Page MenuHomePhabricator
Create Task
Maniphest T408473

Codex-PHP: Improve plain text vs raw HTML handling using HtmlSnippet
Open, Needs TriagePublic
Actions

Description

Right now, some setters take plain text (e.g. LabelBuilder::setDescription()) and some take raw HTML (e.g. LabelBuilder::setLabelText(), despite the name). This is confusing, not flexible enough, and doesn't promote security. We want it to be clear whether something is plain text or raw HTML, and we want raw HTML to be supported in more places, but we don't want it to be the default to avoid accidentally passing unescaped plain text into something that expects raw HTML.

To address these issues, we should make most of these setters accept either a string or an HtmlSnippet object. When a string is passed in, this should be interpreted as plain text and escaped; when an HtmlSnippet is passed in this should be interpreted as raw HTML and not escaped. This way it's always clear what's HTML and what's plain text. Some setters may need to only accept a string, if they only accept plain text and it doesn't make sense for them to accept raw HTML.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
[BREAKING CHANGE] Use strings for plain text, HtmlSnippets for raw HTMLdesign/codex-phpmain+361 -311
Customize query in gerrit

Related Objects
Search...

Event Timeline

Catrope created this task.Oct 27 2025, 11:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2025, 11:16 PM
Catrope mentioned this in T409498: Codex-PHP 1.0 release.Nov 6 2025, 9:39 PM
Catrope added a parent task: T409498: Codex-PHP 1.0 release.
Catrope removed a parent task: T399523: Announce Codex-PHP and encourage widespread adoption.
gerritbot added a comment.Wed, Nov 12, 10:48 PM

Change #1204692 had a related patch set uploaded (by Catrope; author: Catrope):

[design/codex-php@main] [BREAKING CHANGE] Use strings for plain text, HtmlSnippets for raw HTML

https://gerrit.wikimedia.org/r/1204692

gerritbot added a project: Patch-For-Review.Wed, Nov 12, 10:48 PM
Catrope moved this task from Backlog to Code Review on the Codex board.Wed, Nov 12, 10:48 PM
SomeRandomDeveloper awarded a token.Mon, Nov 17, 7:49 PM
SomeRandomDeveloper subscribed.
gerritbot added a comment.Mon, Nov 17, 11:57 PM

Change #1204692 merged by jenkins-bot:

[design/codex-php@main] [BREAKING CHANGE] Use strings for plain text, HtmlSnippets for raw HTML

https://gerrit.wikimedia.org/r/1204692

Catrope mentioned this in rDCPHadc8581cb975: [BREAKING CHANGE] Use strings for plain text, HtmlSnippets for raw HTML.Mon, Nov 17, 11:58 PM
Maintenance_bot removed a project: Patch-For-Review.Tue, Nov 18, 12:30 AM
Catrope claimed this task.Tue, Nov 18, 7:41 PM
Catrope moved this task from Code Review to Pending Release on the Codex board.
Chlod subscribed.Tue, Nov 25, 3:13 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits