Kill most of phutil_escape_html()

Summary: This resolves lots of double escaping. We changed most of `phutil_render_tag(, , $s)` to `phutil_tag(, , $s)` which means that `$s` is now auto-escaped. Also `pht()` auto escapes if it gets `PhutilSafeHTML`. Test Plan: None. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4889
2013-02-09 14:43:10 -08:00
parent 9b8da73765
commit a22ef4e9b4
24 changed files with 127 additions and 101 deletions
--- a/src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php
+++ b/src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php
@@ -5,7 +5,6 @@ final class PhabricatorXHPASTViewInputController

  public function processRequest() {
    $input = $this->getStorageTree()->getInput();
-    return $this->buildXHPASTViewPanelResponse(
-      phutil_escape_html($input));
+    return $this->buildXHPASTViewPanelResponse($input);
  }
 }
--- a/src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php
+++ b/src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php
@@ -20,7 +20,7 @@ abstract class PhabricatorXHPASTViewPanelController
  }

  protected function buildXHPASTViewPanelResponse($content) {
-    $content =
+    $content = hsprintf(
      '<!DOCTYPE html>'.
      '<html>'.
        '<head>'.
@@ -57,10 +57,9 @@ li span {

          </style>'.
        '</head>'.
-        '<body>'.
-          $content.
-        '</body>'.
-      '</html>';
+        '<body>%s</body>'.
+      '</html>',
+      $content);

    $response = new AphrontWebpageResponse();
    $response->setFrameable(true);
--- a/src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php
+++ b/src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php
@@ -27,6 +27,7 @@ final class PhabricatorXHPASTViewStreamController
        $token->getValue());
    }

-    return $this->buildXHPASTViewPanelResponse(implode('', $tokens));
+    return $this->buildXHPASTViewPanelResponse(
+      phutil_implode_html('', $tokens));
  }
 }
--- a/src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php
+++ b/src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php
@@ -12,7 +12,7 @@ final class PhabricatorXHPASTViewTreeController
      $input,
      array(0, $stdout, ''));

-    $tree = '<ul>'.$this->buildTree($tree->getRootNode()).'</ul>';
+    $tree = phutil_tag('ul', array(), $this->buildTree($tree->getRootNode()));
    return $this->buildXHPASTViewPanelResponse($tree);
  }

@@ -27,19 +27,19 @@ final class PhabricatorXHPASTViewTreeController
    }

    $tree = array();
-    $tree[] =
-      '<li>'.
-        phutil_tag(
-          'span',
-          array(
-            'title' => $title,
-          ),
-          $name).
-      '</li>';
+    $tree[] = phutil_tag(
+      'li',
+      array(),
+      phutil_tag(
+        'span',
+        array(
+          'title' => $title,
+        ),
+        $name));
    foreach ($root->getChildren() as $child) {
-      $tree[] = '<ul>'.$this->buildTree($child).'</ul>';
+      $tree[] = phutil_tag('ul', array(), $this->buildTree($child));
    }
-    return implode("\n", $tree);
+    return phutil_implode_html("\n", $tree);
  }

 }