...
Definition: Sanitizer.php:934
Sanitizer\getAttribsRegex
static getAttribsRegex()
Regular expression to match HTML/XML attribute pairs within a tag.
Definition: Sanitizer.php:101
Sanitizer\escapeHtmlAllowEntities
static escapeHtmlAllowEntities( $html)
Given HTML input, escape with htmlspecialchars but un-escape entities.
Definition: Sanitizer.php:988
Sanitizer\decodeCharReferencesCallback
static decodeCharReferencesCallback( $matches)
Definition: Sanitizer.php:1266
Sanitizer\cleanUrlCallback
static cleanUrlCallback( $matches)
Definition: Sanitizer.php:1713