Page MenuHomePhabricator
Create Task
Maniphest T200907

Message::text() may return HTML
Open, Needs TriagePublic
Actions

Description

Problem
When using Message::text(), it is easy to assume that the method would return text rather than HTML. The documentation does say:

@return string Unescaped message text.

but that's not all that clear because the method name implies that there wouldn't be any HTML anyways.

Solution

  • Rename this method to raw()
  • Create a new text() method that is the same as the previous method, but with the output run through strip_tags() so that any HTML tags will be removed.

Alternatively, clearly document that text is not what is returned but rather html.

Related Objects

Event Timeline

dbarratt created this task.Aug 1 2018, 3:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 1 2018, 3:08 PM
dbarratt updated the task description. (Show Details)Aug 1 2018, 3:27 PM
Nikerabbit subscribed.Aug 1 2018, 3:50 PM

Naming is hard. I would rather not go through another round of API changes.

I would recommend to create interface that accept message objects directly, e.g. Html::element( 'div', [], $messageObj ) to reduce the need for developers to make a choice which output format to use.

I also support updating the documentation to say Message text that can contain unescaped HTML.

Mainframe98 subscribed.Aug 1 2018, 6:43 PM
In T200907#4469340, @Nikerabbit wrote:

[...]
I would recommend to create interface that accept message objects directly, e.g. Html::element( 'div', [], $messageObj ) to reduce the need for developers to make a choice which output format to use.

This is one of the largest annoyances when dealing with messages that should go in an Html element.

In T200907#4469340, @Nikerabbit wrote:

I also support updating the documentation to say Message text that can contain unescaped HTML.

Seems like a no-brainer. I dare say that this is an absolute must, considering that there have been issues with unescaped HTML causing all kinds of problems, let's not make things more difficult for the developers.

There is also a plain() function to make the confusion even worse, with the difference between text() and plain() is that text() transforms {{..}} constructs, according to Message.php.

Jaybaby2019 merged tasks: T32381: dumpHtml crashes when certain extensions are enabled, T33062: Don't set up language converter hooks in Language object constructor.Jul 14 2019, 1:58 AM
Jaybaby2019 added subscribers: bzimport, wikibugs-l-list, MarkAHershberger, Tfinc.
Legoktm removed subscribers: Tfinc, MarkAHershberger, wikibugs-l-list, bzimport.Jul 14 2019, 2:02 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL