Page MenuHomePhabricator

Html::openElement should warn when element contains spaces
Closed, ResolvedPublic

Description

In case of the following code Html::rawElement, Html::element or Html::openElement should warn that the elment name contains a space, because the attribute should be passed in the attributes array.

Code from OpenStackManager SpecialNova.php

		$elementWithId = "h2 id=\"$projectName\"";
		$out = Html::rawElement( $elementWithId, [], "$projectNameOut $actionOut" );

Html::openElement can also throw, but it could be hard to find all places before the throw is deployed to production. So having wfWarn or other kind of logging would be ok

Details

Related Gerrit Patches:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 11 2018, 8:56 AM
Bawolff added a subscriber: Bawolff.

This isn't something that phan-taint-check can easily check (unless its provided as a string literal directly to Html::element). I think Html::rawElement and friends should warn

Change 457955 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Add warning if you give Html::openElement a name with a space

https://gerrit.wikimedia.org/r/457955

Legoktm assigned this task to Bawolff.Dec 21 2018, 2:05 AM

Change 457955 merged by jenkins-bot:
[mediawiki/core@master] Add warning if you give Html::openElement a name with a space

https://gerrit.wikimedia.org/r/457955

Legoktm closed this task as Resolved.Dec 21 2018, 4:15 AM