Page MenuHomePhabricator

Html::openElement should warn when element contains spaces
Closed, ResolvedPublic

Description

In case of the following code Html::rawElement, Html::element or Html::openElement should warn that the elment name contains a space, because the attribute should be passed in the attributes array.

Code from OpenStackManager SpecialNova.php

		$elementWithId = "h2 id=\"$projectName\"";
		$out = Html::rawElement( $elementWithId, [], "$projectNameOut $actionOut" );

Html::openElement can also throw, but it could be hard to find all places before the throw is deployed to production. So having wfWarn or other kind of logging would be ok

Event Timeline

Bawolff subscribed.

This isn't something that phan-taint-check can easily check (unless its provided as a string literal directly to Html::element). I think Html::rawElement and friends should warn

Change 457955 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Add warning if you give Html::openElement a name with a space

https://gerrit.wikimedia.org/r/457955

Change 457955 merged by jenkins-bot:
[mediawiki/core@master] Add warning if you give Html::openElement a name with a space

https://gerrit.wikimedia.org/r/457955