Page MenuHomePhabricator
Files F61394247

01-T395949.patch
SomeRandomDeveloper
Actions

Authored By
SomeRandomDeveloper
Jun 3 2025, 6:19 PM
Size
2 KB
Referenced Files
None
Subscribers
None

01-T395949.patch
View Options

From 8f4fb3a165ad5a0894f99a723149fb8ce7b50db1 Mon Sep 17 00:00:00 2001
From: SomeRandomDeveloper <thisisnotmyname275@gmail.com>
Date: Tue, 3 Jun 2025 20:16:13 +0200
Subject: [PATCH] Sanitize style parameter properly
Also use Html to build the iframe element, which simplifies
sanitizing other parameters.
Raise the MW requirement to 1.40 since a namespaced import
is used for the Html class.
Bug: T395949
---
extension.json | 2 +-
src/GoogleDocs4MW.php | 32 ++++++++++++++++++--------------
2 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/extension.json b/extension.json
index c31be57..df27e35 100644
--- a/extension.json
+++ b/extension.json
@@ -9,7 +9,7 @@
"descriptionmsg": "googledocs4mw-desc",
"type": "parserhook",
"requires": {
- "MediaWiki": ">= 1.31.0"
+ "MediaWiki": ">= 1.40.0"
},
"MessagesDirs": {
"GoogleDocs4MW": [
diff --git a/src/GoogleDocs4MW.php b/src/GoogleDocs4MW.php
index 56f8dd7..72fec19 100644
--- a/src/GoogleDocs4MW.php
+++ b/src/GoogleDocs4MW.php
@@ -1,4 +1,7 @@
<?php
+
+use MediaWiki\Html\Html;
+
/**
* GoogleDocs4MW parser extension - adds <googlespreadsheet> tag for displaying
* Google Docs' spreadsheets
@@ -25,22 +28,23 @@ class GoogleDocs4MW {
*
* @param string $input
* @param array $argv
- * @return $output
+ * @return string $output
*/
public static function renderGoogleSpreadsheet( $input, $argv ) {
- $width = isset( $argv['width'] ) ? $argv['width'] : 500;
- $height = isset( $argv['height'] ) ? $argv['height'] : 300;
- $style = isset( $argv['style'] ) ? $argv['style'] : 'width:100%';
- $key = htmlspecialchars( $input, ENT_QUOTES );
-
- $output = '<iframe class="googlespreadsheetframe" width="' .
- intval( $width ) . '" height="' .
- intval( $height ) . '" style="' .
- htmlspecialchars( $style, ENT_QUOTES ) .
- '" src="https://docs.google.com/spreadsheets/d/' . $key .
- '/htmlembed?widget=true"></iframe>';
-
- return $output;
+ $width = $argv['width'] ?? 500;
+ $height = $argv['height'] ?? 300;
+ $style = $argv['style'] ?? 'width:100%';
+ $style = Sanitizer::checkCss( $style );
+
+ $src = 'https://docs.google.com/spreadsheets/d/' . $input . '/htmlembed?widget=true';
+
+ return Html::element( 'iframe', [
+ 'class' => 'googlespreadsheetframe',
+ 'width' => intval( $width ),
+ 'height' => intval( $height ),
+ 'style' => $style,
+ 'src' => $src,
+ ] );
}
}
--
2.49.0

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
20635778
Default Alt Text
01-T395949.patch (2 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits