Allow HTML attributes for <ref(erences)> tags
Closed, DeclinedPublic

Description

Author: cchittleborough

Description:
After taking a look at Cite.php, it seems to me that it might be (*cough*) A
Small Matter of Programming to allow the <references> element to take a class
attribute. For example,
<references class="foo bar"/>
would generate <ol class="references foo bar">.

A patch follows. I have not tested it (or even compiled it!). Feel free to
ignore it, laugh at my feeble PHP skills, etc.

  • Chris Chittleborough
==========================================
--- Cite.php	Fri May 19 17:19:44 2006
+++ Cite.CWC.php	Fri May 19 17:35:50 2006
@@ -105,7 +105,7 @@
 
 			// Although I could just use # instead of <li> above and nothing here that
 			// will break on input that contains linebreaks
-			'cite_references_prefix' => '<ol class="references">',
+			'cite_references_prefix' => '<ol class="references $1">',
 			'cite_references_suffix' => '</ol>',
 		)
 	);
@@ -311,12 +311,18 @@
 		 */
 		function references( $str, $argv, $parser ) {
 			$this->mParser = $parser;
+			$classes = '';
+			$cnt = count ( $argv );
+			if ( $cnt == 1 and isset( $argv['class'] ) ) {
+				$classes = ' '. $argv['class'];
+				$cnt = 0;
+			}
 			if ( $str !== null )
 				return $this->error( CITE_ERROR_REFERENCES_INVALID_INPUT );
-			else if ( count( $argv ) )
+			else if ( $cnt > 0 )
 				return $this->error( CITE_ERROR_REFERENCES_INVALID_PARAMETERS );
 			else
-				return $this->referencesFormat();
+				return $this->referencesFormat($classes);
 		}
 
 		/**
@@ -324,13 +330,13 @@
 		 *
 		 * @return string XHTML ready for output
 		 */
-		function referencesFormat() {
+		function referencesFormat( $classes ) {
 			$ent = array();
 			
 			foreach ( $this->mRefs as $k => $v )
 				$ent[] = $this->referencesFormatEntry( $k, $v );
 			
-			$prefix = wfMsgForContentNoTrans( 'cite_references_prefix' );
+			$prefix = wfMsgForContentNoTrans( 'cite_references_prefix', $classes );
 			$suffix = wfMsgForContentNoTrans( 'cite_references_suffix' );
 			$content = implode( "\n", $ent );

See Also: T53260 (bug 51260)

Details

Reference
bz6019
bzimport raised the priority of this task from to Low.
bzimport set Reference to bz6019.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.May 19 2006, 8:18 AM

cchittleborough wrote:

Ah. Leading whitespace gets trimmed, eh? You can find an intact version of that
diff at "http://cchittleborough.cluemail.com/Cite.CWC.patch".

brion added a comment.May 19 2006, 4:04 PM

Please do not paste patches into comments; attach them as files.

cchittleborough wrote:

Patch

Sorry about that. I looked for an attachment feature when I created the "bug",
but didn't find one.

attachment Cite.CWC.patch ignored as obsolete

robchur wrote:

Comment on attachment 1790
Patch

Patch isn't safe; allows insertion of arbitrary HTML and may provide a vector
for a JavaScript/XSS attack.

  • Bug 11161 has been marked as a duplicate of this bug. ***

*Bulk BZ Change: +Patch to open bugs with patches attached that are missing the keyword*

john wrote:

+reviewed

Current patch is obsolete and is unsafe.

bluehairedlawyer wrote:

a sanitised patch

The attached patch allows editors to pass class and style attributes in the references tag to the underlying <ol> HTML tag. It uses Sanitizer::escapeClass and Sanitizer::fixTagAttributes to sanitise the classes and css code.

Attached:

We should not encourage inline styles, so lets please limit this to a class attribute only.

Krinkle updated the task description. (Show Details)Dec 1 2014, 6:18 PM
Krinkle set Security to None.
Krinkle closed this task as Declined.Dec 1 2014, 6:20 PM
Krinkle claimed this task.

Fulfilling requests for specific implementations is tricky as there's no obvious use cases. There are obviously relevant use cases related to this implementation (see T33597 and T53260), but I think those are much better served (both for users and developers) by not implementing it as raw class names.