elements. * * @since 1.16 */ class Html { /** @var bool[] List of void elements from HTML5, section 8.1.2 as of 2016-09-19 */ private static $voidElements = [ 'area' => true, 'base' => true, 'br' => true, 'col' => true, 'embed' => true, 'hr' => true, 'img' => true, 'input' => true, 'keygen' => true, 'link' => true, 'meta' => true, 'param' => true, 'source' => true, 'track' => true, 'wbr' => true, ]; /** * Boolean attributes, which may have the value omitted entirely. Manually * collected from the HTML5 spec as of 2011-08-12. * @var bool[] */ private static $boolAttribs = [ 'async' => true, 'autofocus' => true, 'autoplay' => true, 'checked' => true, 'controls' => true, 'default' => true, 'defer' => true, 'disabled' => true, 'formnovalidate' => true, 'hidden' => true, 'ismap' => true, 'itemscope' => true, 'loop' => true, 'multiple' => true, 'muted' => true, 'novalidate' => true, 'open' => true, 'pubdate' => true, 'readonly' => true, 'required' => true, 'reversed' => true, 'scoped' => true, 'seamless' => true, 'selected' => true, 'truespeed' => true, 'typemustmatch' => true, ]; /** * Modifies a set of attributes meant for button elements. * * @param array $attrs HTML attributes in an associative array * @param string[] $modifiers Unused * @return array Modified attributes array * @deprecated since 1.42 No-op */ public static function buttonAttributes( array $attrs, array $modifiers = [] ) { wfDeprecated( __METHOD__, '1.42' ); return $attrs; } /** * Modifies a set of attributes meant for text input elements. * * @param array $attrs An attribute array. * @return array Modified attributes array * @deprecated since 1.42 No-op */ public static function getTextInputAttributes( array $attrs ) { wfDeprecated( __METHOD__, '1.42' ); return $attrs; } /** * Returns an HTML link element in a string. * * @param string $text The text of the element. Will be escaped (not raw HTML) * @param array $attrs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * @param string[] $modifiers Unused * @return string Raw HTML */ public static function linkButton( $text, array $attrs, array $modifiers = [] ) { return self::element( 'a', $attrs, $text ); } /** * Returns an HTML input element in a string. * * @param string $contents Plain text label for the button value * @param array $attrs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * @param string[] $modifiers Unused * @return string Raw HTML */ public static function submitButton( $contents, array $attrs = [], array $modifiers = [] ) { $attrs['type'] = 'submit'; $attrs['value'] = $contents; return self::element( 'input', $attrs ); } /** * Returns an HTML element in a string. The major advantage here over * manually typing out the HTML is that it will escape all attribute * values. * * This is quite similar to Xml::tags(), but it implements some useful * HTML-specific logic. For instance, there is no $allowShortTag * parameter: the closing tag is magically omitted if $element has an empty * content model. * * @param string $element The element's name, e.g., 'a' * @param-taint $element tainted * @param array $attribs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * @param-taint $attribs escapes_html * @param string $contents The raw HTML contents of the element: *not* * escaped! * @param-taint $contents tainted * @return string Raw HTML * @return-taint escaped */ public static function rawElement( $element, $attribs = [], $contents = '' ) { $start = self::openElement( $element, $attribs ); if ( isset( self::$voidElements[$element] ) ) { return $start; } else { $contents = Sanitizer::escapeCombiningChar( $contents ?? '' ); return $start . $contents . self::closeElement( $element ); } } /** * Identical to rawElement(), but HTML-escapes $contents (like * Xml::element()). * * @param string $element Name of the element, e.g., 'a' * @param-taint $element tainted * @param array $attribs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * @param-taint $attribs escapes_html * @param string $contents * @param-taint $contents escapes_html * * @return string * @return-taint escaped */ public static function element( $element, $attribs = [], $contents = '' ) { return self::rawElement( $element, $attribs, strtr( $contents ?? '', [ // There's no point in escaping quotes, >, etc. in the contents of // elements. '&' => '&', '<' => '<', ] ) ); } /** * Identical to rawElement(), but has no third parameter and omits the end * tag (and the self-closing '/' in XML mode for empty elements). * * @param string $element Name of the element, e.g., 'a' * @param array $attribs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * * @return string */ public static function openElement( $element, $attribs = [] ) { $attribs = (array)$attribs; // This is not required in HTML5, but let's do it anyway, for // consistency and better compression. $element = strtolower( $element ); // Some people were abusing this by passing things like // 'h1 id="foo" to $element, which we don't want. if ( str_contains( $element, ' ' ) ) { wfWarn( __METHOD__ . " given element name with space '$element'" ); } // Remove invalid input types if ( $element == 'input' ) { $validTypes = [ 'hidden' => true, 'text' => true, 'password' => true, 'checkbox' => true, 'radio' => true, 'file' => true, 'submit' => true, 'image' => true, 'reset' => true, 'button' => true, // HTML input types 'datetime' => true, 'datetime-local' => true, 'date' => true, 'month' => true, 'time' => true, 'week' => true, 'number' => true, 'range' => true, 'email' => true, 'url' => true, 'search' => true, 'tel' => true, 'color' => true, ]; if ( isset( $attribs['type'] ) && !isset( $validTypes[$attribs['type']] ) ) { unset( $attribs['type'] ); } } // According to standard the default type for elements is "submit". // Depending on compatibility mode IE might use "button", instead. // We enforce the standard "submit". if ( $element == 'button' && !isset( $attribs['type'] ) ) { $attribs['type'] = 'submit'; } return "<$element" . self::expandAttributes( self::dropDefaults( $element, $attribs ) ) . '>'; } /** * Returns "" * * @since 1.17 * @param string $element Name of the element, e.g., 'a' * @return string A closing tag */ public static function closeElement( $element ) { $element = strtolower( $element ); return ""; } /** * Given an element name and an associative array of element attributes, * return an array that is functionally identical to the input array, but * possibly smaller. In particular, attributes might be stripped if they * are given their default values. * * This method is not guaranteed to remove all redundant attributes, only * some common ones and some others selected arbitrarily at random. It * only guarantees that the output array should be functionally identical * to the input array (currently per the HTML 5 draft as of 2009-09-06). * * @param string $element Name of the element, e.g., 'a' * @param array $attribs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * @return array An array of attributes functionally identical to $attribs */ private static function dropDefaults( $element, array $attribs ) { // Whenever altering this array, please provide a covering test case // in HtmlTest::provideElementsWithAttributesHavingDefaultValues static $attribDefaults = [ 'area' => [ 'shape' => 'rect' ], 'button' => [ 'formaction' => 'GET', 'formenctype' => 'application/x-www-form-urlencoded', ], 'canvas' => [ 'height' => '150', 'width' => '300', ], 'form' => [ 'action' => 'GET', 'autocomplete' => 'on', 'enctype' => 'application/x-www-form-urlencoded', ], 'input' => [ 'formaction' => 'GET', 'type' => 'text', ], 'keygen' => [ 'keytype' => 'rsa' ], 'link' => [ 'media' => 'all' ], 'menu' => [ 'type' => 'list' ], 'script' => [ 'type' => 'text/javascript' ], 'style' => [ 'media' => 'all', 'type' => 'text/css', ], 'textarea' => [ 'wrap' => 'soft' ], ]; foreach ( $attribs as $attrib => $value ) { if ( $attrib === 'class' ) { if ( $value === '' || $value === [] || $value === [ '' ] ) { unset( $attribs[$attrib] ); } } elseif ( isset( $attribDefaults[$element][$attrib] ) ) { if ( is_array( $value ) ) { $value = implode( ' ', $value ); } else { $value = strval( $value ); } if ( $attribDefaults[$element][$attrib] == $value ) { unset( $attribs[$attrib] ); } } } // More subtle checks if ( $element === 'link' && isset( $attribs['type'] ) && strval( $attribs['type'] ) == 'text/css' ) { unset( $attribs['type'] ); } if ( $element === 'input' ) { $type = $attribs['type'] ?? null; $value = $attribs['value'] ?? null; if ( $type === 'checkbox' || $type === 'radio' ) { // The default value for checkboxes and radio buttons is 'on' // not ''. By stripping value="" we break radio boxes that // actually wants empty values. if ( $value === 'on' ) { unset( $attribs['value'] ); } } elseif ( $type === 'submit' ) { // The default value for submit appears to be "Submit" but // let's not bother stripping out localized text that matches // that. } else { // The default value for nearly every other field type is '' // The 'range' and 'color' types use different defaults but // stripping a value="" does not hurt them. if ( $value === '' ) { unset( $attribs['value'] ); } } } if ( $element === 'select' && isset( $attribs['size'] ) ) { $multiple = ( $attribs['multiple'] ?? false ) !== false || in_array( 'multiple', $attribs ); $default = $multiple ? 4 : 1; if ( (int)$attribs['size'] === $default ) { unset( $attribs['size'] ); } } return $attribs; } /** * Given an associative array of element attributes, generate a string * to stick after the element name in HTML output. Like [ 'href' => * 'https://www.mediawiki.org/' ] becomes something like * ' href="https://www.mediawiki.org"'. Again, this is like * Xml::expandAttributes(), but it implements some HTML-specific logic. * * Attributes that can contain space-separated lists ('class', 'accesskey' and 'rel') array * values are allowed as well, which will automagically be normalized * and converted to a space-separated string. In addition to a numerical * array, the attribute value may also be an associative array. See the * example below for how that works. * * @par Numerical array * @code * Html::element( 'em', [ * 'class' => [ 'foo', 'bar' ] * ] ); * // gives '' * @endcode * * @par Associative array * @code * Html::element( 'em', [ * 'class' => [ 'foo', 'bar', 'foo' => false, 'quux' => true ] * ] ); * // gives '' * @endcode * * @param array $attribs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. Values will be HTML-escaped. * A value of false or null means to omit the attribute. For boolean attributes, * you can omit the key, e.g., [ 'checked' ] instead of * [ 'checked' => 'checked' ] or such. * * @return string HTML fragment that goes between element name and '>' * (starting with a space if at least one attribute is output) */ public static function expandAttributes( array $attribs ) { $ret = ''; foreach ( $attribs as $key => $value ) { // Support intuitive [ 'checked' => true/false ] form if ( $value === false || $value === null ) { continue; } // For boolean attributes, support [ 'foo' ] instead of // requiring [ 'foo' => 'meaningless' ]. if ( is_int( $key ) && isset( self::$boolAttribs[strtolower( $value )] ) ) { $key = $value; } // Not technically required in HTML5 but we'd like consistency // and better compression anyway. $key = strtolower( $key ); // https://www.w3.org/TR/html401/index/attributes.html ("space-separated") // https://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated") $spaceSeparatedListAttributes = [ 'class' => true, // html4, html5 'accesskey' => true, // as of html5, multiple space-separated values allowed // html4-spec doesn't document rel= as space-separated // but has been used like that and is now documented as such // in the html5-spec. 'rel' => true, ]; // Specific features for attributes that allow a list of space-separated values if ( isset( $spaceSeparatedListAttributes[$key] ) ) { // Apply some normalization and remove duplicates // Convert into correct array. Array can contain space-separated // values. Implode/explode to get those into the main array as well. if ( is_array( $value ) ) { // If input wasn't an array, we can skip this step $arrayValue = []; foreach ( $value as $k => $v ) { if ( is_string( $v ) ) { // String values should be normal `[ 'foo' ]` // Just append them if ( !isset( $value[$v] ) ) { // As a special case don't set 'foo' if a // separate 'foo' => true/false exists in the array // keys should be authoritative foreach ( explode( ' ', $v ) as $part ) { // Normalize spacing by fixing up cases where people used // more than 1 space and/or a trailing/leading space if ( $part !== '' && $part !== ' ' ) { $arrayValue[] = $part; } } } } elseif ( $v ) { // If the value is truthy but not a string this is likely // an [ 'foo' => true ], falsy values don't add strings $arrayValue[] = $k; } } } else { $arrayValue = explode( ' ', $value ); // Normalize spacing by fixing up cases where people used // more than 1 space and/or a trailing/leading space $arrayValue = array_diff( $arrayValue, [ '', ' ' ] ); } // Remove duplicates and create the string $value = implode( ' ', array_unique( $arrayValue ) ); // Optimization: Skip below boolAttribs check and jump straight // to its `else` block. The current $spaceSeparatedListAttributes // block is mutually exclusive with $boolAttribs. // phpcs:ignore Generic.PHP.DiscourageGoto goto not_bool; // NOSONAR } elseif ( is_array( $value ) ) { throw new UnexpectedValueException( "HTML attribute $key can not contain a list of values" ); } if ( isset( self::$boolAttribs[$key] ) ) { $ret .= " $key=\"\""; } else { // phpcs:ignore Generic.PHP.DiscourageGoto not_bool: // Inlined from Sanitizer::encodeAttribute() for improved performance $encValue = htmlspecialchars( $value, ENT_QUOTES ); // Whitespace is normalized during attribute decoding, // so if we've been passed non-spaces we must encode them // ahead of time or they won't be preserved. $encValue = strtr( $encValue, [ "\n" => ' ', "\r" => ' ', "\t" => ' ', ] ); $ret .= " $key=\"$encValue\""; } } return $ret; } /** * Output an HTML script tag with the given contents. * * It is unsupported for the contents to contain the sequence `" tag linking to the given URL, e.g., * "". * * @param string $url * @param string|null $nonce Nonce for CSP header, from OutputPage->getCSP()->getNonce() * @return string Raw HTML */ public static function linkedScript( $url, $nonce = null ) { $attrs = [ 'src' => $url ]; if ( $nonce !== null ) { $attrs['nonce'] = $nonce; } elseif ( ContentSecurityPolicy::isNonceRequired( MediaWikiServices::getInstance()->getMainConfig() ) ) { wfWarn( "no nonce set on script. CSP will break it" ); } return self::element( 'script', $attrs ); } /** * Output a "" (admittedly unlikely). * * @param string $contents CSS * @param string $media A media type string, like 'screen' * @param array $attribs (since 1.31) Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for * further documentation. * @return string Raw HTML */ public static function inlineStyle( $contents, $media = 'all', $attribs = [] ) { // Don't escape '>' since that is used // as direct child selector. // Remember, in css, there is no "x" for hexadecimal escapes, and // the space immediately after an escape sequence is swallowed. $contents = strtr( $contents, [ '<' => '\3C ', // CDATA end tag for good measure, but the main security // is from escaping the '<'. ']]>' => '\5D\5D\3E ' ] ); if ( preg_match( '/[<&]/', $contents ) ) { $contents = "/**/"; } return self::rawElement( 'style', [ 'media' => $media, ] + $attribs, $contents ); } /** * Output a "" linking to the given URL for the given * media type (if any). * * @param string $url * @param string $media A media type string, like 'screen' * @return string Raw HTML */ public static function linkedStyle( $url, $media = 'all' ) { return self::element( 'link', [ 'rel' => 'stylesheet', 'href' => $url, 'media' => $media, ] ); } /** * Convenience function to produce an `` element. This supports the * new HTML5 input types and attributes. * * @param string $name Name attribute * @param string $value Value attribute * @param string $type Type attribute * @param array $attribs Associative array of miscellaneous extra * attributes, passed to Html::element() * @return string Raw HTML */ public static function input( $name, $value = '', $type = 'text', array $attribs = [] ) { $attribs['type'] = $type; $attribs['value'] = $value; $attribs['name'] = $name; return self::element( 'input', $attribs ); } /** * Convenience function to produce a checkbox (input element with type=checkbox) * * @param string $name Name attribute * @param bool $checked Whether the checkbox is checked or not * @param array $attribs Array of additional attributes * @return string Raw HTML */ public static function check( $name, $checked = false, array $attribs = [] ) { if ( isset( $attribs['value'] ) ) { $value = $attribs['value']; unset( $attribs['value'] ); } else { $value = 1; } if ( $checked ) { $attribs[] = 'checked'; } return self::input( $name, $value, 'checkbox', $attribs ); } /** * Return the HTML for a message box. * @since 1.31 * @param string $html of contents of box * @param-taint $html tainted * @param string|array $className corresponding to box * @param string $heading (optional) * @param string $iconClassName (optional) corresponding to box icon * @return string of HTML representing a box. */ private static function messageBox( $html, $className, $heading = '', $iconClassName = '' ) { if ( $heading !== '' ) { $html = self::element( 'h2', [], $heading ) . $html; } $coreClasses = [ 'cdx-message', 'cdx-message--block' ]; if ( is_array( $className ) ) { $className = array_merge( $coreClasses, $className ); } else { $className .= ' ' . implode( ' ', $coreClasses ); } return self::rawElement( 'div', [ 'class' => $className ], self::element( 'span', [ 'class' => [ 'cdx-message__icon', $iconClassName ] ] ) . self::rawElement( 'div', [ 'class' => 'cdx-message__content' ], $html ) ); } /** * Return the HTML for a notice message box. * @since 1.38 * @param string $html of contents of notice * @param-taint $html tainted * @param string|array $className corresponding to notice * @param string $heading (optional) * @param string|array $iconClassName (optional) corresponding to notice icon * @return string of HTML representing the notice */ public static function noticeBox( $html, $className, $heading = '', $iconClassName = '' ) { return self::messageBox( $html, [ 'cdx-message--notice', $className ], $heading, $iconClassName ); } /** * Return a warning box. * @since 1.31 * @since 1.34 $className optional parameter added * @param string $html of contents of box * @param-taint $html tainted * @param string $className (optional) corresponding to box * @return string of HTML representing a warning box. */ public static function warningBox( $html, $className = '' ) { return self::messageBox( $html, [ 'cdx-message--warning', $className ] ); } /** * Return an error box. * @since 1.31 * @since 1.34 $className optional parameter added * @param string $html of contents of error box * @param-taint $html tainted * @param string $heading (optional) * @param string $className (optional) corresponding to box * @return string of HTML representing an error box. */ public static function errorBox( $html, $heading = '', $className = '' ) { return self::messageBox( $html, [ 'cdx-message--error', $className ], $heading ); } /** * Return a success box. * @since 1.31 * @since 1.34 $className optional parameter added * @param string $html of contents of box * @param-taint $html tainted * @param string $className (optional) corresponding to box * @return string of HTML representing a success box. */ public static function successBox( $html, $className = '' ) { return self::messageBox( $html, [ 'cdx-message--success', $className ] ); } /** * Convenience function to produce a radio button (input element with type=radio) * * @param string $name Name attribute * @param bool $checked Whether the radio button is checked or not * @param array $attribs Array of additional attributes * @return string Raw HTML */ public static function radio( $name, $checked = false, array $attribs = [] ) { if ( isset( $attribs['value'] ) ) { $value = $attribs['value']; unset( $attribs['value'] ); } else { $value = 1; } if ( $checked ) { $attribs[] = 'checked'; } return self::input( $name, $value, 'radio', $attribs ); } /** * Convenience function for generating a label for inputs. * * @param string $label Contents of the label * @param string $id ID of the element being labeled * @param array $attribs Additional attributes * @return string Raw HTML */ public static function label( $label, $id, array $attribs = [] ) { $attribs += [ 'for' => $id, ]; return self::element( 'label', $attribs, $label ); } /** * Convenience function to produce an input element with type=hidden * * @param string $name Name attribute * @param mixed $value Value attribute * @param array $attribs Associative array of miscellaneous extra * attributes, passed to Html::element() * @return string Raw HTML */ public static function hidden( $name, $value, array $attribs = [] ) { return self::input( $name, $value, 'hidden', $attribs ); } /** * Convenience function to produce a element. * * This supports leaving out the cols= and rows= which Xml requires and are * required by HTML4/XHTML but not required by HTML5. * * @param string $name Name attribute * @param string $value Value attribute * @param array $attribs Associative array of miscellaneous extra * attributes, passed to Html::element() * @return string Raw HTML */ public static function textarea( $name, $value = '', array $attribs = [] ) { $attribs['name'] = $name; if ( substr( $value ?? '', 0, 1 ) == "\n" ) { // Workaround for T14130: browsers eat the initial newline // assuming that it's just for show, but they do keep the later // newlines, which we may want to preserve during editing. // Prepending a single newline $spacedValue = "\n" . $value; } else { $spacedValue = $value; } return self::element( 'textarea', $attribs, $spacedValue ); } /** * Helper for Html::namespaceSelector(). * @param array $params See Html::namespaceSelector() * @return array */ public static function namespaceSelectorOptions( array $params = [] ) { if ( !isset( $params['exclude'] ) || !is_array( $params['exclude'] ) ) { $params['exclude'] = []; } if ( $params['in-user-lang'] ?? false ) { global $wgLang; $lang = $wgLang; } else { $lang = MediaWikiServices::getInstance()->getContentLanguage(); } $optionsOut = []; if ( isset( $params['all'] ) ) { // add an option that would let the user select all namespaces. // Value is provided by user, the name shown is localized for the user. $optionsOut[$params['all']] = wfMessage( 'namespacesall' )->text(); } // Add all namespaces as options $options = $lang->getFormattedNamespaces(); // Filter out namespaces below 0 and massage labels foreach ( $options as $nsId => $nsName ) { if ( $nsId < NS_MAIN || in_array( $nsId, $params['exclude'] ) ) { continue; } if ( $nsId === NS_MAIN ) { // For other namespaces use the namespace prefix as label, but for // main we don't use "" but the user message describing it (e.g. "(Main)" or "(Article)") $nsName = wfMessage( 'blanknamespace' )->text(); } elseif ( is_int( $nsId ) ) { $converter = MediaWikiServices::getInstance()->getLanguageConverterFactory() ->getLanguageConverter( $lang ); $nsName = $converter->convertNamespace( $nsId ); } $optionsOut[$nsId] = $nsName; } return $optionsOut; } /** * Build a drop-down box for selecting a namespace * * @param array $params Params to set. * - selected: [optional] Id of namespace which should be pre-selected * - all: [optional] Value of item for "all namespaces". If null or unset, * no "<option>" is generated to select all namespaces. * - label: text for label to add before the field. * - exclude: [optional] Array of namespace ids to exclude. * - disable: [optional] Array of namespace ids for which the option should * be disabled in the selector. * @param array $selectAttribs HTML attributes for the generated select element. * - id: [optional], default: 'namespace'. * - name: [optional], default: 'namespace'. * @return string HTML code to select a namespace. */ public static function namespaceSelector( array $params = [], array $selectAttribs = [] ) { ksort( $selectAttribs ); // Is a namespace selected? if ( isset( $params['selected'] ) ) { // If string only contains digits, convert to clean int. Selected could also // be "all" or "" etc. which needs to be left untouched. if ( !is_int( $params['selected'] ) && ctype_digit( (string)$params['selected'] ) ) { $params['selected'] = (int)$params['selected']; } // else: leaves it untouched for later processing } else { $params['selected'] = ''; } if ( !isset( $params['disable'] ) || !is_array( $params['disable'] ) ) { $params['disable'] = []; } // Associative array between option-values and option-labels $options = self::namespaceSelectorOptions( $params ); // Convert $options to HTML $optionsHtml = []; foreach ( $options as $nsId => $nsName ) { $optionsHtml[] = self::element( 'option', [ 'disabled' => in_array( $nsId, $params['disable'] ), 'value' => $nsId, 'selected' => $nsId === $params['selected'], ], $nsName ); } $selectAttribs['id'] ??= 'namespace'; $selectAttribs['name'] ??= 'namespace'; $ret = ''; if ( isset( $params['label'] ) ) { $ret .= self::element( 'label', [ 'for' => $selectAttribs['id'], ], $params['label'] ) . "\u{00A0}"; } // Wrap options in a <select> $ret .= self::openElement( 'select', $selectAttribs ) . "\n" . implode( "\n", $optionsHtml ) . "\n" . self::closeElement( 'select' ); return $ret; } /** * Constructs the opening html-tag with necessary doctypes depending on * global variables. * * @param array $attribs Associative array of miscellaneous extra * attributes, passed to Html::element() of html tag. * @return string Raw HTML */ public static function htmlHeader( array $attribs = [] ) { $ret = ''; $mainConfig = MediaWikiServices::getInstance()->getMainConfig(); $html5Version = $mainConfig->get( MainConfigNames::Html5Version ); $mimeType = $mainConfig->get( MainConfigNames::MimeType ); $xhtmlNamespaces = $mainConfig->get( MainConfigNames::XhtmlNamespaces ); $isXHTML = self::isXmlMimeType( $mimeType ); if ( $isXHTML ) { // XHTML5 // XML MIME-typed markup should have an xml header. // However a DOCTYPE is not needed. $ret .= "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"; // Add the standard xmlns $attribs['xmlns'] = 'http://www.w3.org/1999/xhtml'; // And support custom namespaces foreach ( $xhtmlNamespaces as $tag => $ns ) { $attribs["xmlns:$tag"] = $ns; } } else { // HTML5 $ret .= "<!DOCTYPE html>\n"; } if ( $html5Version ) { $attribs['version'] = $html5Version; } $ret .= self::openElement( 'html', $attribs ); return $ret; } /** * Determines if the given MIME type is xml. * * @param string $mimetype * @return bool */ public static function isXmlMimeType( $mimetype ) { # https://html.spec.whatwg.org/multipage/infrastructure.html#xml-mime-type # * text/xml # * application/xml # * Any MIME type with a subtype ending in +xml (this implicitly includes application/xhtml+xml) return (bool)preg_match( '!^(text|application)/xml$|^.+/.+\+xml$!', $mimetype ); } /** * Generate a srcset attribute value. * * Generates a srcset attribute value from an array mapping pixel densities * to URLs. A trailing 'x' in pixel density values is optional. * * @note srcset width and height values are not supported. * * @see https://html.spec.whatwg.org/#attr-img-srcset * * @par Example: * @code * Html::srcSet( [ * '1x' => 'standard.jpeg', * '1.5x' => 'large.jpeg', * '3x' => 'extra-large.jpeg', * ] ); * // gives 'standard.jpeg 1x, large.jpeg 1.5x, extra-large.jpeg 2x' * @endcode * * @param string[] $urls * @return string */ public static function srcSet( array $urls ) { $candidates = []; foreach ( $urls as $density => $url ) { // Cast density to float to strip 'x', then back to string to serve // as array index. $density = (string)(float)$density; $candidates[$density] = $url; } // Remove duplicates that are the same as a smaller value ksort( $candidates, SORT_NUMERIC ); $candidates = array_unique( $candidates ); // Append density info to the url foreach ( $candidates as $density => $url ) { $candidates[$density] = $url . ' ' . $density . 'x'; } return implode( ", ", $candidates ); } /** * Encode a variable of arbitrary type to JavaScript. * If the value is an HtmlJsCode object, pass through the object's value verbatim. * * @note Only use this function for generating JavaScript code. If generating output * for a proper JSON parser, just call FormatJson::encode() directly. * * @since 1.41 (previously on {@link Xml}) * @param mixed $value The value being encoded. Can be any type except a resource. * @param-taint $value escapes_html * @param bool $pretty If true, add non-significant whitespace to improve readability. * @return string|false String if successful; false upon failure * @return-taint none */ public static function encodeJsVar( $value, $pretty = false ) { if ( $value instanceof HtmlJsCode ) { return $value->value; } return FormatJson::encode( $value, $pretty, FormatJson::UTF8_OK ); } /** * Create a call to a JavaScript function. The supplied arguments will be * encoded using Html::encodeJsVar(). * * @since 1.41 (previously on {@link Xml} since 1.17) * @param string $name The name of the function to call, or a JavaScript expression * which evaluates to a function object which is called. * @param-taint $name tainted * @param array $args The arguments to pass to the function. * @param-taint $args escapes_html * @param bool $pretty If true, add non-significant whitespace to improve readability. * @return string|false String if successful; false upon failure * @return-taint none */ public static function encodeJsCall( $name, $args, $pretty = false ) { $encodedArgs = self::encodeJsList( $args, $pretty ); if ( $encodedArgs === false ) { return false; } return "$name($encodedArgs);"; } /** * Encode a JavaScript comma-separated list. The supplied items will be encoded using * Html::encodeJsVar(). * * @since 1.41. * @param array $args The elements of the list. * @param bool $pretty If true, add non-significant whitespace to improve readability. * @return false|string String if successful; false upon failure */ public static function encodeJsList( $args, $pretty = false ) { foreach ( $args as &$arg ) { $arg = self::encodeJsVar( $arg, $pretty ); if ( $arg === false ) { return false; } } if ( $pretty ) { return ' ' . implode( ', ', $args ) . ' '; } else { return implode( ',', $args ); } } /** * Build options for a drop-down box from a textual list. * * The result of this function can be passed to XmlSelect::addOptions() * (to render a plain `<select>` dropdown box) or to Html::listDropdownOptionsOoui() * and then OOUI\DropdownInputWidget() (to render a pretty one). * * @param string $list Correctly formatted text (newline delimited) to be * used to generate the options. * @param array $params Extra parameters: * - string $params['other'] If set, add an option with this as text and a value of 'other' * @return array Array keys are textual labels, values are internal values */ public static function listDropdownOptions( $list, $params = [] ) { $options = []; if ( isset( $params['other'] ) ) { $options[ $params['other'] ] = 'other'; } $optgroup = false; foreach ( explode( "\n", $list ) as $option ) { $value = trim( $option ); if ( $value == '' ) { continue; } if ( substr( $value, 0, 1 ) == '*' && substr( $value, 1, 1 ) != '*' ) { # A new group is starting... $value = trim( substr( $value, 1 ) ); if ( $value !== '' && // Do not use the value for 'other' as option group - T251351 ( !isset( $params['other'] ) || $value !== $params['other'] ) ) { $optgroup = $value; } else { $optgroup = false; } } elseif ( substr( $value, 0, 2 ) == '**' ) { # groupmember $opt = trim( substr( $value, 2 ) ); if ( $optgroup === false ) { $options[$opt] = $opt; } else { $options[$optgroup][$opt] = $opt; } } else { # groupless reason list $optgroup = false; $options[$option] = $option; } } return $options; } /** * Convert options for a drop-down box into a format accepted by OOUI\DropdownInputWidget etc. * * TODO Find a better home for this function. * * @param array $options Options, as returned e.g. by Html::listDropdownOptions() * @return array */ public static function listDropdownOptionsOoui( $options ) { $optionsOoui = []; foreach ( $options as $text => $value ) { if ( is_array( $value ) ) { $optionsOoui[] = [ 'optgroup' => (string)$text ]; foreach ( $value as $text2 => $value2 ) { $optionsOoui[] = [ 'data' => (string)$value2, 'label' => (string)$text2 ]; } } else { $optionsOoui[] = [ 'data' => (string)$value, 'label' => (string)$text ]; } } return $optionsOoui; } /** * Convert options for a drop-down box into a format accepted by OOUI\DropdownInputWidget etc. * * TODO Find a better home for this function. * * @param array $options Options, as returned e.g. by Html::listDropdownOptions() * @return array */ public static function listDropdownOptionsCodex( $options ) { $optionsCodex = []; foreach ( $options as $text => $value ) { if ( is_array( $value ) ) { // No support for optgroups in Codex yet (T367241) $optionsCodex[] = [ 'label' => (string)$text, 'value' => '', 'disabled' => true ]; foreach ( $value as $text2 => $value2 ) { $optionsCodex[] = [ 'label' => (string)$text2, 'value' => (string)$value2 ]; } } else { $optionsCodex[] = [ 'label' => (string)$text, 'value' => (string)$value ]; } } return $optionsCodex; } } /** @deprecated class alias since 1.40 */ class_alias( Html::class, 'Html' );