Convert everything to safe HTML

Summary: Sgrepped for `"=~/</"` and manually changed every HTML. Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe. Reviewers: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4927
2013-02-12 18:46:01 -08:00
parent 718d22d607
commit 4eb84149c2
60 changed files with 485 additions and 424 deletions
--- a/src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php
+++ b/src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php
@@ -34,7 +34,7 @@ abstract class PhabricatorInlineCommentPreviewController
      $view->setPreview(true);
      $views[] = $view->render();
    }
-    $views = implode("\n", $views);
+    $views = phutil_implode_html("\n", $views);

    return id(new AphrontAjaxResponse())
      ->setContent($views);
--- a/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php
+++ b/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php
@@ -79,19 +79,26 @@ final class PhabricatorInlineSummaryView extends AphrontView {

        $where = idx($item, 'where');

-        $colspan = ($has_where ? '' : ' colspan="2"');
-        $rows[] =
+        $colspan = ($has_where ? null : 2);
+        $rows[] = hsprintf(
          '<tr>'.
-            '<td class="inline-line-number">'.$lines.'</td>'.
-            ($has_where
-              ? hsprintf('<td class="inline-which-diff">%s</td>', $where)
-              : null).
-            '<td class="inline-summary-content"'.$colspan.'>'.
-              '<div class="phabricator-remarkup">'.
-                $item['content'].
-              '</div>'.
-            '</td>'.
-          '</tr>';
+            '<td class="inline-line-number">%s</td>'.
+            '%s'.
+            '%s'.
+          '</tr>',
+          $lines,
+          ($has_where
+            ? hsprintf('<td class="inline-which-diff">%s</td>', $where)
+            : null),
+          phutil_tag(
+            'td',
+            array(
+              'class' => 'inline-summary-content',
+              'colspan' => $colspan,
+            ),
+            hsprintf(
+              '<div class="phabricator-remarkup">%s</div>',
+              $item['content'])));
      }
    }

@@ -100,7 +107,7 @@ final class PhabricatorInlineSummaryView extends AphrontView {
      array(
        'class' => 'phabricator-inline-summary-table',
      ),
-      new PhutilSafeHTML(implode("\n", $rows)));
+      phutil_implode_html("\n", $rows));
  }

 }