Restore merge of phutil_tag. · recaptime.dev/phorge@ef7f161

+1 -1

src/aphront/AphrontRequest.php

··· 9 9 final class AphrontRequest { 10 10 11 11 // NOTE: These magic request-type parameters are automatically included in 12 - // certain requests (e.g., by phabricator_render_form(), JX.Request, 12 + // certain requests (e.g., by phabricator_form(), JX.Request, 13 13 // JX.Workflow, and ConduitClient) and help us figure out what sort of 14 14 // response the client expects. 15 15

+17 -14

src/aphront/configuration/AphrontDefaultApplicationConfiguration.php

··· 210 210 211 211 if ($ex instanceof AphrontUsageException) { 212 212 $error = new AphrontErrorView(); 213 - $error->setTitle(phutil_escape_html($ex->getTitle())); 213 + $error->setTitle($ex->getTitle()); 214 214 $error->appendChild($ex->getMessage()); 215 215 216 216 $view = new PhabricatorStandardPageView(); ··· 227 227 // Always log the unhandled exception. 228 228 phlog($ex); 229 229 230 - $class = phutil_escape_html(get_class($ex)); 231 - $message = phutil_escape_html($ex->getMessage()); 230 + $class = get_class($ex); 231 + $message = $ex->getMessage(); 232 232 233 233 if ($ex instanceof AphrontQuerySchemaException) { 234 234 $message .= ··· 244 244 $trace = null; 245 245 } 246 246 247 - $content = 247 + $content = hsprintf( 248 248 '<div class="aphront-unhandled-exception">'. 249 - '<div class="exception-message">'.$message.'</div>'. 250 - $trace. 251 - '</div>'; 249 + '<div class="exception-message">%s</div>'. 250 + '%s'. 251 + '</div>', 252 + $message, 253 + $trace); 252 254 253 255 $dialog = new AphrontDialogView(); 254 256 $dialog ··· 348 350 ), 349 351 $relative); 350 352 } 351 - $file_name = $file_name.' : '.(int)$part['line']; 353 + $file_name = hsprintf('%s : %d', $file_name, $part['line']); 352 354 } else { 353 - $file_name = '<em>(Internal)</em>'; 355 + $file_name = phutil_tag('em', array(), '(Internal)'); 354 356 } 355 357 356 358 357 359 $rows[] = array( 358 360 $depth--, 359 - phutil_escape_html($lib), 361 + $lib, 360 362 $file_name, 361 - phutil_escape_html($where), 363 + $where, 362 364 ); 363 365 } 364 366 $table = new AphrontTableView($rows); ··· 377 379 'wide', 378 380 )); 379 381 380 - return 382 + return hsprintf( 381 383 '<div class="exception-trace">'. 382 384 '<div class="exception-trace-header">Stack Trace</div>'. 383 - $table->render(). 384 - '</div>'; 385 + '%s', 386 + '</div>', 387 + $table->render()); 385 388 } 386 389 387 390 }

+16 -14

src/aphront/console/plugin/DarkConsoleErrorLogPlugin.php

··· 36 36 $data = $this->getData(); 37 37 38 38 $rows = array(); 39 - $details = ''; 39 + $details = array(); 40 40 41 41 foreach ($data as $index => $row) { 42 42 $file = $row['file']; ··· 50 50 $row['str'].' at ['.basename($file).':'.$line.']'); 51 51 $rows[] = array($tag); 52 52 53 - $details .= 54 - '<div class="dark-console-panel-error-details" id="row-details-'. 55 - $index.'">'. 56 - phutil_escape_html($row['details'])."\n". 57 - 'Stack trace:'."\n"; 53 + $details[] = hsprintf( 54 + '<div class="dark-console-panel-error-details" id="row-details-%s">'. 55 + "%s\nStack trace:\n", 56 + $index, 57 + $row['details']); 58 58 59 59 foreach ($row['trace'] as $key => $entry) { 60 60 $line = ''; ··· 73 73 } 74 74 } 75 75 76 - $details .= phutil_tag( 76 + $details[] = phutil_tag( 77 77 'a', 78 78 array( 79 79 'href' => $href, 80 80 ), 81 81 $line); 82 - $details .= "\n"; 82 + $details[] = "\n"; 83 83 } 84 84 85 - $details .= '</div>'; 85 + $details[] = hsprintf('</div>'); 86 86 } 87 87 88 88 $table = new AphrontTableView($rows); ··· 90 90 $table->setHeaders(array('Error')); 91 91 $table->setNoDataString('No errors.'); 92 92 93 - return '<div>'. 94 - '<div>'.$table->render().'</div>'. 95 - '<pre class="PhabricatorMonospaced">'. 96 - $details.'</pre>'. 97 - '</div>'; 93 + return hsprintf( 94 + '<div>'. 95 + '<div>%s</div>'. 96 + '<pre class="PhabricatorMonospaced">%s</pre>'. 97 + '</div>', 98 + $table->render(), 99 + phutil_implode_html('', $details)); 98 100 } 99 101 } 100 102

+7 -10

src/aphront/console/plugin/DarkConsoleEventPlugin.php

··· 42 42 43 43 $out = array(); 44 44 45 - $out[] = 45 + $out[] = hsprintf( 46 46 '<div class="dark-console-panel-header">'. 47 47 '<h1>Registered Event Listeners</h1>'. 48 - '</div>'; 48 + '</div>'); 49 49 50 50 $rows = array(); 51 51 foreach ($data['listeners'] as $listener) { 52 - $rows[] = array( 53 - phutil_escape_html($listener['id']), 54 - phutil_escape_html($listener['class']), 55 - ); 52 + $rows[] = array($listener['id'], $listener['class']); 56 53 } 57 54 58 55 $table = new AphrontTableView($rows); ··· 69 66 70 67 $out[] = $table->render(); 71 68 72 - $out[] = 69 + $out[] = hsprintf( 73 70 '<div class="dark-console-panel-header">'. 74 71 '<h1>Event Log</h1>'. 75 - '</div>'; 72 + '</div>'); 76 73 77 74 $rows = array(); 78 75 foreach ($data['events'] as $event) { 79 76 $rows[] = array( 80 - phutil_escape_html($event['type']), 77 + $event['type'], 81 78 $event['stopped'] ? 'STOPPED' : null, 82 79 ); 83 80 } ··· 96 93 $out[] = $table->render(); 97 94 98 95 99 - return implode("\n", $out); 96 + return phutil_implode_html("\n", $out); 100 97 } 101 98 }

+3 -3

src/aphront/console/plugin/DarkConsoleRequestPlugin.php

··· 43 43 $rows = array(); 44 44 foreach ($map as $key => $value) { 45 45 $rows[] = array( 46 - phutil_escape_html($key), 47 - phutil_escape_html(is_array($value) ? json_encode($value) : $value), 46 + $key, 47 + (is_array($value) ? json_encode($value) : $value), 48 48 ); 49 49 } 50 50 ··· 62 62 $out[] = $table->render(); 63 63 } 64 64 65 - return implode("\n", $out); 65 + return phutil_implode_html("\n", $out); 66 66 } 67 67 }

+14 -18

src/aphront/console/plugin/DarkConsoleServicesPlugin.php

··· 149 149 $log = $data['log']; 150 150 $results = array(); 151 151 152 - $results[] = 152 + $results[] = hsprintf( 153 153 '<div class="dark-console-panel-header">'. 154 - phutil_tag( 155 - 'a', 156 - array( 157 - 'href' => $data['analyzeURI'], 158 - 'class' => $data['didAnalyze'] 159 - ? 'disabled button' 160 - : 'green button', 161 - ), 162 - 'Analyze Query Plans'). 154 + '%s'. 163 155 '<h1>Calls to External Services</h1>'. 164 156 '<div style="clear: both;"></div>'. 165 - '</div>'; 157 + '</div>', 158 + phutil_tag( 159 + 'a', 160 + array( 161 + 'href' => $data['analyzeURI'], 162 + 'class' => $data['didAnalyze'] 163 + ? 'disabled button' 164 + : 'green button', 165 + ), 166 + 'Analyze Query Plans')); 166 167 167 168 $page_total = $data['end'] - $data['start']; 168 169 $totals = array(); ··· 224 225 $row['explain']['reason']); 225 226 } 226 227 227 - $info = phutil_escape_html($info); 228 228 break; 229 229 case 'connect': 230 230 $info = $row['host'].':'.$row['database']; 231 - $info = phutil_escape_html($info); 232 231 break; 233 232 case 'exec': 234 233 $info = $row['command']; 235 - $info = phutil_escape_html($info); 236 234 break; 237 235 case 'conduit': 238 236 $info = $row['method']; 239 - $info = phutil_escape_html($info); 240 237 break; 241 238 case 'http': 242 239 $info = $row['uri']; 243 - $info = phutil_escape_html($info); 244 240 break; 245 241 default: 246 242 $info = '-'; ··· 248 244 } 249 245 250 246 $rows[] = array( 251 - phutil_escape_html($row['type']), 247 + $row['type'], 252 248 '+'.number_format(1000 * ($row['begin'] - $data['start'])).' ms', 253 249 number_format(1000000 * $row['duration']).' us', 254 250 $info, ··· 276 272 277 273 $results[] = $table->render(); 278 274 279 - return implode("\n", $results); 275 + return phutil_implode_html("\n", $results); 280 276 } 281 277 } 282 278

+24 -20

src/aphront/console/plugin/DarkConsoleXHProfPlugin.php

··· 51 51 'class' => 'bright-link', 52 52 ), 53 53 'Installation Guide'); 54 - return 54 + return hsprintf( 55 55 '<div class="dark-console-no-content">'. 56 56 'The "xhprof" PHP extension is not available. Install xhprof '. 57 57 'to enable the XHProf console plugin. You can find instructions in '. 58 - 'the '.$install_guide.'.'. 59 - '</div>'; 58 + 'the %s.'. 59 + '</div>', 60 + $install_guide); 60 61 } 61 62 62 63 $result = array(); 63 64 64 - $header = 65 + $header = hsprintf( 65 66 '<div class="dark-console-panel-header">'. 66 - phutil_tag( 67 - 'a', 68 - array( 69 - 'href' => $profile_uri, 70 - 'class' => $run 71 - ? 'disabled button' 72 - : 'green button', 73 - ), 74 - 'Profile Page'). 67 + '%s'. 75 68 '<h1>XHProf Profiler</h1>'. 76 - '</div>'; 69 + '</div>', 70 + phutil_tag( 71 + 'a', 72 + array( 73 + 'href' => $profile_uri, 74 + 'class' => $run 75 + ? 'disabled button' 76 + : 'green button', 77 + ), 78 + 'Profile Page')); 77 79 $result[] = $header; 78 80 79 81 if ($run) { 80 - $result[] = 81 - '<a href="/xhprof/profile/'.$run.'/" '. 82 + $result[] = hsprintf( 83 + '<a href="/xhprof/profile/%s/" '. 82 84 'class="bright-link" '. 83 85 'style="float: right; margin: 1em 2em 0 0;'. 84 86 'font-weight: bold;" '. 85 87 'target="_blank">Profile Permalink</a>'. 86 - '<iframe src="/xhprof/profile/'.$run.'/?frame=true"></iframe>'; 88 + '<iframe src="/xhprof/profile/%s/?frame=true"></iframe>', 89 + $run, 90 + $run); 87 91 } else { 88 - $result[] = 92 + $result[] = hsprintf( 89 93 '<div class="dark-console-no-content">'. 90 94 'Profiling was not enabled for this page. Use the button above '. 91 95 'to enable it.'. 92 - '</div>'; 96 + '</div>'); 93 97 } 94 98 95 - return implode("\n", $result); 99 + return phutil_implode_html("\n", $result); 96 100 } 97 101 98 102

+1 -1

src/aphront/response/Aphront403Response.php

··· 26 26 } 27 27 $failure = new AphrontRequestFailureView(); 28 28 $failure->setHeader('403 Forbidden'); 29 - $failure->appendChild('<p>'.$forbidden_text.'</p>'); 29 + $failure->appendChild(phutil_tag('p', array(), $forbidden_text)); 30 30 31 31 $view = new PhabricatorStandardPageView(); 32 32 $view->setTitle('403 Forbidden');

+2 -1

src/aphront/response/Aphront404Response.php

··· 12 12 public function buildResponseString() { 13 13 $failure = new AphrontRequestFailureView(); 14 14 $failure->setHeader('404 Not Found'); 15 - $failure->appendChild('<p>The page you requested was not found.</p>'); 15 + $failure->appendChild(phutil_tag('p', array(), pht( 16 + 'The page you requested was not found.'))); 16 17 17 18 $view = new PhabricatorStandardPageView(); 18 19 $view->setTitle('404 Not Found');

+1 -1

src/aphront/response/AphrontWebpageResponse.php

··· 13 13 } 14 14 15 15 public function buildResponseString() { 16 - return $this->content; 16 + return hsprintf('%s', $this->content); 17 17 } 18 18 19 19 }

+2 -2

src/applications/audit/controller/PhabricatorAuditListController.php

··· 335 335 } 336 336 337 337 if ($handle) { 338 - $handle_name = phutil_escape_html($handle->getName()); 338 + $handle_name = $handle->getName(); 339 339 } else { 340 340 $handle_name = null; 341 341 } ··· 435 435 } 436 436 437 437 if ($handle) { 438 - $handle_name = phutil_escape_html($handle->getName()); 438 + $handle_name = $handle->getName(); 439 439 } else { 440 440 $handle_name = null; 441 441 }

+2 -2

src/applications/audit/view/PhabricatorAuditCommitListView.php

··· 70 70 $rows[] = array( 71 71 $commit_name, 72 72 $author_name, 73 - phutil_escape_html($commit->getCommitData()->getSummary()), 73 + $commit->getCommitData()->getSummary(), 74 74 PhabricatorAuditCommitStatusConstants::getStatusName( 75 75 $commit->getAuditStatus()), 76 - implode(', ', $auditors), 76 + phutil_implode_html(', ', $auditors), 77 77 phabricator_datetime($commit->getEpoch(), $this->user), 78 78 ); 79 79 }

+3 -6

src/applications/audit/view/PhabricatorAuditListView.php

··· 129 129 } 130 130 131 131 $reasons = $audit->getAuditReasons(); 132 - foreach ($reasons as $key => $reason) { 133 - $reasons[$key] = phutil_escape_html($reason); 134 - } 135 - $reasons = implode('<br />', $reasons); 132 + $reasons = phutil_implode_html(phutil_tag('br'), $reasons); 136 133 137 134 $status_code = $audit->getAuditStatus(); 138 135 $status = PhabricatorAuditStatusConstants::getStatusName($status_code); ··· 140 137 $auditor_handle = $this->getHandle($audit->getAuditorPHID()); 141 138 $rows[] = array( 142 139 $commit_name, 143 - phutil_escape_html($commit_desc), 140 + $commit_desc, 144 141 $committed, 145 142 $auditor_handle->renderLink(), 146 - phutil_escape_html($status), 143 + $status, 147 144 $reasons, 148 145 ); 149 146

+2 -2

src/applications/auth/controller/PhabricatorDisabledUserController.php

··· 16 16 17 17 $failure_view = new AphrontRequestFailureView(); 18 18 $failure_view->setHeader(pht('Account Disabled')); 19 - $failure_view->appendChild( 20 - '<p>'.pht('Your account has been disabled.').'</p>'); 19 + $failure_view->appendChild(phutil_tag('p', array(), pht( 20 + 'Your account has been disabled.'))); 21 21 22 22 return $this->buildStandardPageResponse( 23 23 $failure_view,

+4 -6

src/applications/auth/controller/PhabricatorEmailLoginController.php

··· 98 98 99 99 $view = new AphrontRequestFailureView(); 100 100 $view->setHeader(pht('Check Your Email')); 101 - $view->appendChild( 102 - '<p>'.pht( 103 - 'An email has been sent with a link you can use to login.' 104 - ).'</p>'); 101 + $view->appendChild(phutil_tag('p', array(), pht( 102 + 'An email has been sent with a link you can use to login.'))); 105 103 return $this->buildStandardPageResponse( 106 104 $view, 107 105 array( ··· 140 138 141 139 $panel = new AphrontPanelView(); 142 140 $panel->setWidth(AphrontPanelView::WIDTH_FORM); 143 - $panel->appendChild(' 144 - <h1>'.pht('Forgot Password / Email Login').'</h1>'); 141 + $panel->appendChild(phutil_tag('h1', array(), pht( 142 + 'Forgot Password / Email Login'))); 145 143 $panel->appendChild($email_auth); 146 144 $panel->setNoBackground(); 147 145

+7 -8

src/applications/auth/controller/PhabricatorEmailTokenController.php

··· 50 50 51 51 $view = new AphrontRequestFailureView(); 52 52 $view->setHeader(pht('Unable to Login')); 53 - $view->appendChild( 54 - '<p>'.pht('The authentication information in the link you clicked is '. 53 + $view->appendChild(phutil_tag('p', array(), pht( 54 + 'The authentication information in the link you clicked is '. 55 55 'invalid or out of date. Make sure you are copy-and-pasting the '. 56 56 'entire link into your browser. You can try again, or request '. 57 - 'a new email.').'</p>'); 58 - $view->appendChild( 57 + 'a new email.'))); 58 + $view->appendChild(hsprintf( 59 59 '<div class="aphront-failure-continue">'. 60 - '<a class="button" href="/login/email/">'. 61 - pht('Send Another Email'). 62 - '</a>'. 63 - '</div>'); 60 + '<a class="button" href="/login/email/">%s</a>'. 61 + '</div>', 62 + pht('Send Another Email'))); 64 63 65 64 return $this->buildStandardPageResponse( 66 65 $view,

+8 -10

src/applications/auth/controller/PhabricatorLDAPLoginController.php

··· 43 43 $dialog = new AphrontDialogView(); 44 44 $dialog->setUser($current_user); 45 45 $dialog->setTitle(pht('Already Linked to Another Account')); 46 - $dialog->appendChild( 47 - '<p>'.pht('The LDAP account you just authorized is already '. 46 + $dialog->appendChild(phutil_tag('p', array(), pht( 47 + 'The LDAP account you just authorized is already '. 48 48 'linked toanother Phabricator account. Before you can link it '. 49 49 'to a different LDAP account, you must unlink the old '. 50 - 'account.').'</p>' 51 - ); 50 + 'account.'))); 52 51 $dialog->addCancelButton('/settings/panel/ldap/'); 53 52 54 53 return id(new AphrontDialogResponse())->setDialog($dialog); ··· 62 61 $dialog = new AphrontDialogView(); 63 62 $dialog->setUser($current_user); 64 63 $dialog->setTitle(pht('Link LDAP Account')); 65 - $dialog->appendChild( 66 - '<p>'. 67 - pht('Link your LDAP account to your Phabricator account?'). 68 - '</p>'); 64 + $dialog->appendChild(phutil_tag('p', array(), pht( 65 + 'Link your LDAP account to your Phabricator account?'))); 69 66 $dialog->addHiddenInput('username', $request->getStr('username')); 70 67 $dialog->addHiddenInput('password', $request->getStr('password')); 71 68 $dialog->addSubmitButton(pht('Link Accounts')); ··· 134 131 135 132 $panel = new AphrontPanelView(); 136 133 $panel->setWidth(AphrontPanelView::WIDTH_FORM); 137 - $panel->appendChild('<h1>'.pht('LDAP login').'</h1>'); 134 + $panel->appendChild(phutil_tag('h1', array(), pht('LDAP login'))); 138 135 $panel->appendChild($ldap_form); 139 136 137 + $error_view = null; 140 138 if (isset($errors) && count($errors) > 0) { 141 139 $error_view = new AphrontErrorView(); 142 140 $error_view->setTitle(pht('Login Failed')); ··· 145 143 146 144 return $this->buildStandardPageResponse( 147 145 array( 148 - isset($error_view) ? $error_view : null, 146 + $error_view, 149 147 $panel, 150 148 ), 151 149 array(

+3 -3

src/applications/auth/controller/PhabricatorLDAPUnlinkController.php

··· 18 18 $dialog = new AphrontDialogView(); 19 19 $dialog->setUser($user); 20 20 $dialog->setTitle(pht('Really unlink account?')); 21 - $dialog->appendChild( 22 - '<p>'.pht('You will not be able to login using this account '. 23 - 'once you unlink it. Continue?').'</p>'); 21 + $dialog->appendChild(phutil_tag('p', array(), pht( 22 + 'You will not be able to login using this account '. 23 + 'once you unlink it. Continue?'))); 24 24 $dialog->addSubmitButton(pht('Unlink Account')); 25 25 $dialog->addCancelButton('/settings/panel/ldap/'); 26 26

+5 -5

src/applications/auth/controller/PhabricatorLoginController.php

··· 29 29 $dialog = new AphrontDialogView(); 30 30 $dialog->setUser($user); 31 31 $dialog->setTitle(pht('Login Required')); 32 - $dialog->appendChild('<p>'.pht('You must login to continue.').'</p>'); 32 + $dialog->appendChild(phutil_tag('p', array(), pht( 33 + 'You must login to continue.'))); 33 34 $dialog->addSubmitButton(pht('Login')); 34 35 $dialog->addCancelButton('/', pht('Cancel')); 35 36 ··· 246 247 $title = pht("Login or Register with %s", $provider_name); 247 248 $body = pht('Login or register for Phabricator using your %s account.', 248 249 $provider_name); 249 - $button = pht("Login or Register with %s", 250 - phutil_escape_html($provider_name)); 250 + $button = pht("Login or Register with %s", $provider_name); 251 251 } else { 252 252 $title = pht("Login with %s", $provider_name); 253 253 $body = hsprintf( ··· 258 258 pht( 259 259 'You can not use %s to register a new account.', 260 260 $provider_name)); 261 - $button = pht("Log in with %s", phutil_escape_html($provider_name)); 261 + $button = pht("Log in with %s", $provider_name); 262 262 } 263 263 264 264 $auth_form = new AphrontFormView(); ··· 299 299 return $this->buildApplicationPage( 300 300 array( 301 301 $error_view, 302 - $login_message, 302 + phutil_safe_html($login_message), 303 303 $panel, 304 304 ), 305 305 array(

+11 -7

src/applications/auth/controller/PhabricatorLoginValidateController.php

··· 49 49 50 50 $view = new AphrontRequestFailureView(); 51 51 $view->setHeader(pht('Login Failed')); 52 - $view->appendChild( 53 - '<p>'.pht('Login failed:').'</p>'. 54 - $list. 55 - '<p>'.pht('<strong>Clear your cookies</strong> and try again.').'</p>'); 56 - $view->appendChild( 52 + $view->appendChild(hsprintf( 53 + '<p>%s</p>%s<p>%s</p>', 54 + pht('Login failed:'), 55 + $list, 56 + pht( 57 + '<strong>Clear your cookies</strong> and try again.', 58 + hsprintf('')))); 59 + $view->appendChild(hsprintf( 57 60 '<div class="aphront-failure-continue">'. 58 - '<a class="button" href="/login/">'.pht('Try Again').'</a>'. 59 - '</div>'); 61 + '<a class="button" href="/login/">%s</a>'. 62 + '</div>', 63 + pht('Try Again'))); 60 64 return $this->buildStandardPageResponse( 61 65 $view, 62 66 array(

+2 -1

src/applications/auth/controller/PhabricatorLogoutController.php

··· 46 46 $dialog = id(new AphrontDialogView()) 47 47 ->setUser($user) 48 48 ->setTitle(pht('Log out of Phabricator?')) 49 - ->appendChild('<p>'.pht('Are you sure you want to log out?').'</p>') 49 + ->appendChild(phutil_tag('p', array(), pht( 50 + 'Are you sure you want to log out?'))) 50 51 ->addSubmitButton(pht('Logout')) 51 52 ->addCancelButton('/'); 52 53

+17 -22

src/applications/auth/controller/PhabricatorMustVerifyEmailController.php

··· 41 41 42 42 $error_view = new AphrontRequestFailureView(); 43 43 $error_view->setHeader(pht('Check Your Email')); 44 - $error_view->appendChild( 45 - '<p>'. 46 - pht('You must verify your email address to login. You should have a new '. 44 + $error_view->appendChild(phutil_tag('p', array(), pht( 45 + 'You must verify your email address to login. You should have a new '. 47 46 'email message from Phabricator with verification instructions in your '. 48 - 'inbox (%s).', phutil_tag('strong', array(), $email_address)). 49 - '</p>'); 50 - $error_view->appendChild( 51 - '<p>'. 52 - pht('If you did not receive an email, you can click the button below '. 53 - 'to try sending another one.'). 54 - '</p>'); 55 - $error_view->appendChild( 56 - '<div class="aphront-failure-continue">'. 57 - phabricator_form( 58 - $user, 47 + 'inbox (%s).', phutil_tag('strong', array(), $email_address)))); 48 + $error_view->appendChild(phutil_tag('p', array(), pht( 49 + 'If you did not receive an email, you can click the button below '. 50 + 'to try sending another one.'))); 51 + $error_view->appendChild(hsprintf( 52 + '<div class="aphront-failure-continue">%s</div>', 53 + phabricator_form( 54 + $user, 55 + array( 56 + 'action' => '/login/mustverify/', 57 + 'method' => 'POST', 58 + ), 59 + phutil_tag( 60 + 'button', 59 61 array( 60 - 'action' => '/login/mustverify/', 61 - 'method' => 'POST', 62 62 ), 63 - phutil_tag( 64 - 'button', 65 - array( 66 - ), 67 - pht('Send Another Email'))). 68 - '</div>'); 63 + pht('Send Another Email'))))); 69 64 70 65 71 66 return $this->buildApplicationPage(

+11 -11

src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php

··· 21 21 $client_id = $provider->getClientID(); 22 22 $client_secret = $provider->getClientSecret(); 23 23 $key = $provider->getProviderKey(); 24 - $name = phutil_escape_html($provider->getProviderName()); 24 + $name = $provider->getProviderName(); 25 25 26 - $res_ok = '<strong style="color: #00aa00;">OK</strong>'; 27 - $res_no = '<strong style="color: #aa0000;">NO</strong>'; 28 - $res_na = '<strong style="color: #999999;">N/A</strong>'; 26 + $res_ok = hsprintf('<strong style="color: #00aa00;">OK</strong>'); 27 + $res_no = hsprintf('<strong style="color: #aa0000;">NO</strong>'); 28 + $res_na = hsprintf('<strong style="color: #999999;">N/A</strong>'); 29 29 30 30 $results = array(); 31 31 $auth_key = $key . '.auth-enabled'; ··· 159 159 $rows = array(); 160 160 foreach ($results as $key => $result) { 161 161 $rows[] = array( 162 - phutil_escape_html($key), 162 + $key, 163 163 $result[0], 164 - phutil_escape_html($result[1]), 165 - phutil_escape_html($result[2]), 164 + $result[1], 165 + $result[2], 166 166 ); 167 167 } 168 168 ··· 186 186 187 187 $panel_view = new AphrontPanelView(); 188 188 $panel_view->setHeader($title); 189 - $panel_view->appendChild( 189 + $panel_view->appendChild(hsprintf( 190 190 '<p class="aphront-panel-instructions">These tests may be able to '. 191 - 'help diagnose the root cause of problems you experience with '. 192 - $provider->getProviderName() . 193 - ' Authentication. Reload the page to run the tests again.</p>'); 191 + 'help diagnose the root cause of problems you experience with %s '. 192 + 'Authentication. Reload the page to run the tests again.</p>', 193 + $provider->getProviderName())); 194 194 $panel_view->appendChild($table_view); 195 195 196 196 return $this->buildStandardPageResponse(

+3 -4

src/applications/auth/controller/PhabricatorOAuthLoginController.php

··· 116 116 $dialog = new AphrontDialogView(); 117 117 $dialog->setUser($current_user); 118 118 $dialog->setTitle(pht('Link %s Account', $provider_name)); 119 - $dialog->appendChild( 120 - pht( 121 - '<p>Link your %s account to your Phabricator account?</p>', 122 - phutil_escape_html($provider_name))); 119 + $dialog->appendChild(phutil_tag('p', array(), pht( 120 + 'Link your %s account to your Phabricator account?', 121 + $provider_name))); 123 122 $dialog->addHiddenInput('confirm_token', $provider->getAccessToken()); 124 123 $dialog->addHiddenInput('expires', $oauth_info->getTokenExpires()); 125 124 $dialog->addHiddenInput('state', $this->oauthState);

+3 -3

src/applications/auth/controller/PhabricatorOAuthUnlinkController.php

··· 34 34 $dialog = new AphrontDialogView(); 35 35 $dialog->setUser($user); 36 36 $dialog->setTitle(pht('Really unlink account?')); 37 - $dialog->appendChild( 38 - '<p>'.pht('You will not be able to login using this account '. 39 - 'once you unlink it. Continue?').'</p>'); 37 + $dialog->appendChild(phutil_tag('p', array(), pht( 38 + 'You will not be able to login using this account '. 39 + 'once you unlink it. Continue?'))); 40 40 $dialog->addSubmitButton(pht('Unlink Account')); 41 41 $dialog->addCancelButton($provider->getSettingsPanelURI()); 42 42

+5 -4

src/applications/auth/view/PhabricatorOAuthFailureView.php

··· 77 77 $provider_name); 78 78 } 79 79 80 - $view->appendChild( 80 + $view->appendChild(hsprintf( 81 81 '<div class="aphront-failure-continue">'. 82 - $diagnose. 83 - '<a href="/login/" class="button">'.pht('Continue').'</a>'. 84 - '</div>'); 82 + '%s<a href="/login/" class="button">%s</a>'. 83 + '</div>', 84 + $diagnose, 85 + pht('Continue'))); 85 86 86 87 return $view->render(); 87 88 }

+4 -5

src/applications/base/controller/PhabricatorController.php

··· 203 203 $view = new PhabricatorStandardPageView(); 204 204 $view->setRequest($request); 205 205 $view->setController($this); 206 - $view->appendChild( 207 - '<div style="padding: 2em 0;">'. 208 - $response->buildResponseString(). 209 - '</div>'); 206 + $view->appendChild(hsprintf( 207 + '<div style="padding: 2em 0;">%s</div>', 208 + $response->buildResponseString())); 210 209 $response = new AphrontWebpageResponse(); 211 210 $response->setContent($view->render()); 212 211 return $response; ··· 277 276 $items[] = $this->getHandle($phid)->renderLink(); 278 277 } 279 278 280 - return array_interleave($style_map[$style], $items); 279 + return phutil_implode_html($style_map[$style], $items); 281 280 } 282 281 283 282 protected function buildApplicationMenu() {

+1 -3

src/applications/calendar/controller/PhabricatorCalendarBrowseController.php

··· 55 55 $nav->appendChild( 56 56 array( 57 57 $this->getNoticeView(), 58 - '<div style="padding: 20px;">', 59 - $month_view, 60 - '</div>', 58 + hsprintf('<div style="padding: 20px;">%s</div>', $month_view->render()), 61 59 )); 62 60 63 61 return $this->buildApplicationPage(

+2 -2

src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php

··· 94 94 } else { 95 95 $no_data = 96 96 pht('%s does not have any upcoming status events.', 97 - phutil_escape_html($this->getHandle($this->phid)->getName())); 97 + $this->getHandle($this->phid)->getName()); 98 98 } 99 99 return $no_data; 100 100 } ··· 115 115 } else { 116 116 $page_title = pht( 117 117 'Upcoming Statuses for %s', 118 - phutil_escape_html($this->getHandle($this->phid)->getName()) 118 + $this->getHandle($this->phid)->getName() 119 119 ); 120 120 } 121 121 return $page_title;

+41 -34

src/applications/calendar/view/AphrontCalendarMonthView.php

··· 48 48 49 49 $markup = array(); 50 50 51 - $empty_box = 52 - '<div class="aphront-calendar-day aphront-calendar-empty">'. 53 - '</div>'; 51 + $empty_box = phutil_tag( 52 + 'div', 53 + array('class' => 'aphront-calendar-day aphront-calendar-empty'), 54 + ''); 54 55 55 56 for ($ii = 0; $ii < $empty; $ii++) { 56 57 $markup[] = $empty_box; ··· 79 80 } else { 80 81 $show_events = array_fill_keys( 81 82 array_keys($show_events), 82 - '<div class="aphront-calendar-event aphront-calendar-event-empty">'. 83 - ' '. 84 - '</div>'); 83 + hsprintf( 84 + '<div class="aphront-calendar-event aphront-calendar-event-empty">'. 85 + ' '. 86 + '</div>')); 85 87 } 86 88 87 89 foreach ($events as $event) { ··· 100 102 101 103 $holiday_markup = null; 102 104 if ($holiday) { 103 - $name = phutil_escape_html($holiday->getName()); 104 - $holiday_markup = 105 - '<div class="aphront-calendar-holiday" title="'.$name.'">'. 106 - $name. 107 - '</div>'; 105 + $name = $holiday->getName(); 106 + $holiday_markup = phutil_tag( 107 + 'div', 108 + array( 109 + 'class' => 'aphront-calendar-holiday', 110 + 'title' => $name, 111 + ), 112 + $name); 108 113 } 109 114 110 - $markup[] = 111 - '<div class="'.$class.'">'. 112 - '<div class="aphront-calendar-date-number">'. 113 - $day_number. 114 - '</div>'. 115 - $holiday_markup. 116 - implode("\n", $show_events). 117 - '</div>'; 115 + $markup[] = hsprintf( 116 + '<div class="%s">'. 117 + '<div class="aphront-calendar-date-number">%s</div>'. 118 + '%s%s'. 119 + '</div>', 120 + $class, 121 + $day_number, 122 + $holiday_markup, 123 + phutil_implode_html("\n", $show_events)); 118 124 } 119 125 120 126 $table = array(); 121 127 $rows = array_chunk($markup, 7); 122 128 foreach ($rows as $row) { 123 - $table[] = '<tr>'; 129 + $table[] = hsprintf('<tr>'); 124 130 while (count($row) < 7) { 125 131 $row[] = $empty_box; 126 132 } 127 133 foreach ($row as $cell) { 128 - $table[] = '<td>'.$cell.'</td>'; 134 + $table[] = phutil_tag('p', array(), $cell); 129 135 } 130 - $table[] = '</tr>'; 136 + $table[] = hsprintf('</tr>'); 131 137 } 132 - $table = 138 + $table = hsprintf( 133 139 '<table class="aphront-calendar-view">'. 134 - $this->renderCalendarHeader($first). 140 + '%s'. 135 141 '<tr class="aphront-calendar-day-of-week-header">'. 136 142 '<th>Sun</th>'. 137 143 '<th>Mon</th>'. ··· 141 147 '<th>Fri</th>'. 142 148 '<th>Sat</th>'. 143 149 '</tr>'. 144 - implode("\n", $table). 145 - '</table>'; 150 + '%s'. 151 + '</table>', 152 + $this->renderCalendarHeader($first), 153 + phutil_implode_html("\n", $table)); 146 154 147 155 return $table; 148 156 } ··· 173 181 "\xE2\x86\x92" 174 182 ); 175 183 176 - $left_th = '<th>'.$prev_link.'</th>'; 177 - $right_th = '<th>'.$next_link.'</th>'; 184 + $left_th = phutil_tag('th', array(), $prev_link); 185 + $right_th = phutil_tag('th', array(), $next_link); 178 186 } 179 187 180 - return 181 - '<tr class="aphront-calendar-month-year-header">'. 182 - $left_th. 183 - '<th colspan="'.$colspan.'">'.$date->format('F Y').'</th>'. 184 - $right_th. 185 - '</tr>'; 188 + return hsprintf( 189 + '<tr class="aphront-calendar-month-year-header">%s%s%s</tr>', 190 + $left_th, 191 + phutil_tag('th', array('colspan' => $colspan), $date->format('F Y')), 192 + $right_th); 186 193 } 187 194 188 195 private function getNextYearAndMonth() {

+5 -8

src/applications/chatlog/controller/PhabricatorChatLogChannelLogController.php

··· 94 94 require_celerity_resource('phabricator-chatlog-css'); 95 95 96 96 $out = array(); 97 - $out[] = '<table class="phabricator-chat-log">'; 98 97 foreach ($blocks as $block) { 99 98 $author = $block['author']; 100 99 $author = phutil_utf8_shorten($author, 18); ··· 122 121 ), 123 122 array($author, $message, $timestamp)); 124 123 } 125 - $out[] = '</table>'; 126 124 127 125 $form = id(new AphrontFormView()) 128 126 ->setUser($user) ··· 140 138 141 139 return $this->buildStandardPageResponse( 142 140 array( 143 - '<div class="phabricator-chat-log-panel">', 144 - $form, 145 - '<br />', 146 - implode("\n", $out), 147 - $pager, 148 - '</div>', 141 + hsprintf( 142 + '<div class="phabricator-chat-log-panel">%s<br />%s%s</div>', 143 + $form, 144 + phutil_tag('table', array('class' => 'phabricator-chat-log'), $out), 145 + $pager), 149 146 ), 150 147 array( 151 148 'title' => 'Channel Log',

+2 -2

src/applications/conduit/controller/PhabricatorConduitAPIController.php

··· 346 346 if ($request) { 347 347 foreach ($request->getAllParameters() as $key => $value) { 348 348 $param_rows[] = array( 349 - phutil_escape_html($key), 349 + $key, 350 350 $this->renderAPIValue($value), 351 351 ); 352 352 } ··· 362 362 $result_rows = array(); 363 363 foreach ($result as $key => $value) { 364 364 $result_rows[] = array( 365 - phutil_escape_html($key), 365 + $key, 366 366 $this->renderAPIValue($value), 367 367 ); 368 368 }

+1 -1

src/applications/conduit/controller/PhabricatorConduitConsoleController.php

··· 109 109 ->setValue('Call Method')); 110 110 111 111 $panel = new AphrontPanelView(); 112 - $panel->setHeader('Conduit API: '.phutil_escape_html($this->method)); 112 + $panel->setHeader('Conduit API: '.$this->method); 113 113 $panel->appendChild($form); 114 114 $panel->setWidth(AphrontPanelView::WIDTH_FULL); 115 115

+2 -2

src/applications/conduit/controller/PhabricatorConduitListController.php

··· 59 59 60 60 $utils = new AphrontPanelView(); 61 61 $utils->setHeader('Utilities'); 62 - $utils->appendChild( 62 + $utils->appendChild(hsprintf( 63 63 '<ul>'. 64 64 '<li><a href="/conduit/log/">Log</a> - Conduit Method Calls</li>'. 65 65 '<li><a href="/conduit/token/">Token</a> - Certificate Install</li>'. 66 - '</ul>'); 66 + '</ul>')); 67 67 $utils->setWidth(AphrontPanelView::WIDTH_FULL); 68 68 69 69 $this->setShowSideNav(false);

+3 -3

src/applications/conduit/controller/PhabricatorConduitLogController.php

··· 65 65 } 66 66 $rows[] = array( 67 67 $call->getConnectionID(), 68 - phutil_escape_html($conn->getUserName()), 69 - phutil_escape_html($call->getMethod()), 70 - phutil_escape_html($call->getError()), 68 + $conn->getUserName(), 69 + $call->getMethod(), 70 + $call->getError(), 71 71 number_format($call->getDuration()).' us', 72 72 phabricator_datetime($call->getDateCreated(), $user), 73 73 );

+2 -3

src/applications/config/controller/PhabricatorConfigAllController.php

··· 14 14 $key = $option->getKey(); 15 15 16 16 if ($option->getMasked()) { 17 - $value = '<em>'.pht('Masked').'</em>'; 17 + $value = phutil_tag('em', array(), pht('Masked')); 18 18 } else if ($option->getHidden()) { 19 - $value = '<em>'.pht('Hidden').'</em>'; 19 + $value = phutil_tag('em', array(), pht('Hidden')); 20 20 } else { 21 21 $value = PhabricatorEnv::getEnvConfig($key); 22 22 $value = PhabricatorConfigJSON::prettyPrintJSON($value); 23 - $value = phutil_escape_html($value); 24 23 } 25 24 26 25 $rows[] = array(

+17 -18

src/applications/config/response/PhabricatorConfigResponse.php

··· 23 23 24 24 $view = $this->view->render(); 25 25 26 - $template = <<<EOTEMPLATE 27 - <!doctype html> 28 - <html> 29 - <head> 30 - <title>Phabricator Setup</title> 31 - {$resources} 32 - </head> 33 - <body class="setup-fatal"> 34 - {$view} 35 - </body> 36 - </html> 37 - EOTEMPLATE; 38 - 39 - return $template; 26 + return hsprintf( 27 + '<!DOCTYPE html>'. 28 + '<html>'. 29 + '<head>'. 30 + '<meta charset="UTF-8" />'. 31 + '<title>Phabricator Setup</title>'. 32 + '%s'. 33 + '</head>'. 34 + '<body class="setup-fatal">%s</body>'. 35 + '</html>', 36 + $resources, 37 + $view); 40 38 } 41 39 42 40 private function buildResources() { ··· 49 47 50 48 $resources = array(); 51 49 foreach ($css as $path) { 52 - $resources[] = '<style type="text/css">'; 53 - $resources[] = Filesystem::readFile($webroot.'/rsrc/css/'.$path); 54 - $resources[] = '</style>'; 50 + $resources[] = phutil_tag( 51 + 'style', 52 + array('type' => 'text/css'), 53 + Filesystem::readFile($webroot.'/rsrc/css/'.$path)); 55 54 } 56 - return implode("\n", $resources); 55 + return phutil_implode_html("\n", $resources); 57 56 } 58 57 59 58

+5 -5

src/applications/config/view/PhabricatorSetupIssueView.php

··· 44 44 ), 45 45 array( 46 46 phutil_tag('p', array(), $run_these), 47 - phutil_tag('pre', array(), array_interleave("\n", $commands)), 47 + phutil_tag('pre', array(), phutil_implode_html("\n", $commands)), 48 48 )); 49 49 } 50 50 ··· 114 114 array( 115 115 'class' => 'setup-issue', 116 116 ), 117 - $this->renderHTMLView( 117 + $this->renderSingleView( 118 118 array( 119 119 $name, 120 120 $description, ··· 155 155 '<tt>phabricator/ $</tt> ./bin/config set %s <em>value</em>', 156 156 $key); 157 157 } 158 - $update = phutil_tag('pre', array(), array_interleave("\n", $update)); 158 + $update = phutil_tag('pre', array(), phutil_implode_html("\n", $update)); 159 159 } else { 160 160 $update = array(); 161 161 foreach ($configs as $config) { ··· 187 187 array( 188 188 'class' => 'setup-issue-config', 189 189 ), 190 - self::renderHTMLView( 190 + self::renderSingleView( 191 191 array( 192 192 $table_info, 193 193 $table, ··· 293 293 array( 294 294 'class' => 'setup-issue-config', 295 295 ), 296 - $this->renderHTMLView( 296 + $this->renderSingleView( 297 297 array( 298 298 $table_info, 299 299 $table,

+1 -2

src/applications/conpherence/controller/ConpherenceController.php

··· 159 159 $item->addClass('hide-unread-count'); 160 160 } 161 161 162 - // TODO: [HTML] Clean this up when we clean up HTML stuff in Conpherence. 163 - $nav->addCustomBlock(phutil_safe_html($item->render())); 162 + $nav->addCustomBlock($item->render()); 164 163 } 165 164 if (empty($conpherences) || $read) { 166 165 $nav->addCustomBlock($this->getNoConpherencesBlock());

+5 -5

src/applications/conpherence/controller/ConpherenceViewController.php

··· 149 149 ->setMarkupEngine($engine) 150 150 ->render(); 151 151 } 152 - $transactions = implode(' ', $rendered_transactions); 152 + $transactions = phutil_implode_html(' ', $rendered_transactions); 153 153 154 154 $form = 155 155 id(new AphrontFormView()) ··· 283 283 'src' => $thumb 284 284 ), 285 285 ''), 286 - phutil_escape_html($file->getName()), 286 + $file->getName(), 287 287 ); 288 288 } 289 289 $header = id(new PhabricatorHeaderView()) ··· 292 292 ->setNoDataString(pht('No files attached to conpherence.')) 293 293 ->setHeaders(array('', pht('Name'))) 294 294 ->setColumnClasses(array('', 'wide')); 295 - return new PhutilSafeHTML($header->render() . $table->render()); 295 + return hsprintf('%s%s', $header->render(), $table->render()); 296 296 } 297 297 298 298 private function renderTaskWidgetPaneContent() { ··· 328 328 ->setColumnClasses(array('', 'wide')); 329 329 $content[] = $table->render(); 330 330 } 331 - return new PhutilSafeHTML(implode('', $content)); 331 + return phutil_implode_html('', $content); 332 332 } 333 333 334 334 private function renderCalendarWidgetPaneContent() { ··· 416 416 } 417 417 } 418 418 419 - return new PhutilSafeHTML(implode('', $content)); 419 + return phutil_implode_html('', $content); 420 420 } 421 421 422 422 private function getCalendarWidgetWeekTimestamps() {

+4 -4

src/applications/conpherence/storage/ConpherenceTransaction.php

··· 50 50 $title = pht( 51 51 '%s renamed this conpherence from "%s" to "%s".', 52 52 $this->renderHandleLink($author_phid), 53 - phutil_escape_html($old), 54 - phutil_escape_html($new)); 53 + $old, 54 + $new); 55 55 } else if ($old) { 56 56 $title = pht( 57 57 '%s deleted the conpherence name "%s".', 58 58 $this->renderHandleLink($author_phid), 59 - phutil_escape_html($old)); 59 + $old); 60 60 } else { 61 61 $title = pht( 62 62 '%s named this conpherence "%s".', 63 63 $this->renderHandleLink($author_phid), 64 - phutil_escape_html($new)); 64 + $new); 65 65 } 66 66 return $title; 67 67 case ConpherenceTransactionType::TYPE_FILES:

+1 -1

src/applications/conpherence/view/ConpherenceMenuItemView.php

··· 139 139 (int)$this->unreadCount); 140 140 } 141 141 142 - return $this->renderHTMLView( 142 + return $this->renderSingleView( 143 143 array( 144 144 $image, 145 145 $title,

+1 -1

src/applications/conpherence/view/ConpherenceTransactionView.php

··· 87 87 array( 88 88 'class' => $content_class 89 89 ), 90 - $this->renderHTMLView($content)) 90 + $this->renderSingleView($content)) 91 91 ); 92 92 93 93 return $transaction_view->render();

+1 -1

src/applications/countdown/controller/PhabricatorCountdownListController.php

··· 46 46 'Delete'); 47 47 } 48 48 $rows[] = array( 49 - phutil_escape_html($timer->getID()), 49 + $timer->getID(), 50 50 $handles[$timer->getAuthorPHID()]->renderLink(), 51 51 phutil_tag( 52 52 'a',

+2 -2

src/applications/daemon/controller/PhabricatorDaemonConsoleController.php

··· 30 30 $rows = array(); 31 31 foreach ($completed_info as $class => $info) { 32 32 $rows[] = array( 33 - phutil_escape_html($class), 33 + $class, 34 34 number_format($info['n']), 35 35 number_format((int)($info['duration'] / $info['n'])).' us', 36 36 ); ··· 127 127 $rows = array(); 128 128 foreach ($queued as $row) { 129 129 $rows[] = array( 130 - phutil_escape_html($row['taskClass']), 130 + $row['taskClass'], 131 131 number_format($row['N']), 132 132 ); 133 133 }

+14 -15

src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php

··· 72 72 case 'retry': 73 73 if ($can_retry) { 74 74 $dialog->setTitle('Really retry task?'); 75 - $dialog->appendChild( 76 - '<p>The task will be put back in the queue and executed '. 77 - 'again.</p>'); 75 + $dialog->appendChild(phutil_tag('p', array(), pht( 76 + 'The task will be put back in the queue and executed again.'))); 78 77 $dialog->addSubmitButton('Retry Task'); 79 78 } else { 80 79 $dialog->setTitle('Can Not Retry'); 81 - $dialog->appendChild( 82 - '<p>Only archived, unsuccessful tasks can be retried.</p>'); 80 + $dialog->appendChild(phutil_tag('p', array(), pht( 81 + 'Only archived, unsuccessful tasks can be retried.'))); 83 82 } 84 83 break; 85 84 case 'cancel': 86 85 if ($can_cancel) { 87 86 $dialog->setTitle('Really cancel task?'); 88 - $dialog->appendChild( 89 - '<p>The work this task represents will never be performed if you '. 90 - 'cancel it. Are you sure you want to cancel it?</p>'); 87 + $dialog->appendChild(phutil_tag('p', array(), pht( 88 + 'The work this task represents will never be performed if you '. 89 + 'cancel it. Are you sure you want to cancel it?'))); 91 90 $dialog->addSubmitButton('Cancel Task'); 92 91 } else { 93 92 $dialog->setTitle('Can Not Cancel'); 94 - $dialog->appendChild( 95 - '<p>Only active tasks can be cancelled.</p>'); 93 + $dialog->appendChild(phutil_tag('p', array(), pht( 94 + 'Only active tasks can be cancelled.'))); 96 95 } 97 96 break; 98 97 case 'release': 99 98 if ($can_release) { 100 99 $dialog->setTitle('Really free task lease?'); 101 - $dialog->appendChild( 102 - '<p>If the process which owns the task lease is still doing work '. 100 + $dialog->appendChild(phutil_tag('p', array(), pht( 101 + 'If the process which owns the task lease is still doing work '. 103 102 'on it, the work may be performed twice. Are you sure you '. 104 - 'want to free the lease?</p>'); 103 + 'want to free the lease?'))); 105 104 $dialog->addSubmitButton('Free Lease'); 106 105 } else { 107 106 $dialog->setTitle('Can Not Free Lease'); 108 - $dialog->appendChild( 109 - '<p>Only active, leased tasks may have their leases freed.</p>'); 107 + $dialog->appendChild(phutil_tag('p', array(), pht( 108 + 'Only active, leased tasks may have their leases freed.'))); 110 109 } 111 110 break; 112 111 default:

+1 -1

src/applications/daemon/view/PhabricatorDaemonLogEventsView.php

··· 60 60 } 61 61 62 62 $row = array( 63 - phutil_escape_html($event->getLogType()), 63 + $event->getLogType(), 64 64 phabricator_date($event->getEpoch(), $this->user), 65 65 phabricator_time($event->getEpoch(), $this->user), 66 66 phutil_escape_html_newlines($message.$more),

+2 -2

src/applications/daemon/view/PhabricatorDaemonLogListView.php

··· 76 76 77 77 $rows[] = array( 78 78 $running, 79 - phutil_escape_html($log->getDaemon()), 80 - phutil_escape_html($log->getHost()), 79 + $log->getDaemon(), 80 + $log->getHost(), 81 81 $log->getPID(), 82 82 phabricator_date($epoch, $this->user), 83 83 phabricator_time($epoch, $this->user),

+3 -4

src/applications/differential/controller/DifferentialCommentSaveController.php

··· 60 60 61 61 if (strlen($comment) || $has_inlines) { 62 62 $dialog->addSubmitButton(pht('Post as Comment')); 63 - $dialog->appendChild('<br />'); 64 - $dialog->appendChild( 65 - '<p>'.pht('Do you want to post your feedback anyway, as a normal '. 66 - 'comment?').'</p>'); 63 + $dialog->appendChild(phutil_tag('br')); 64 + $dialog->appendChild(phutil_tag('p', array(), pht( 65 + 'Do you want to post your feedback anyway, as a normal comment?'))); 67 66 } 68 67 69 68 return id(new AphrontDialogResponse())->setDialog($dialog);

+11 -6

src/applications/differential/controller/DifferentialDiffViewController.php

··· 25 25 'href' => PhabricatorEnv::getURI('/D'.$diff->getRevisionID()), 26 26 ), 27 27 'D'.$diff->getRevisionID()); 28 - $top_panel->appendChild( 29 - "<h1>".pht('This diff belongs to revision %s', $link)."</h1>"); 28 + $top_panel->appendChild(phutil_tag( 29 + 'h1', 30 + array(), 31 + pht('This diff belongs to revision %s', $link))); 30 32 } else { 31 33 $action_panel = new AphrontPanelView(); 32 34 $action_panel->setHeader('Preview Diff'); 33 35 $action_panel->setWidth(AphrontPanelView::WIDTH_WIDE); 34 - $action_panel->appendChild( 35 - '<p class="aphront-panel-instructions">'.pht('Review the diff for '. 36 - 'correctness. When you are satisfied, either <strong>create a new '. 37 - 'revision</strong> or <strong>update an existing revision</strong>.')); 36 + $action_panel->appendChild(hsprintf( 37 + '<p class="aphront-panel-instructions">%s</p>', 38 + pht( 39 + 'Review the diff for correctness. When you are satisfied, either '. 40 + '<strong>create a new revision</strong> or <strong>update '. 41 + 'an existing revision</strong>.', 42 + hsprintf('')))); 38 43 39 44 // TODO: implmenent optgroup support in AphrontFormSelectControl? 40 45 $select = array();

+13 -13

src/applications/differential/controller/DifferentialRevisionViewController.php

··· 386 386 387 387 $page_pane = id(new DifferentialPrimaryPaneView()) 388 388 ->setID($pane_id) 389 - ->appendChild( 390 - $comment_view->render(). 391 - $diff_history->render(). 392 - $warning. 393 - $local_view->render(). 394 - $toc_view->render(). 395 - $other_view. 396 - $changeset_view->render()); 389 + ->appendChild(array( 390 + $comment_view->render(), 391 + $diff_history->render(), 392 + $warning, 393 + $local_view->render(), 394 + $toc_view->render(), 395 + $other_view, 396 + $changeset_view->render(), 397 + )); 397 398 if ($comment_form) { 398 399 $page_pane->appendChild($comment_form->render()); 399 400 } ··· 857 858 $handles = $this->loadViewerHandles($phids); 858 859 $view->setHandles($handles); 859 860 860 - return 861 + return hsprintf( 862 + '%s<div class="differential-panel">%s</div>', 861 863 id(new PhabricatorHeaderView()) 862 864 ->setHeader(pht('Open Revisions Affecting These Files')) 863 - ->render(). 864 - '<div class="differential-panel">'. 865 - $view->render(). 866 - '</div>'; 865 + ->render(), 866 + $view->render()); 867 867 } 868 868 869 869 /**

+1 -1

src/applications/differential/controller/DifferentialSubscribeController.php

··· 43 43 $dialog 44 44 ->setUser($user) 45 45 ->setTitle($title) 46 - ->appendChild('<p>'.$prompt.'</p>') 46 + ->appendChild(phutil_tag('p', array(), $prompt)) 47 47 ->setSubmitURI($request->getRequestURI()) 48 48 ->addSubmitButton($button) 49 49 ->addCancelButton('/D'.$revision->getID());

+1 -1

src/applications/differential/field/specification/DifferentialBlameRevisionFieldSpecification.php

··· 49 49 return null; 50 50 } 51 51 $engine = PhabricatorMarkupEngine::newDifferentialMarkupEngine(); 52 - return phutil_safe_html($engine->markupText($this->value)); 52 + return $engine->markupText($this->value); 53 53 } 54 54 55 55 public function shouldAppearOnConduitView() {

+1 -1

src/applications/differential/field/specification/DifferentialCommitsFieldSpecification.php

··· 26 26 $links[] = $this->getHandle($commit_phid)->renderLink(); 27 27 } 28 28 29 - return array_interleave(phutil_tag('br'), $links); 29 + return phutil_implode_html(phutil_tag('br'), $links); 30 30 } 31 31 32 32 private function getCommitPHIDs() {

+1 -1

src/applications/differential/field/specification/DifferentialDependenciesFieldSpecification.php

··· 26 26 $links[] = $this->getHandle($revision_phids)->renderLink(); 27 27 } 28 28 29 - return array_interleave(phutil_tag('br'), $links); 29 + return phutil_implode_html(phutil_tag('br'), $links); 30 30 } 31 31 32 32 private function getDependentRevisionPHIDs() {

+1 -1

src/applications/differential/field/specification/DifferentialDependsOnFieldSpecification.php

··· 26 26 $links[] = $this->getHandle($revision_phids)->renderLink(); 27 27 } 28 28 29 - return array_interleave(phutil_tag('br'), $links); 29 + return phutil_implode_html(phutil_tag('br'), $links); 30 30 } 31 31 32 32 private function getDependentRevisionPHIDs() {

+1 -1

src/applications/differential/field/specification/DifferentialFieldSpecification.php

··· 283 283 $links[] = $handle->renderLink(); 284 284 } 285 285 286 - return array_interleave(', ', $links); 286 + return phutil_implode_html(', ', $links); 287 287 } 288 288 289 289

+1 -1

src/applications/differential/field/specification/DifferentialManiphestTasksFieldSpecification.php

··· 29 29 $links[] = $this->getHandle($task_phid)->renderLink(); 30 30 } 31 31 32 - return array_interleave(phutil_tag('br'), $links); 32 + return phutil_implode_html(phutil_tag('br'), $links); 33 33 } 34 34 35 35 private function getManiphestTaskPHIDs() {

+7 -5

src/applications/differential/field/specification/DifferentialReviewersFieldSpecification.php

··· 143 143 if ($other_reviewers) { 144 144 $names = array(); 145 145 foreach ($other_reviewers as $reviewer => $_) { 146 - $names[] = phutil_escape_html( 147 - $this->getHandle($reviewer)->getLinkName()); 146 + $names[] = $this->getHandle($reviewer)->getLinkName(); 148 147 } 149 - $suffix = ' '.javelin_tag( 148 + $suffix = javelin_tag( 150 149 'abbr', 151 150 array( 152 151 'sigil' => 'has-tooltip', ··· 159 158 } else { 160 159 $suffix = null; 161 160 } 162 - return $this->getHandle($primary_reviewer)->renderLink().$suffix; 161 + return hsprintf( 162 + '%s %s', 163 + $this->getHandle($primary_reviewer)->renderLink(), 164 + $suffix); 163 165 } else { 164 - return '<em>None</em>'; 166 + return phutil_tag('em', array(), 'None'); 165 167 } 166 168 } 167 169

+1 -1

src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php

··· 113 113 $userdata = idx($test, 'userdata'); 114 114 if ($userdata) { 115 115 $engine = PhabricatorMarkupEngine::newDifferentialMarkupEngine(); 116 - $userdata = phutil_safe_html($engine->markupText($userdata)); 116 + $userdata = $engine->markupText($userdata); 117 117 $rows[] = array( 118 118 'style' => 'details', 119 119 'value' => $userdata,

+1 -1

src/applications/differential/parser/DifferentialChangesetParser.php

··· 1092 1092 * indicator of how well tested a change is. 1093 1093 */ 1094 1094 public function renderModifiedCoverage() { 1095 - $na = '<em>-</em>'; 1095 + $na = phutil_tag('em', array(), '-'); 1096 1096 1097 1097 $coverage = $this->getCoverage(); 1098 1098 if (!$coverage) {

+44 -28

src/applications/differential/render/DifferentialChangesetHTMLRenderer.php

··· 21 21 return null; 22 22 } 23 23 } else { 24 + $none = $none; 24 25 switch ($change) { 25 26 26 27 case DifferentialChangeType::TYPE_ADD: 27 28 switch ($file) { 28 29 case DifferentialChangeType::FILE_TEXT: 29 - $message = pht('This file was <strong>added</strong>.'); 30 + $message = pht('This file was <strong>added</strong>.', $none); 30 31 break; 31 32 case DifferentialChangeType::FILE_IMAGE: 32 - $message = pht('This image was <strong>added</strong>.'); 33 + $message = pht('This image was <strong>added</strong>.', $none); 33 34 break; 34 35 case DifferentialChangeType::FILE_DIRECTORY: 35 - $message = pht('This directory was <strong>added</strong>.'); 36 + $message = pht( 37 + 'This directory was <strong>added</strong>.', 38 + $none); 36 39 break; 37 40 case DifferentialChangeType::FILE_BINARY: 38 - $message = pht('This binary file was <strong>added</strong>.'); 41 + $message = pht( 42 + 'This binary file was <strong>added</strong>.', 43 + $none); 39 44 break; 40 45 case DifferentialChangeType::FILE_SYMLINK: 41 - $message = pht('This symlink was <strong>added</strong>.'); 46 + $message = pht('This symlink was <strong>added</strong>.', $none); 42 47 break; 43 48 case DifferentialChangeType::FILE_SUBMODULE: 44 - $message = pht('This submodule was <strong>added</strong>.'); 49 + $message = pht( 50 + 'This submodule was <strong>added</strong>.', 51 + $none); 45 52 break; 46 53 } 47 54 break; ··· 49 56 case DifferentialChangeType::TYPE_DELETE: 50 57 switch ($file) { 51 58 case DifferentialChangeType::FILE_TEXT: 52 - $message = pht('This file was <strong>deleted</strong>.'); 59 + $message = pht('This file was <strong>deleted</strong>.', $none); 53 60 break; 54 61 case DifferentialChangeType::FILE_IMAGE: 55 - $message = pht('This image was <strong>deleted</strong>.'); 62 + $message = pht('This image was <strong>deleted</strong>.', $none); 56 63 break; 57 64 case DifferentialChangeType::FILE_DIRECTORY: 58 - $message = pht('This directory was <strong>deleted</strong>.'); 65 + $message = pht( 66 + 'This directory was <strong>deleted</strong>.', 67 + $none); 59 68 break; 60 69 case DifferentialChangeType::FILE_BINARY: 61 - $message = pht('This binary file was <strong>deleted</strong>.'); 70 + $message = pht( 71 + 'This binary file was <strong>deleted</strong>.', 72 + $none); 62 73 break; 63 74 case DifferentialChangeType::FILE_SYMLINK: 64 - $message = pht('This symlink was <strong>deleted</strong>.'); 75 + $message = pht( 76 + 'This symlink was <strong>deleted</strong>.', 77 + $none); 65 78 break; 66 79 case DifferentialChangeType::FILE_SUBMODULE: 67 - $message = pht('This submodule was <strong>deleted</strong>.'); 80 + $message = pht( 81 + 'This submodule was <strong>deleted</strong>.', 82 + $none); 68 83 break; 69 84 } 70 85 break; ··· 235 250 } 236 251 } 237 252 238 - return 239 - '<div class="differential-meta-notice">'. 240 - $message. 241 - '</div>'; 253 + return hsprintf( 254 + '<div class="differential-meta-notice">%s</div>', 255 + $message); 242 256 } 243 257 244 258 protected function renderPropertyChangeHeader() { ··· 279 293 } 280 294 } 281 295 282 - return 283 - '<table class="differential-property-table">'. 284 - '<tr class="property-table-header">'. 285 - '<th>'.pht('Property Changes').'</th>'. 286 - '<td class="oval">'.pht('Old Value').'</td>'. 287 - '<td class="nval">'.pht('New Value').'</td>'. 288 - '</tr>'. 289 - implode('', $rows). 290 - '</table>'; 296 + array_unshift($rows, hsprintf( 297 + '<tr class="property-table-header">'. 298 + '<th>%s</th>'. 299 + '<td class="oval">%s</td>'. 300 + '<td class="nval">%s</td>'. 301 + '</tr>', 302 + pht('Property Changes'), 303 + pht('Old Value'), 304 + pht('New Value'))); 305 + 306 + return phutil_tag( 307 + 'table', 308 + array('class' => 'differential-property-table'), 309 + $rows); 291 310 } 292 311 293 312 public function renderShield($message, $force = 'default') { ··· 351 370 if (!$content) { 352 371 return null; 353 372 } 354 - 355 - // TODO: [HTML] After TwoUpRenderer gets refactored, fix this. 356 - $content = phutil_safe_html($content); 357 373 358 374 return javelin_tag( 359 375 'table',

+14 -14

src/applications/differential/render/DifferentialChangesetOneUpRenderer.php

··· 20 20 switch ($type) { 21 21 case 'old': 22 22 case 'new': 23 - $out[] = '<tr>'; 23 + $out[] = hsprintf('<tr>'); 24 24 if ($type == 'old') { 25 25 if ($p['htype']) { 26 26 $class = 'left old'; 27 27 } else { 28 28 $class = 'left'; 29 29 } 30 - $out[] = '<th>'.$p['line'].'</th>'; 31 - $out[] = '<th></th>'; 32 - $out[] = '<td class="'.$class.'">'.$p['render'].'</td>'; 30 + $out[] = hsprintf('<th>%s</th>', $p['line']); 31 + $out[] = hsprintf('<th></th>'); 32 + $out[] = hsprintf('<td class="%s">%s</td>', $class, $p['render']); 33 33 } else if ($type == 'new') { 34 34 if ($p['htype']) { 35 35 $class = 'right new'; 36 - $out[] = '<th />'; 36 + $out[] = hsprintf('<th />'); 37 37 } else { 38 38 $class = 'right'; 39 - $out[] = '<th>'.$p['oline'].'</th>'; 39 + $out[] = hsprintf('<th>%s</th>', $p['oline']); 40 40 } 41 - $out[] = '<th>'.$p['line'].'</th>'; 42 - $out[] = '<td class="'.$class.'">'.$p['render'].'</td>'; 41 + $out[] = hsprintf('<th>%s</th>', $p['line']); 42 + $out[] = hsprintf('<td class="%s">%s</td>', $class, $p['render']); 43 43 } 44 - $out[] = '</tr>'; 44 + $out[] = hsprintf('</tr>'); 45 45 break; 46 46 case 'inline': 47 - $out[] = '<tr><th /><th />'; 48 - $out[] = '<td>'; 47 + $out[] = hsprintf('<tr><th /><th />'); 48 + $out[] = hsprintf('<td>'); 49 49 50 50 $inline = $this->buildInlineComment( 51 51 $p['comment'], ··· 53 53 $inline->setBuildScaffolding(false); 54 54 $out[] = $inline->render(); 55 55 56 - $out[] = '</td></tr>'; 56 + $out[] = hsprintf('</td></tr>'); 57 57 break; 58 58 default: 59 - $out[] = '<tr><th /><th /><td>'.$type.'</td></tr>'; 59 + $out[] = hsprintf('<tr><th /><th /><td>%s</td></tr>', $type); 60 60 break; 61 61 } 62 62 } 63 63 64 64 if ($out) { 65 - return $this->wrapChangeInTable(implode('', $out)); 65 + return $this->wrapChangeInTable(phutil_implode_html('', $out)); 66 66 } 67 67 return null; 68 68 }

+47 -35

src/applications/differential/render/DifferentialChangesetTwoUpRenderer.php

··· 160 160 'colspan' => 2, 161 161 'class' => 'show-more', 162 162 ), 163 - array_interleave( 163 + phutil_implode_html( 164 164 " \xE2\x80\xA2 ", // Bullet 165 165 $contents)), 166 166 phutil_tag( ··· 205 205 } 206 206 } 207 207 208 - $n_copy = '<td class="copy" />'; 208 + $n_copy = hsprintf('<td class="copy" />'); 209 209 $n_cov = null; 210 210 $n_colspan = 2; 211 211 $n_classes = ''; ··· 224 224 $cov_class = $coverage[$n_num - 1]; 225 225 } 226 226 $cov_class = 'cov-'.$cov_class; 227 - $n_cov = '<td class="cov '.$cov_class.'"></td>'; 227 + $n_cov = hsprintf('<td class="cov %s"></td>', $cov_class); 228 228 $n_colspan--; 229 229 } 230 230 ··· 242 242 $n_classes = $n_class; 243 243 244 244 if ($new_lines[$ii]['type'] == '\\' || !isset($copy_lines[$n_num])) { 245 - $n_copy = '<td class="copy '.$n_class.'"></td>'; 245 + $n_copy = hsprintf('<td class="copy %s"></td>', $n_class); 246 246 } else { 247 247 list($orig_file, $orig_line, $orig_type) = $copy_lines[$n_num]; 248 248 $title = ($orig_type == '-' ? 'Moved' : 'Copied').' from '; ··· 274 274 } 275 275 276 276 if ($o_num && $left_id) { 277 - $o_id = ' id="C'.$left_id.$left_char.'L'.$o_num.'"'; 277 + $o_id = 'C'.$left_id.$left_char.'L'.$o_num; 278 278 } else { 279 279 $o_id = null; 280 280 } 281 281 282 282 if ($n_num && $right_id) { 283 - $n_id = ' id="C'.$right_id.$right_char.'L'.$n_num.'"'; 283 + $n_id = 'C'.$right_id.$right_char.'L'.$n_num; 284 284 } else { 285 285 $n_id = null; 286 286 } ··· 288 288 // NOTE: The Javascript is sensitive to whitespace changes in this 289 289 // block! 290 290 291 - $html[] = 291 + $html[] = hsprintf( 292 292 '<tr>'. 293 - '<th'.$o_id.'>'.$o_num.'</th>'. 294 - '<td class="'.$o_classes.'">'.$o_text.'</td>'. 295 - '<th'.$n_id.'>'.$n_num.'</th>'. 296 - $n_copy. 293 + '%s'. 294 + '<td class="%s">%s</td>'. 295 + '%s'. 296 + '%s'. 297 297 // NOTE: This is a unicode zero-width space, which we use as a hint 298 298 // when intercepting 'copy' events to make sure sensible text ends 299 299 // up on the clipboard. See the 'phabricator-oncopy' behavior. 300 - '<td class="'.$n_classes.'" colspan="'.$n_colspan.'">'. 301 - "\xE2\x80\x8B".$n_text. 300 + '<td class="%s" colspan="%s">'. 301 + "\xE2\x80\x8B%s". 302 302 '</td>'. 303 - $n_cov. 304 - '</tr>'; 303 + '%s'. 304 + '</tr>', 305 + phutil_tag('th', array('id' => $o_id), $o_num), 306 + $o_classes, $o_text, 307 + phutil_tag('th', array('id' => $n_id), $n_num), 308 + $n_copy, 309 + $n_classes, $n_colspan, $n_text, 310 + $n_cov); 305 311 306 312 if ($context_not_available && ($ii == $rows - 1)) { 307 313 $html[] = $context_not_available; ··· 351 357 } 352 358 } 353 359 354 - return $this->wrapChangeInTable(implode('', $html)); 360 + return $this->wrapChangeInTable(phutil_implode_html('', $html)); 355 361 } 356 362 357 363 public function renderFileChange($old_file = null, ··· 395 401 foreach ($this->getOldComments() as $on_line => $comment_group) { 396 402 foreach ($comment_group as $comment) { 397 403 $comment_html = $this->renderInlineComment($comment, $on_right = false); 398 - $html_old[] = 404 + $html_old[] = hsprintf( 399 405 '<tr class="inline">'. 400 406 '<th />'. 401 - '<td class="left">'.$comment_html.'</td>'. 407 + '<td class="left">%s</td>'. 402 408 '<th />'. 403 409 '<td class="right3" colspan="3" />'. 404 - '</tr>'; 410 + '</tr>', 411 + $comment_html); 405 412 } 406 413 } 407 414 foreach ($this->getNewComments() as $lin_line => $comment_group) { 408 415 foreach ($comment_group as $comment) { 409 416 $comment_html = $this->renderInlineComment($comment, $on_right = true); 410 - $html_new[] = 417 + $html_new[] = hsprintf( 411 418 '<tr class="inline">'. 412 419 '<th />'. 413 420 '<td class="left" />'. 414 421 '<th />'. 415 - '<td class="right3" colspan="3">'.$comment_html.'</td>'. 416 - '</tr>'; 422 + '<td class="right3" colspan="3">%s</td>'. 423 + '</tr>', 424 + $comment_html); 417 425 } 418 426 } 419 427 420 428 if (!$old) { 421 - $th_old = '<th></th>'; 429 + $th_old = hsprintf('<th></th>'); 422 430 } else { 423 - $th_old = '<th id="C'.$vs.'OL1">1</th>'; 431 + $th_old = hsprintf('<th id="C%sOL1">1</th>', $vs); 424 432 } 425 433 426 434 if (!$new) { 427 - $th_new = '<th></th>'; 435 + $th_new = hsprintf('<th></th>'); 428 436 } else { 429 - $th_new = '<th id="C'.$id.'NL1">1</th>'; 437 + $th_new = hsprintf('<th id="C%sNL1">1</th>', $id); 430 438 } 431 439 432 - $output = 440 + $output = hsprintf( 433 441 '<tr class="differential-image-diff">'. 434 - $th_old. 435 - '<td class="left differential-old-image">'.$old.'</td>'. 436 - $th_new. 437 - '<td class="right3 differential-new-image" colspan="3">'. 438 - $new. 439 - '</td>'. 442 + '%s'. 443 + '<td class="left differential-old-image">%s</td>'. 444 + '%s'. 445 + '<td class="right3 differential-new-image" colspan="3">%s</td>'. 440 446 '</tr>'. 441 - implode('', $html_old). 442 - implode('', $html_new); 447 + '%s'. 448 + '%s', 449 + $th_old, 450 + $old, 451 + $th_new, 452 + $new, 453 + phutil_implode_html('', $html_old), 454 + phutil_implode_html('', $html_new)); 443 455 444 456 $output = $this->wrapChangeInTable($output); 445 457

+15 -15

src/applications/differential/view/DifferentialAddCommentView.php

··· 155 155 'inline' => 'inline-comment-preview', 156 156 )); 157 157 158 - $warning_container = '<div id="warnings">'; 158 + $warning_container = array(); 159 159 foreach ($warnings as $warning) { 160 160 if ($warning) { 161 - $warning_container .= $warning->render(); 161 + $warning_container[] = $warning->render(); 162 162 } 163 163 } 164 - $warning_container .= '</div>'; 165 164 166 165 $header = id(new PhabricatorHeaderView()) 167 166 ->setHeader($is_serious ? pht('Add Comment') : pht('Leap Into Action')); 168 167 169 - return 170 - id(new PhabricatorAnchorView()) 171 - ->setAnchorName('comment') 172 - ->setNavigationMarker(true) 173 - ->render(). 168 + return hsprintf( 169 + '%s'. 174 170 '<div class="differential-add-comment-panel">'. 175 - $header->render(). 176 - $form->render(). 177 - $warning_container. 171 + '%s%s%s'. 178 172 '<div class="aphront-panel-preview aphront-panel-flush">'. 179 173 '<div id="comment-preview">'. 180 - '<span class="aphront-panel-preview-loading-text">'. 181 - pht('Loading comment preview...'). 182 - '</span>'. 174 + '<span class="aphront-panel-preview-loading-text">%s</span>'. 183 175 '</div>'. 184 176 '<div id="inline-comment-preview">'. 185 177 '</div>'. 186 178 '</div>'. 187 - '</div>'; 179 + '</div>', 180 + id(new PhabricatorAnchorView()) 181 + ->setAnchorName('comment') 182 + ->setNavigationMarker(true) 183 + ->render(), 184 + $header->render(), 185 + $form->render(), 186 + phutil_tag('div', array('id' => 'warnings'), $warning_container), 187 + pht('Loading comment preview...')); 188 188 } 189 189 }

+2 -2

src/applications/differential/view/DifferentialChangesetDetailView.php

··· 92 92 'class' => $class, 93 93 'id' => $id, 94 94 ), 95 - $this->renderHTMLView( 95 + $this->renderSingleView( 96 96 array( 97 97 id(new PhabricatorAnchorView()) 98 98 ->setAnchorName($changeset->getAnchorName()) ··· 101 101 $buttons, 102 102 phutil_tag('h1', array(), $display_filename), 103 103 phutil_tag('div', array('style' => 'clear: both'), ''), 104 - $this->renderHTMLChildren(), 104 + $this->renderChildren(), 105 105 ))); 106 106 } 107 107

+14 -9

src/applications/differential/view/DifferentialChangesetListView.php

··· 187 187 )); 188 188 } 189 189 190 - return $this->renderHTMLView( 190 + return $this->renderSingleView( 191 191 array( 192 192 id(new PhabricatorHeaderView()) 193 193 ->setHeader($this->getTitle()) ··· 221 221 ), 222 222 array('Changes discarded. ', $link)); 223 223 224 - $template = 225 - '<table><tr>'. 226 - '<th></th><td>%s</td>'. 227 - '<th></th><td colspan="3">%s</td>'. 228 - '</tr></table>'; 224 + return array( 225 + 'l' => hsprintf( 226 + '<table><tr>'. 227 + '<th></th><td>%s</td>'. 228 + '<th></th><td colspan="3"></td>'. 229 + '</tr></table>', 230 + $div), 229 231 230 - return array( 231 - 'l' => sprintf($template, $div, ''), 232 - 'r' => sprintf($template, '', $div), 232 + 'r' => hsprintf( 233 + '<table><tr>'. 234 + '<th></th><td></td>'. 235 + '<th></th><td colspan="3">%s</td>'. 236 + '</tr></table>', 237 + $div), 233 238 ); 234 239 } 235 240

+48 -49

src/applications/differential/view/DifferentialDiffTableOfContentsView.php

··· 94 94 $meta[] = pht('Copied to multiple locations:'); 95 95 } 96 96 foreach ($away as $path) { 97 - $meta[] = phutil_escape_html($path); 97 + $meta[] = $path; 98 98 } 99 - $meta = implode('<br />', $meta); 99 + $meta = phutil_implode_html(phutil_tag('br'), $meta); 100 100 } else { 101 101 if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) { 102 - $meta = pht('Moved to %s', phutil_escape_html(reset($away))); 102 + $meta = pht('Moved to %s', reset($away)); 103 103 } else { 104 - $meta = pht('Copied to %s', phutil_escape_html(reset($away))); 104 + $meta = pht('Copied to %s', reset($away)); 105 105 } 106 106 } 107 107 } else if ($type == DifferentialChangeType::TYPE_MOVE_HERE) { 108 - $meta = pht('Moved from %s', 109 - phutil_escape_html($changeset->getOldFile())); 108 + $meta = pht('Moved from %s', $changeset->getOldFile()); 110 109 } else if ($type == DifferentialChangeType::TYPE_COPY_HERE) { 111 - $meta = pht('Copied from %s', 112 - phutil_escape_html($changeset->getOldFile())); 110 + $meta = pht('Copied from %s', $changeset->getOldFile()); 113 111 } else { 114 112 $meta = null; 115 113 } ··· 130 128 $pchar = 131 129 ($changeset->getOldProperties() === $changeset->getNewProperties()) 132 130 ? null 133 - : '<span title="'.pht('Properties Changed').'">M</span>'; 131 + : hsprintf('<span title="%s">M</span>', pht('Properties Changed')); 134 132 135 133 $fname = $changeset->getFilename(); 136 134 $cov = $this->renderCoverage($coverage, $fname); 137 135 if ($cov === null) { 138 - $mcov = $cov = '<em>-</em>'; 136 + $mcov = $cov = phutil_tag('em', array(), '-'); 139 137 } else { 140 138 $mcov = phutil_tag( 141 139 'div', ··· 146 144 (isset($this->visibleChangesets[$id]) ? 'Loading...' : '?')); 147 145 } 148 146 149 - $rows[] = 150 - '<tr>'. 151 - phutil_tag( 152 - 'td', 153 - array( 154 - 'class' => 'differential-toc-char', 155 - 'title' => $chartitle, 156 - ), 157 - $char). 158 - '<td class="differential-toc-prop">'.$pchar.'</td>'. 159 - '<td class="differential-toc-ftype">'.$desc.'</td>'. 160 - '<td class="differential-toc-file">'.$link.$lines.'</td>'. 161 - '<td class="differential-toc-cov">'.$cov.'</td>'. 162 - '<td class="differential-toc-mcov">'.$mcov.'</td>'. 163 - '</tr>'; 147 + $rows[] = hsprintf( 148 + '<tr>'. 149 + '<td class="differential-toc-char" title="%s">%s</td>'. 150 + '<td class="differential-toc-prop">%s</td>'. 151 + '<td class="differential-toc-ftype">%s</td>'. 152 + '<td class="differential-toc-file">%s%s</td>'. 153 + '<td class="differential-toc-cov">%s</td>'. 154 + '<td class="differential-toc-mcov">%s</td>'. 155 + '</tr>', 156 + $chartitle, $char, 157 + $pchar, 158 + $desc, 159 + $link, $lines, 160 + $cov, 161 + $mcov); 164 162 if ($meta) { 165 - $rows[] = 163 + $rows[] = hsprintf( 166 164 '<tr>'. 167 165 '<td colspan="3"></td>'. 168 - '<td class="differential-toc-meta">'.$meta.'</td>'. 169 - '</tr>'; 166 + '<td class="differential-toc-meta">%s</td>'. 167 + '</tr>', 168 + $meta); 170 169 } 171 170 if ($this->diff && $this->repository) { 172 171 $paths[] = ··· 201 200 ), 202 201 pht('Show All Context')); 203 202 204 - $buttons = 205 - '<tr><td colspan="7">'. 206 - $editor_link.$reveal_link. 207 - '</td></tr>'; 203 + $buttons = hsprintf( 204 + '<tr><td colspan="7">%s%s</td></tr>', 205 + $editor_link, 206 + $reveal_link); 208 207 209 - return 210 - id(new PhabricatorAnchorView()) 211 - ->setAnchorName('toc') 212 - ->setNavigationMarker(true) 213 - ->render(). 214 - id(new PhabricatorHeaderView()) 215 - ->setHeader(pht('Table of Contents')) 216 - ->render(). 208 + return hsprintf( 209 + '%s%s'. 217 210 '<div class="differential-toc differential-panel">'. 218 211 '<table>'. 219 212 '<tr>'. ··· 221 214 '<th></th>'. 222 215 '<th></th>'. 223 216 '<th>Path</th>'. 224 - '<th class="differential-toc-cov">'. 225 - pht('Coverage (All)'). 226 - '</th>'. 227 - '<th class="differential-toc-mcov">'. 228 - pht('Coverage (Touched)'). 229 - '</th>'. 217 + '<th class="differential-toc-cov">%s</th>'. 218 + '<th class="differential-toc-mcov">%s</th>'. 230 219 '</tr>'. 231 - implode("\n", $rows). 232 - $buttons. 220 + '%s%s'. 233 221 '</table>'. 234 - '</div>'; 222 + '</div>', 223 + id(new PhabricatorAnchorView()) 224 + ->setAnchorName('toc') 225 + ->setNavigationMarker(true) 226 + ->render(), 227 + id(new PhabricatorHeaderView()) 228 + ->setHeader(pht('Table of Contents')) 229 + ->render(), 230 + pht('Coverage (All)'), 231 + pht('Coverage (Touched)'), 232 + phutil_implode_html("\n", $rows), 233 + $buttons); 235 234 } 236 235 237 236 private function renderCoverage(array $coverage, $file) {

+4 -4

src/applications/differential/view/DifferentialInlineCommentEditView.php

··· 55 55 'method' => 'POST', 56 56 'sigil' => 'inline-edit-form', 57 57 ), 58 - $this->renderHTMLView( 58 + $this->renderSingleView( 59 59 array( 60 60 $this->renderInputs(), 61 61 $this->renderBody(), ··· 123 123 array( 124 124 'class' => 'differential-inline-comment-edit-body', 125 125 ), 126 - $this->renderHTMLChildren()); 126 + $this->renderChildren()); 127 127 128 128 $edit = phutil_tag( 129 129 'edit', 130 130 array( 131 131 'class' => 'differential-inline-comment-edit-buttons', 132 132 ), 133 - $this->renderHTMLView( 133 + $this->renderSingleView( 134 134 array( 135 135 $formatting, 136 136 $buttons, ··· 148 148 'length' => $this->length, 149 149 ), 150 150 ), 151 - $this->renderHTMLView( 151 + $this->renderSingleView( 152 152 array( 153 153 $title, 154 154 $body,

+1 -1

src/applications/differential/view/DifferentialInlineCommentView.php

··· 178 178 $links = phutil_tag( 179 179 'span', 180 180 array('class' => 'differential-inline-comment-links'), 181 - array_interleave(" \xC2\xB7 ", $links)); 181 + phutil_implode_html(" \xC2\xB7 ", $links)); 182 182 } else { 183 183 $links = null; 184 184 }

+20 -18

src/applications/differential/view/DifferentialLocalCommitsView.php

··· 74 74 } 75 75 $parents[$k] = substr($parent, 0, 16); 76 76 } 77 - $parents = array_interleave(phutil_tag('br'), $parents); 77 + $parents = phutil_implode_html(phutil_tag('br'), $parents); 78 78 $row[] = phutil_tag('td', array(), $parents); 79 79 80 80 $author = nonempty( ··· 114 114 115 115 116 116 $headers = array(); 117 - $headers[] = '<th>'.pht('Commit').'</th>'; 117 + $headers[] = phutil_tag('th', array(), pht('Commit')); 118 118 if ($has_tree) { 119 - $headers[] = '<th>'.pht('Tree').'</th>'; 119 + $headers[] = phutil_tag('th', array(), pht('Tree')); 120 120 } 121 121 if ($has_local) { 122 - $headers[] = '<th>'.pht('Local').'</th>'; 122 + $headers[] = phutil_tag('th', array(), pht('Local')); 123 123 } 124 - $headers[] = '<th>'.pht('Parents').'</th>'; 125 - $headers[] = '<th>'.pht('Author').'</th>'; 126 - $headers[] = '<th>'.pht('Summary').'</th>'; 127 - $headers[] = '<th>'.pht('Date').'</th>'; 124 + $headers[] = phutil_tag('th', array(), pht('Parents')); 125 + $headers[] = phutil_tag('th', array(), pht('Author')); 126 + $headers[] = phutil_tag('th', array(), pht('Summary')); 127 + $headers[] = phutil_tag('th', array(), pht('Date')); 128 128 129 - $headers = '<tr>'.implode('', $headers).'</tr>'; 129 + $headers = phutil_tag('tr', array(), $headers); 130 130 131 - return 132 - id(new PhabricatorHeaderView()) 133 - ->setHeader(pht('Local Commits')) 134 - ->render(). 131 + $header = id(new PhabricatorHeaderView()) 132 + ->setHeader(pht('Local Commits')) 133 + ->render(); 134 + 135 + return hsprintf( 136 + '%s'. 135 137 '<div class="differential-panel">'. 136 - '<table class="differential-local-commits-table">'. 137 - $headers. 138 - implode("\n", $rows). 139 - '</table>'. 140 - '</div>'; 138 + '<table class="differential-local-commits-table">%s%s</table>'. 139 + '</div>', 140 + $header, 141 + $headers, 142 + phutil_implode_html("\n", $rows)); 141 143 } 142 144 }

+1 -1

src/applications/differential/view/DifferentialPrimaryPaneView.php

··· 11 11 12 12 public function render() { 13 13 14 - return phutil_render_tag( 14 + return phutil_tag( 15 15 'div', 16 16 array( 17 17 'class' => 'differential-primary-pane',

+2 -4

src/applications/differential/view/DifferentialRevisionCommentListView.php

··· 187 187 $hidden = null; 188 188 } 189 189 190 - return javelin_render_tag( 190 + return javelin_tag( 191 191 'div', 192 192 array( 193 193 'class' => 'differential-comment-list', 194 194 'id' => $this->getID(), 195 195 ), 196 - implode("\n", $header). 197 - $hidden. 198 - implode("\n", $visible)); 196 + array_merge($header, array($hidden), $visible)); 199 197 } 200 198 }

+41 -25

src/applications/differential/view/DifferentialRevisionCommentView.php

··· 87 87 $comment, 88 88 PhabricatorInlineCommentInterface::MARKUP_FIELD_BODY); 89 89 90 - $content = 91 - '<div class="phabricator-remarkup">'. 92 - $content. 93 - '</div>'; 90 + $content = hsprintf( 91 + '<div class="phabricator-remarkup">%s</div>', 92 + $content); 94 93 } 95 94 96 95 $inline_render = $this->renderInlineComments(); ··· 116 115 array()); 117 116 118 117 $verb = DifferentialAction::getActionPastTenseVerb($comment->getAction()); 119 - $verb = phutil_escape_html($verb); 120 118 121 119 $actions = array(); 122 120 // TODO: i18n 123 121 switch ($comment->getAction()) { 124 122 case DifferentialAction::ACTION_ADDCCS: 125 - $actions[] = "{$author_link} added CCs: ". 126 - $this->renderHandleList($added_ccs)."."; 123 + $actions[] = hsprintf( 124 + "%s added CCs: %s.", 125 + $author_link, 126 + $this->renderHandleList($added_ccs)); 127 127 $added_ccs = null; 128 128 break; 129 129 case DifferentialAction::ACTION_ADDREVIEWERS: 130 - $actions[] = "{$author_link} added reviewers: ". 131 - $this->renderHandleList($added_reviewers)."."; 130 + $actions[] = hsprintf( 131 + "%s added reviewers: %s.", 132 + $author_link, 133 + $this->renderHandleList($added_reviewers)); 132 134 $added_reviewers = null; 133 135 break; 134 136 case DifferentialAction::ACTION_UPDATE: ··· 140 142 'href' => '/D'.$comment->getRevisionID().'?id='.$diff_id, 141 143 ), 142 144 'Diff #'.$diff_id); 143 - $actions[] = "{$author_link} updated this revision to {$diff_link}."; 145 + $actions[] = hsprintf( 146 + "%s updated this revision to %s.", 147 + $author_link, 148 + $diff_link); 144 149 } else { 145 - $actions[] = "{$author_link} {$verb} this revision."; 150 + $actions[] = hsprintf( 151 + "%s %s this revision.", 152 + $author_link, 153 + $verb); 146 154 } 147 155 break; 148 156 default: 149 - $actions[] = "{$author_link} {$verb} this revision."; 157 + $actions[] = hsprintf( 158 + "%s %s this revision.", 159 + $author_link, 160 + $verb); 150 161 break; 151 162 } 152 163 153 164 if ($added_reviewers) { 154 - $actions[] = "{$author_link} added reviewers: ". 155 - $this->renderHandleList($added_reviewers)."."; 165 + $actions[] = hsprintf( 166 + "%s added reviewers: %s.", 167 + $author_link, 168 + $this->renderHandleList($added_reviewers)); 156 169 } 157 170 158 171 if ($removed_reviewers) { 159 - $actions[] = "{$author_link} removed reviewers: ". 160 - $this->renderHandleList($removed_reviewers)."."; 172 + $actions[] = hsprintf( 173 + "%s removed reviewers: %s.", 174 + $author_link, 175 + $this->renderHandleList($removed_reviewers)); 161 176 } 162 177 163 178 if ($added_ccs) { 164 - $actions[] = "{$author_link} added CCs: ". 165 - $this->renderHandleList($added_ccs)."."; 179 + $actions[] = hsprintf( 180 + "%s added CCs: %s.", 181 + $author_link, 182 + $this->renderHandleList($added_ccs)); 166 183 } 167 184 168 185 foreach ($actions as $key => $action) { 169 - $actions[$key] = '<div>'.$action.'</div>'; 186 + $actions[$key] = phutil_tag('div', array(), $action); 170 187 } 171 188 172 189 $xaction_view = id(new PhabricatorTransactionView()) ··· 190 207 } 191 208 192 209 if (!$hide_comments) { 193 - $xaction_view->appendChild( 194 - '<div class="differential-comment-core">'. 195 - $content. 196 - '</div>'. 197 - $this->renderSingleView($inline_render)); 210 + $xaction_view->appendChild(hsprintf( 211 + '<div class="differential-comment-core">%s%s</div>', 212 + $content, 213 + $this->renderSingleView($inline_render))); 198 214 } 199 215 200 216 return $xaction_view->render(); ··· 205 221 foreach ($phids as $phid) { 206 222 $result[] = $this->handles[$phid]->renderLink(); 207 223 } 208 - return implode(', ', $result); 224 + return phutil_implode_html(', ', $result); 209 225 } 210 226 211 227 private function renderInlineComments() {

+5 -1

src/applications/differential/view/DifferentialRevisionDetailView.php

··· 87 87 } 88 88 $properties->setHasKeyboardShortcuts(true); 89 89 90 - return $header->render() . $actions->render() . $properties->render(); 90 + return hsprintf( 91 + '%s%s%s', 92 + $header->render(), 93 + $actions->render(), 94 + $properties->render()); 91 95 } 92 96 93 97 private function renderHeader(DifferentialRevision $revision) {

+12 -12

src/applications/differential/view/DifferentialRevisionListView.php

··· 128 128 129 129 } else if (array_key_exists($revision->getID(), $this->drafts)) { 130 130 $src = '/rsrc/image/icon/fatcow/page_white_edit.png'; 131 - $flag = 132 - '<a href="/D'.$revision->getID().'#comment-preview">'. 133 - phutil_tag( 134 - 'img', 135 - array( 136 - 'src' => celerity_get_resource_uri($src), 137 - 'width' => 16, 138 - 'height' => 16, 139 - 'alt' => 'Draft', 140 - 'title' => pht('Draft Comment'), 141 - )). 142 - '</a>'; 131 + $flag = hsprintf( 132 + '<a href="%s">%s</a>', 133 + '/D'.$revision->getID().'#comment-preview', 134 + phutil_tag( 135 + 'img', 136 + array( 137 + 'src' => celerity_get_resource_uri($src), 138 + 'width' => 16, 139 + 'height' => 16, 140 + 'alt' => 'Draft', 141 + 'title' => pht('Draft Comment'), 142 + ))); 143 143 } 144 144 145 145 $row = array($flag);

+24 -20

src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php

··· 177 177 DifferentialChangesetParser::WHITESPACE_SHOW_ALL => 'Show All', 178 178 ); 179 179 180 - $select = '<select name="whitespace">'; 181 180 foreach ($options as $value => $label) { 182 - $select .= phutil_tag( 181 + $options[$value] = phutil_tag( 183 182 'option', 184 183 array( 185 184 'value' => $value, ··· 189 188 ), 190 189 $label); 191 190 } 192 - $select .= '</select>'; 191 + $select = phutil_tag('select', array('name' => 'whitespace'), $options); 193 192 194 - return 195 - id(new PhabricatorHeaderView()) 196 - ->setHeader(pht('Revision Update History')) 197 - ->render() . 193 + array_unshift($rows, phutil_tag('tr', array(), array( 194 + phutil_tag('th', array(), pht('Diff')), 195 + phutil_tag('th', array(), pht('ID')), 196 + phutil_tag('th', array(), pht('Base')), 197 + phutil_tag('th', array(), pht('Description')), 198 + phutil_tag('th', array(), pht('Created')), 199 + phutil_tag('th', array(), pht('Lint')), 200 + phutil_tag('th', array(), pht('Unit')), 201 + ))); 202 + 203 + return hsprintf( 204 + '%s'. 198 205 '<div class="differential-revision-history differential-panel">'. 199 206 '<form action="#toc">'. 200 207 '<table class="differential-revision-history-table">'. 201 - '<tr>'. 202 - '<th>'.pht('Diff').'</th>'. 203 - '<th>'.pht('ID').'</th>'. 204 - '<th>'.pht('Base').'</th>'. 205 - '<th>'.pht('Description').'</th>'. 206 - '<th>'.pht('Created').'</th>'. 207 - '<th>'.pht('Lint').'</th>'. 208 - '<th>'.pht('Unit').'</th>'. 209 - '</tr>'. 210 - implode("\n", $rows). 208 + '%s'. 211 209 '<tr>'. 212 210 '<td colspan="9" class="diff-differ-submit">'. 213 - '<label>'.pht('Whitespace Changes: %s', $select).'</label>'. 214 - '<button>'.pht('Show Diff').'</button>'. 211 + '<label>%s</label>'. 212 + '<button>%s</button>'. 215 213 '</td>'. 216 214 '</tr>'. 217 215 '</table>'. 218 216 '</form>'. 219 - '</div>'; 217 + '</div>', 218 + id(new PhabricatorHeaderView()) 219 + ->setHeader(pht('Revision Update History')) 220 + ->render(), 221 + phutil_implode_html("\n", $rows), 222 + pht('Whitespace Changes: %s', $select), 223 + pht('Show Diff')); 220 224 } 221 225 222 226 const STAR_NONE = 'none';

+2 -2

src/applications/diffusion/controller/DiffusionBrowseController.php

··· 21 21 $title = 'Tag: '.$drequest->getSymbolicCommit(); 22 22 23 23 $tag_view = new AphrontPanelView(); 24 - $tag_view->setHeader(phutil_escape_html($title)); 24 + $tag_view->setHeader($title); 25 25 $tag_view->appendChild( 26 26 $this->markupText($drequest->getTagContent())); 27 27 ··· 106 106 107 107 private function markupText($text) { 108 108 $engine = PhabricatorMarkupEngine::newDiffusionMarkupEngine(); 109 - $text = phutil_safe_html($engine->markupText($text)); 109 + $text = $engine->markupText($text); 110 110 111 111 $text = phutil_tag( 112 112 'div',

+12 -18

src/applications/diffusion/controller/DiffusionCommitController.php

··· 97 97 array( 98 98 'class' => 'diffusion-commit-message phabricator-remarkup', 99 99 ), 100 - phutil_safe_html( 101 - $engine->markupText($commit_data->getCommitMessage())))); 100 + $engine->markupText($commit_data->getCommitMessage()))); 102 101 103 102 $content[] = $top_anchor; 104 103 $content[] = $headsup_view; ··· 449 448 foreach ($parents as $parent) { 450 449 $parent_links[] = $handles[$parent->getPHID()]->renderLink(); 451 450 } 452 - $props['Parents'] = array_interleave( 453 - " \xC2\xB7 ", 454 - $parent_links); 451 + $props['Parents'] = phutil_implode_html(" \xC2\xB7 ", $parent_links); 455 452 } 456 453 457 454 $request = $this->getDiffusionRequest(); ··· 488 485 foreach ($task_phids as $phid) { 489 486 $task_list[] = $handles[$phid]->renderLink(); 490 487 } 491 - $task_list = array_interleave(phutil_tag('br'), $task_list); 488 + $task_list = phutil_implode_html(phutil_tag('br'), $task_list); 492 489 $props['Tasks'] = $task_list; 493 490 } 494 491 ··· 497 494 foreach ($proj_phids as $phid) { 498 495 $proj_list[] = $handles[$phid]->renderLink(); 499 496 } 500 - $proj_list = array_interleave(phutil_tag('br'), $proj_list); 497 + $proj_list = phutil_implode_html(phutil_tag('br'), $proj_list); 501 498 $props['Projects'] = $proj_list; 502 499 } 503 500 ··· 689 686 'inlineuri' => '/diffusion/inline/preview/'.$commit->getPHID().'/', 690 687 )); 691 688 692 - $preview_panel = 689 + $preview_panel = hsprintf( 693 690 '<div class="aphront-panel-preview aphront-panel-flush"> 694 691 <div id="audit-preview"> 695 692 <div class="aphront-panel-preview-loading-text"> ··· 698 695 </div> 699 696 <div id="inline-comment-preview"> 700 697 </div> 701 - </div>'; 698 + </div>'); 702 699 703 700 // TODO: This is pretty awkward, unify the CSS between Diffusion and 704 701 // Differential better. 705 702 require_celerity_resource('differential-core-view-css'); 706 703 707 - return phutil_render_tag( 704 + return phutil_tag( 708 705 'div', 709 706 array( 710 707 'id' => $pane_id, 711 708 ), 712 - phutil_render_tag( 713 - 'div', 714 - array( 715 - 'class' => 'differential-add-comment-panel', 716 - ), 709 + hsprintf( 710 + '<div class="differential-add-comment-panel">%s%s%s</div>', 717 711 id(new PhabricatorAnchorView()) 718 712 ->setAnchorName('comment') 719 713 ->setNavigationMarker(true) 720 - ->render(). 721 - $panel->render(). 714 + ->render(), 715 + $panel->render(), 722 716 $preview_panel)); 723 717 } 724 718 ··· 938 932 $ref); 939 933 } 940 934 941 - return array_interleave(', ', $ref_links); 935 + return phutil_implode_html(', ', $ref_links); 942 936 } 943 937 944 938 private function buildRawDiffResponse(DiffusionRequest $drequest) {

+1 -1

src/applications/diffusion/controller/DiffusionExternalController.php

··· 103 103 'href' => $href, 104 104 ), 105 105 'r'.$repo->getCallsign().$commit->getCommitIdentifier()), 106 - phutil_escape_html($commit->loadCommitData()->getSummary()), 106 + $commit->loadCommitData()->getSummary(), 107 107 ); 108 108 } 109 109

+2 -2

src/applications/diffusion/controller/DiffusionHomeController.php

··· 19 19 'href' => $shortcut->getHref(), 20 20 ), 21 21 $shortcut->getName()), 22 - phutil_escape_html($shortcut->getDescription()), 22 + $shortcut->getDescription(), 23 23 ); 24 24 } 25 25 ··· 130 130 'href' => '/diffusion/'.$repository->getCallsign().'/', 131 131 ), 132 132 $repository->getName()), 133 - phutil_escape_html($repository->getDetail('description')), 133 + $repository->getDetail('description'), 134 134 PhabricatorRepositoryType::getNameForRepositoryType( 135 135 $repository->getVersionControlSystem()), 136 136 $size,

+4 -5

src/applications/diffusion/controller/DiffusionLintController.php

··· 71 71 '<a href="%s">%s</a>', 72 72 $drequest->generateURI(array('action' => 'lint')), 73 73 $drequest->getCallsign()), 74 - phutil_escape_html(ArcanistLintSeverity::getStringForSeverity( 75 - $code['maxSeverity'])), 76 - phutil_escape_html($code['code']), 77 - phutil_escape_html($code['maxName']), 78 - phutil_escape_html($code['maxDescription']), 74 + ArcanistLintSeverity::getStringForSeverity($code['maxSeverity']), 75 + $code['code'], 76 + $code['maxName'], 77 + $code['maxDescription'], 79 78 ); 80 79 } 81 80

+4 -5

src/applications/diffusion/controller/DiffusionLintDetailsController.php

··· 34 34 $rows[] = array( 35 35 $path, 36 36 $line, 37 - phutil_escape_html(ArcanistLintSeverity::getStringForSeverity( 38 - $message['severity'])), 39 - phutil_escape_html($message['name']), 40 - phutil_escape_html($message['description']), 37 + ArcanistLintSeverity::getStringForSeverity($message['severity']), 38 + $message['name'], 39 + $message['description'], 41 40 ); 42 41 } 43 42 ··· 71 70 72 71 $content[] = id(new AphrontPanelView()) 73 72 ->setHeader( 74 - ($lint != '' ? phutil_escape_html($lint)." \xC2\xB7 " : ''). 73 + ($lint != '' ? $lint." \xC2\xB7 " : ''). 75 74 pht('%d Lint Message(s)', count($messages))) 76 75 ->setCaption($link) 77 76 ->appendChild($table)

+2 -4

src/applications/diffusion/controller/DiffusionRepositoryController.php

··· 68 68 'View Full Commit History'); 69 69 70 70 $panel = new AphrontPanelView(); 71 - $panel->setHeader("Recent Commits · {$all}"); 71 + $panel->setHeader(hsprintf("Recent Commits · %s", $all)); 72 72 $panel->appendChild($history_table); 73 73 $panel->setNoBackground(); 74 74 ··· 125 125 126 126 $rows = array(); 127 127 foreach ($properties as $key => $value) { 128 - $rows[] = array( 129 - phutil_escape_html($key), 130 - phutil_escape_html($value)); 128 + $rows[] = array($key, $value); 131 129 } 132 130 133 131 $table = new AphrontTableView($rows);

+8 -8

src/applications/diffusion/controller/DiffusionSymbolController.php

··· 81 81 $project_name = '-'; 82 82 } 83 83 84 - $file = phutil_escape_html($symbol->getPath()); 85 - $line = phutil_escape_html($symbol->getLineNumber()); 84 + $file = $symbol->getPath(); 85 + $line = $symbol->getLineNumber(); 86 86 87 87 $repo = $symbol->getRepository(); 88 88 if ($repo) { ··· 101 101 ), 102 102 $file.':'.$line); 103 103 } else if ($file) { 104 - $location = phutil_escape_html($file.':'.$line); 104 + $location = $file.':'.$line; 105 105 } else { 106 106 $location = '?'; 107 107 } 108 108 109 109 $rows[] = array( 110 - phutil_escape_html($symbol->getSymbolType()), 111 - phutil_escape_html($symbol->getSymbolContext()), 112 - phutil_escape_html($symbol->getSymbolName()), 113 - phutil_escape_html($symbol->getSymbolLanguage()), 114 - phutil_escape_html($project_name), 110 + $symbol->getSymbolType(), 111 + $symbol->getSymbolContext(), 112 + $symbol->getSymbolName(), 113 + $symbol->getSymbolLanguage(), 114 + $project_name, 115 115 $location, 116 116 ); 117 117 }

+2 -3

src/applications/diffusion/query/browse/DiffusionBrowseQuery.php

··· 119 119 $readme_content = $highlighter 120 120 ->getHighlightFuture($readme_content) 121 121 ->resolve(); 122 - $readme_content = nl2br($readme_content); 123 - $readme_content = phutil_safe_html($readme_content); 122 + $readme_content = phutil_escape_html_newlines($readme_content); 124 123 125 124 require_celerity_resource('syntax-highlighting-css'); 126 125 $class = 'remarkup-code'; 127 126 } else { 128 127 // Markup extensionless files as remarkup so we get links and such. 129 128 $engine = PhabricatorMarkupEngine::newDiffusionMarkupEngine(); 130 - $readme_content = phutil_safe_html($engine->markupText($readme_content)); 129 + $readme_content = $engine->markupText($readme_content); 131 130 132 131 $class = 'phabricator-remarkup'; 133 132 }

+9 -16

src/applications/diffusion/view/DiffusionBrowseTableView.php

··· 55 55 $committer = self::renderName($committer); 56 56 } 57 57 if ($author != $committer) { 58 - $author .= '/'.$committer; 58 + $author = hsprintf('%s/%s', $author, $committer); 59 59 } 60 60 } 61 61 ··· 132 132 $browse_text = $path->getPath().'/'; 133 133 $dir_slash = '/'; 134 134 135 - $browse_link = '<strong>'.$this->linkBrowse( 135 + $browse_link = phutil_tag('strong', array(), $this->linkBrowse( 136 136 $base_path.$path->getPath().$dir_slash, 137 137 array( 138 - 'text' => $this->renderPathIcon( 139 - 'dir', 140 - $browse_text), 141 - )).'</strong>'; 138 + 'text' => $this->renderPathIcon('dir', $browse_text), 139 + ))); 142 140 } else if ($file_type == DifferentialChangeType::FILE_SUBMODULE) { 143 141 $browse_text = $path->getPath().'/'; 144 - $browse_link = 145 - '<strong>'. 146 - $this->linkExternal( 147 - $path->getHash(), 148 - $path->getExternalURI(), 149 - $this->renderPathIcon( 150 - 'ext', 151 - $browse_text)). 152 - '</strong>'; 142 + $browse_link = phutil_tag('strong', array(), $this->linkExternal( 143 + $path->getHash(), 144 + $path->getExternalURI(), 145 + $this->renderPathIcon('ext', $browse_text))); 153 146 } else { 154 147 if ($file_type == DifferentialChangeType::FILE_SYMLINK) { 155 148 $type = 'link'; ··· 190 183 191 184 $need_pull[$uri] = $dict; 192 185 foreach ($dict as $k => $uniq) { 193 - $dict[$k] = '<span id="'.$uniq.'"></span>'; 186 + $dict[$k] = phutil_tag('span', array('id' => $uniq), ''); 194 187 } 195 188 } 196 189

+4 -4

src/applications/diffusion/view/DiffusionCommentListView.php

··· 87 87 ++$num; 88 88 } 89 89 90 - return 91 - '<div class="diffusion-comment-list">'. 92 - $this->renderSingleView($comments). 93 - '</div>'; 90 + return phutil_tag( 91 + 'div', 92 + array('class' => 'diffusion-comment-list'), 93 + $comments); 94 94 } 95 95 96 96 }

+14 -13

src/applications/diffusion/view/DiffusionCommentView.php

··· 114 114 $actions = array(); 115 115 if ($action == PhabricatorAuditActionConstants::ADD_CCS) { 116 116 $rendered_ccs = $this->renderHandleList($added_ccs); 117 - $actions[] = "{$author_link} added CCs: {$rendered_ccs}."; 117 + $actions[] = hsprintf("%s added CCs: %s.", $author_link, $rendered_ccs); 118 118 } else if ($action == PhabricatorAuditActionConstants::ADD_AUDITORS) { 119 119 $rendered_auditors = $this->renderHandleList($added_auditors); 120 - $actions[] = "{$author_link} added auditors: ". 121 - "{$rendered_auditors}."; 120 + $actions[] = hsprintf( 121 + "%s added auditors: %s.", 122 + $author_link, 123 + $rendered_auditors); 122 124 } else { 123 - $actions[] = "{$author_link} ".phutil_escape_html($verb)." this commit."; 125 + $actions[] = hsprintf("%s %s this commit.", $author_link, $verb); 124 126 } 125 127 126 128 foreach ($actions as $key => $action) { 127 - $actions[$key] = '<div>'.$action.'</div>'; 129 + $actions[$key] = phutil_tag('div', array(), $action); 128 130 } 129 131 130 132 return $actions; ··· 137 139 if (!strlen($comment->getContent()) && empty($this->inlineComments)) { 138 140 return null; 139 141 } else { 140 - return 141 - '<div class="phabricator-remarkup">'. 142 - $engine->getOutput( 143 - $comment, 144 - PhabricatorAuditComment::MARKUP_FIELD_BODY). 145 - $this->renderSingleView($this->renderInlines()). 146 - '</div>'; 142 + return hsprintf( 143 + '<div class="phabricator-remarkup">%s%s</div>', 144 + $engine->getOutput( 145 + $comment, 146 + PhabricatorAuditComment::MARKUP_FIELD_BODY), 147 + $this->renderSingleView($this->renderInlines())); 147 148 } 148 149 } 149 150 ··· 186 187 foreach ($phids as $phid) { 187 188 $result[] = $this->handles[$phid]->renderLink(); 188 189 } 189 - return implode(', ', $result); 190 + return phutil_implode_html(', ', $result); 190 191 } 191 192 192 193 private function renderClasses() {

+1 -1

src/applications/diffusion/view/DiffusionCommitChangeTableView.php

··· 51 51 ), 52 52 $path); 53 53 } else { 54 - $path_column = phutil_escape_html($path); 54 + $path_column = $path; 55 55 } 56 56 57 57 $rows[] = array(

+2 -2

src/applications/diffusion/view/DiffusionHistoryTableView.php

··· 107 107 } else { 108 108 $committer = self::renderName($committer); 109 109 } 110 - $author .= '/'.$committer; 110 + $author = hsprintf('%s/%s', $author, $committer); 111 111 } 112 112 113 113 $commit = $history->getCommit(); ··· 118 118 $path = null, 119 119 $history->getCommitIdentifier()); 120 120 } else { 121 - $change = "<em>Importing\xE2\x80\xA6</em>"; 121 + $change = phutil_tag('em', array(), "Importing\xE2\x80\xA6"); 122 122 } 123 123 124 124 $rows[] = array(

-1

src/applications/diffusion/view/DiffusionTagListView.php

··· 79 79 $description = $tag->getDescription(); 80 80 } 81 81 } 82 - $description = phutil_escape_html($description); 83 82 84 83 $rows[] = array( 85 84 $tag_link,

+1 -1

src/applications/diffusion/view/DiffusionView.php

··· 156 156 ), 157 157 $email->getDisplayName()); 158 158 } 159 - return phutil_escape_html($name); 159 + return hsprintf('%s', $name); 160 160 } 161 161 162 162 }

+1 -4

src/applications/diviner/controller/DivinerListController.php

··· 50 50 $flavor); 51 51 } 52 52 53 - $out = 54 - '<div class="aphront-directory-list">'. 55 - implode("\n", $out). 56 - '</div>'; 53 + $out = phutil_tag('div', array('class' => 'aphront-directory-list'), $out); 57 54 58 55 return $this->buildApplicationPage( 59 56 $out,

+1 -1

src/applications/drydock/controller/DrydockController.php

··· 44 44 'href' => $lease_uri, 45 45 ), 46 46 $log->getLeaseID()), 47 - phutil_escape_html($log->getMessage()), 47 + $log->getMessage(), 48 48 phabricator_date($log->getEpoch(), $user), 49 49 ); 50 50 }

+6 -7

src/applications/drydock/controller/DrydockLeaseReleaseController.php

··· 24 24 $dialog = id(new AphrontDialogView()) 25 25 ->setUser($user) 26 26 ->setTitle(pht('Lease Not Active')) 27 - ->appendChild( 28 - '<p>'.pht('You can only release "active" leases.').'</p>') 27 + ->appendChild(phutil_tag('p', array(), pht( 28 + 'You can only release "active" leases.'))) 29 29 ->addCancelButton($lease_uri); 30 30 31 31 return id(new AphrontDialogResponse())->setDialog($dialog); ··· 35 35 $dialog = id(new AphrontDialogView()) 36 36 ->setUser($user) 37 37 ->setTitle(pht('Really release lease?')) 38 - ->appendChild( 39 - '<p>'.pht( 40 - 'Releasing a lease may cause trouble for the lease holder and '. 41 - 'trigger cleanup of the underlying resource. It can not be '. 42 - 'undone. Continue?').'</p>') 38 + ->appendChild(phutil_tag('p', array(), pht( 39 + 'Releasing a lease may cause trouble for the lease holder and '. 40 + 'trigger cleanup of the underlying resource. It can not be '. 41 + 'undone. Continue?'))) 43 42 ->addSubmitButton(pht('Release Lease')) 44 43 ->addCancelButton($lease_uri); 45 44

+5 -6

src/applications/drydock/controller/DrydockResourceCloseController.php

··· 24 24 $dialog = id(new AphrontDialogView()) 25 25 ->setUser($user) 26 26 ->setTitle(pht('Resource Not Open')) 27 - ->appendChild( 28 - '<p>'.pht('You can only close "open" resources.').'</p>') 27 + ->appendChild(phutil_tag('p', array(), pht( 28 + 'You can only close "open" resources.'))) 29 29 ->addCancelButton($resource_uri); 30 30 31 31 return id(new AphrontDialogResponse())->setDialog($dialog); ··· 35 35 $dialog = id(new AphrontDialogView()) 36 36 ->setUser($user) 37 37 ->setTitle(pht('Really close resource?')) 38 - ->appendChild( 39 - '<p>'.pht( 40 - 'Closing a resource releases all leases and destroys the '. 41 - 'resource. It can not be undone. Continue?').'</p>') 38 + ->appendChild(phutil_tag('p', array(), pht( 39 + 'Closing a resource releases all leases and destroys the '. 40 + 'resource. It can not be undone. Continue?'))) 42 41 ->addSubmitButton(pht('Close Resource')) 43 42 ->addCancelButton($resource_uri); 44 43

+1 -4

src/applications/fact/controller/PhabricatorFactHomeController.php

··· 32 32 $name = $spec->getName(); 33 33 $value = $spec->formatValueForDisplay($user, $fact->getValueX()); 34 34 35 - $rows[] = array( 36 - phutil_escape_html($name), 37 - phutil_escape_html($value), 38 - ); 35 + $rows[] = array($name, $value); 39 36 } 40 37 41 38 $table = new AphrontTableView($rows);

+5 -6

src/applications/feed/builder/PhabricatorFeedBuilder.php

··· 40 40 41 41 if ($date !== $last_date) { 42 42 if ($last_date !== null) { 43 - $null_view->appendChild( 44 - '<div class="phabricator-feed-story-date-separator"></div>'); 43 + $null_view->appendChild(hsprintf( 44 + '<div class="phabricator-feed-story-date-separator"></div>')); 45 45 } 46 46 $last_date = $date; 47 47 $null_view->appendChild( ··· 59 59 $null_view->appendChild($view); 60 60 } 61 61 62 - return id(new AphrontNullView())->appendChild( 63 - '<div class="phabricator-feed-frame">'. 64 - $null_view->render(). 65 - '</div>'); 62 + return id(new AphrontNullView())->appendChild(hsprintf( 63 + '<div class="phabricator-feed-frame">%s</div>', 64 + $null_view->render())); 66 65 } 67 66 68 67 }

+1 -1

src/applications/feed/story/PhabricatorFeedStory.php

··· 224 224 foreach ($phids as $phid) { 225 225 $list[] = $this->linkTo($phid); 226 226 } 227 - return implode(', ', $list); 227 + return phutil_implode_html(', ', $list); 228 228 } 229 229 230 230 final protected function linkTo($phid) {

+5 -5

src/applications/feed/story/PhabricatorFeedStoryAudit.php

··· 15 15 $action = $this->getValue('action'); 16 16 $verb = PhabricatorAuditActionConstants::getActionPastTenseVerb($action); 17 17 18 - $view->setTitle( 19 - $this->linkTo($author_phid). 20 - " {$verb} commit ". 21 - $this->linkTo($commit_phid). 22 - "."); 18 + $view->setTitle(hsprintf( 19 + '%s %s commit %s.', 20 + $this->linkTo($author_phid), 21 + $verb, 22 + $this->linkTo($commit_phid))); 23 23 24 24 $view->setEpoch($this->getEpoch()); 25 25

+11 -4

src/applications/feed/story/PhabricatorFeedStoryCommit.php

··· 19 19 if ($data->getValue('authorPHID')) { 20 20 $author = $this->linkTo($data->getValue('authorPHID')); 21 21 } else { 22 - $author = phutil_escape_html($data->getValue('authorName')); 22 + $author = $data->getValue('authorName'); 23 23 } 24 24 25 25 $committer = null; 26 26 if ($data->getValue('committerPHID')) { 27 27 $committer = $this->linkTo($data->getValue('committerPHID')); 28 28 } else if ($data->getValue('committerName')) { 29 - $committer = phutil_escape_html($data->getValue('committerName')); 29 + $committer = $data->getValue('committerName'); 30 30 } 31 31 32 32 $commit = $this->linkTo($data->getValue('commitPHID')); ··· 37 37 } 38 38 39 39 if ($author) { 40 - $title = "{$committer} committed {$commit} (authored by {$author})"; 40 + $title = hsprintf( 41 + "%s committed %s (authored by %s)", 42 + $committer, 43 + $commit, 44 + $author); 41 45 } else { 42 - $title = "{$committer} committed {$commit}"; 46 + $title = hsprintf( 47 + "%s committed %s", 48 + $committer, 49 + $commit); 43 50 } 44 51 45 52 $view = new PhabricatorFeedStoryView();

+5 -1

src/applications/feed/story/PhabricatorFeedStoryDifferential.php

··· 51 51 52 52 $verb = DifferentialAction::getActionPastTenseVerb($action); 53 53 54 - $one_line = "{$actor_link} {$verb} revision {$revision_link}"; 54 + $one_line = hsprintf( 55 + '%s %s revision %s', 56 + $actor_link, 57 + $verb, 58 + $revision_link); 55 59 56 60 return $one_line; 57 61 }

+11 -4

src/applications/feed/story/PhabricatorFeedStoryManiphest.php

··· 66 66 case ManiphestAction::ACTION_REASSIGN: 67 67 if ($owner_phid) { 68 68 if ($owner_phid == $actor_phid) { 69 - $one_line = "{$actor_link} claimed {$task_link}"; 69 + $one_line = hsprintf('%s claimed %s', $actor_link, $task_link); 70 70 } else { 71 - $one_line = "{$actor_link} {$verb} {$task_link} to {$owner_link}"; 71 + $one_line = hsprintf('%s %s %s to %s', 72 + $actor_link, 73 + $verb, 74 + $owner_link, 75 + $task_link); 72 76 } 73 77 } else { 74 - $one_line = "{$actor_link} placed {$task_link} up for grabs"; 78 + $one_line = hsprintf( 79 + '%s placed %s up for grabs', 80 + $actor_link, 81 + $task_link); 75 82 } 76 83 break; 77 84 default: 78 - $one_line = "{$actor_link} {$verb} {$task_link}"; 85 + $one_line = hsprintf('%s %s %s', $actor_link, $verb, $task_link); 79 86 break; 80 87 } 81 88

+5 -4

src/applications/feed/story/PhabricatorFeedStoryPhriction.php

··· 17 17 $action = $data->getValue('action'); 18 18 $verb = PhrictionActionConstants::getActionPastTenseVerb($action); 19 19 20 - $view->setTitle( 21 - $this->linkTo($author_phid). 22 - " {$verb} the document ". 23 - $this->linkTo($document_phid).'.'); 20 + $view->setTitle(hsprintf( 21 + '%s %s the document %s.', 22 + $this->linkTo($author_phid), 23 + $verb, 24 + $this->linkTo($document_phid))); 24 25 $view->setEpoch($data->getEpoch()); 25 26 26 27 $action = $data->getValue('action');

+32 -35

src/applications/feed/story/PhabricatorFeedStoryProject.php

··· 21 21 switch ($type) { 22 22 case PhabricatorProjectTransactionType::TYPE_NAME: 23 23 if (strlen($old)) { 24 - $action = 'renamed project '. 25 - $this->linkTo($proj_phid). 26 - ' from '. 27 - $this->renderString($old). 28 - ' to '. 29 - $this->renderString($new). 30 - '.'; 24 + $action = hsprintf( 25 + 'renamed project %s from %s to %s.', 26 + $this->linkTo($proj_phid), 27 + $this->renderString($old), 28 + $this->renderString($new)); 31 29 } else { 32 - $action = 'created project '. 33 - $this->linkTo($proj_phid). 34 - ' (as '. 35 - $this->renderString($new). 36 - ').'; 30 + $action = hsprintf( 31 + 'created project %s (as %s).', 32 + $this->linkTo($proj_phid), 33 + $this->renderString($new)); 37 34 } 38 35 break; 39 36 case PhabricatorProjectTransactionType::TYPE_STATUS: 40 - $action = 'changed project '. 41 - $this->linkTo($proj_phid). 42 - ' status from '. 43 - $this->renderString( 44 - PhabricatorProjectStatus::getNameForStatus($old)). 45 - ' to '. 46 - $this->renderString( 47 - PhabricatorProjectStatus::getNameForStatus($new)). 48 - '.'; 37 + $action = hsprintf( 38 + 'changed project %s status from %s to %s.', 39 + $this->linkTo($proj_phid), 40 + $this->renderString(PhabricatorProjectStatus::getNameForStatus($old)), 41 + $this->renderString(PhabricatorProjectStatus::getNameForStatus($new)) 42 + ); 49 43 break; 50 44 case PhabricatorProjectTransactionType::TYPE_MEMBERS: 51 45 $add = array_diff($new, $old); ··· 53 47 54 48 if ((count($add) == 1) && (count($rem) == 0) && 55 49 (head($add) == $author_phid)) { 56 - $action = 'joined project '.$this->linkTo($proj_phid).'.'; 50 + $action = hsprintf('joined project %s.', $this->linkTo($proj_phid)); 57 51 } else if ((count($add) == 0) && (count($rem) == 1) && 58 52 (head($rem) == $author_phid)) { 59 - $action = 'left project '.$this->linkTo($proj_phid).'.'; 53 + $action = hsprintf('left project %s.', $this->linkTo($proj_phid)); 60 54 } else if (empty($rem)) { 61 - $action = 'added members to project '. 62 - $this->linkTo($proj_phid).': '. 63 - $this->renderHandleList($add).'.'; 55 + $action = hsprintf( 56 + 'added members to project %s: %s.', 57 + $this->linkTo($proj_phid), 58 + $this->renderHandleList($add)); 64 59 } else if (empty($add)) { 65 - $action = 'removed members from project '. 66 - $this->linkTo($proj_phid).': '. 67 - $this->renderHandleList($rem).'.'; 60 + $action = hsprintf( 61 + 'removed members from project %s: %s.', 62 + $this->linkTo($proj_phid), 63 + $this->renderHandleList($rem)); 68 64 } else { 69 - $action = 'changed members of project '. 70 - $this->linkTo($proj_phid).', added: '. 71 - $this->renderHandleList($add).'; removed: '. 72 - $this->renderHandleList($rem).'.'; 65 + $action = hsprintf( 66 + 'changed members of project %s, added: %s; removed: %s.', 67 + $this->linkTo($proj_phid), 68 + $this->renderHandleList($add), 69 + $this->renderHandleList($rem)); 73 70 } 74 71 break; 75 72 default: 76 - $action = 'updated project '.$this->linkTo($proj_phid).'.'; 73 + $action = hsprintf('updated project %s.', $this->linkTo($proj_phid)); 77 74 break; 78 75 } 79 - $view->setTitle($this->linkTo($author_phid).' '.$action); 76 + $view->setTitle(hsprintf('%s %s', $this->linkTo($author_phid), $action)); 80 77 $view->setOneLineStory(true); 81 78 82 79 return $view;

+4 -4

src/applications/feed/view/PhabricatorFeedStoryView.php

··· 58 58 $classes[] = 'phabricator-notification-unread'; 59 59 } 60 60 61 - return javelin_render_tag( 61 + return javelin_tag( 62 62 'div', 63 63 array( 64 64 'class' => implode(' ', $classes), ··· 72 72 73 73 public function render() { 74 74 75 - $head = phutil_render_tag( 75 + $head = phutil_tag( 76 76 'div', 77 77 array( 78 78 'class' => 'phabricator-feed-story-head', ··· 84 84 $image_style = null; 85 85 86 86 if (!$this->oneLine) { 87 - $body = phutil_render_tag( 87 + $body = phutil_tag( 88 88 'div', 89 89 array( 90 90 'class' => 'phabricator-feed-story-body', ··· 111 111 112 112 require_celerity_resource('phabricator-feed-css'); 113 113 114 - return phutil_render_tag( 114 + return phutil_tag( 115 115 'div', 116 116 array( 117 117 'class' => $this->oneLine

+1 -1

src/applications/flag/events/PhabricatorFlagsUIEventListener.php

··· 31 31 $flag_action = id(new PhabricatorActionView()) 32 32 ->setWorkflow(true) 33 33 ->setHref('/flag/delete/'.$flag->getID().'/') 34 - ->setName(phutil_escape_html('Remove '.$color.' Flag')) 34 + ->setName('Remove '.$color.' Flag') 35 35 ->setIcon('flag-'.$flag->getColor()); 36 36 } else { 37 37 $flag_action = id(new PhabricatorActionView())

+1 -1

src/applications/flag/view/PhabricatorFlagListView.php

··· 27 27 ), 28 28 ''), 29 29 $flag->getHandle()->renderLink(), 30 - phutil_escape_html($flag->getNote()), 30 + $flag->getNote(), 31 31 phabricator_datetime($flag->getDateCreated(), $user), 32 32 phabricator_form( 33 33 $user,

+5 -5

src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php

··· 27 27 foreach ($shortcut['keys'] as $stroke) { 28 28 $keystrokes[] = phutil_tag('kbd', array(), $stroke); 29 29 } 30 - $keystrokes = array_interleave(' or ', $keystrokes); 30 + $keystrokes = phutil_implode_html(' or ', $keystrokes); 31 31 $rows[] = phutil_tag( 32 32 'tr', 33 33 array(), ··· 37 37 )); 38 38 } 39 39 40 - $table = 41 - '<table class="keyboard-shortcut-help">'. 42 - implode('', $rows). 43 - '</table>'; 40 + $table = phutil_tag( 41 + 'table', 42 + array('class' => 'keyboard-shortcut-help'), 43 + $rows); 44 44 45 45 $dialog = id(new AphrontDialogView()) 46 46 ->setUser($user)

+7 -12

src/applications/herald/controller/HeraldTranscriptController.php

··· 301 301 } 302 302 303 303 $rows[] = array( 304 - phutil_escape_html($action_names[$apply_xscript->getAction()]), 305 - phutil_escape_html($target), 304 + $action_names[$apply_xscript->getAction()], 305 + $target, 306 306 hsprintf( 307 307 '<strong>Taken because:</strong> %s<br />'. 308 308 '<strong>Outcome:</strong> %s %s', ··· 437 437 438 438 $panel = new AphrontPanelView(); 439 439 $panel->setHeader('Rule Details'); 440 - $panel->appendChild( 441 - '<ul class="herald-explain-list">'. 442 - implode("\n", $rule_markup). 443 - '</ul>'); 440 + $panel->appendChild(phutil_tag( 441 + 'ul', 442 + array('class' => 'herald-explain-list'), 443 + $rule_markup)); 444 444 445 445 return $panel; 446 446 } ··· 487 487 'class' => 'herald-field-value-transcript', 488 488 ), 489 489 $value); 490 - } else { 491 - $value = phutil_escape_html($value); 492 490 } 493 491 } 494 492 495 - $rows[] = array( 496 - phutil_escape_html($name), 497 - $value, 498 - ); 493 + $rows[] = array($name, $value); 499 494 } 500 495 501 496 $table = new AphrontTableView($rows);

+3 -3

src/applications/herald/view/HeraldRuleEditHistoryView.php

··· 32 32 33 33 switch ($edit->getAction()) { 34 34 case 'create': 35 - $details = "Created rule '{$rule_name}'."; 35 + $details = pht("Created rule '%s'.", $rule_name); 36 36 break; 37 37 case 'delete': 38 - $details = "Deleted rule '{$rule_name}'."; 38 + $details = pht("Deleted rule '%s'.", $rule_name); 39 39 break; 40 40 case 'edit': 41 41 default: 42 - $details = "Edited rule '{$rule_name}'."; 42 + $details = pht("Edited rule '%s'.", $rule_name); 43 43 break; 44 44 } 45 45

+4 -4

src/applications/macro/controller/PhabricatorMacroDisableController.php

··· 43 43 $dialog 44 44 ->setUser($request->getUser()) 45 45 ->setTitle(pht('Really disable macro?')) 46 - ->appendChild( 47 - '<p>'.pht('Really disable the much-beloved image macro %s? '. 48 - 'It will be sorely missed.', phutil_escape_html($macro->getName())). 49 - '</p>') 46 + ->appendChild(phutil_tag('p', array(), pht( 47 + 'Really disable the much-beloved image macro %s? '. 48 + 'It will be sorely missed.', 49 + $macro->getName()))) 50 50 ->setSubmitURI($this->getApplicationURI('/disable/'.$this->id.'/')) 51 51 ->addSubmitButton(pht('Disable')) 52 52 ->addCancelButton($view_uri);

+1 -1

src/applications/macro/controller/PhabricatorMacroViewController.php

··· 147 147 foreach ($subscribers as $subscriber) { 148 148 $sub_view[] = $this->getHandle($subscriber)->renderLink(); 149 149 } 150 - $sub_view = array_interleave(', ', $sub_view); 150 + $sub_view = phutil_implode_html(', ', $sub_view); 151 151 } else { 152 152 $sub_view = phutil_tag('em', array(), pht('None')); 153 153 }

+4 -4

src/applications/macro/storage/PhabricatorMacroTransaction.php

··· 64 64 return pht( 65 65 '%s renamed this macro from "%s" to "%s".', 66 66 $this->renderHandleLink($author_phid), 67 - phutil_escape_html($old), 68 - phutil_escape_html($new)); 67 + $old, 68 + $new); 69 69 break; 70 70 case PhabricatorMacroTransactionType::TYPE_DISABLED: 71 71 if ($new) { ··· 109 109 '%s renamed %s from "%s" to "%s".', 110 110 $this->renderHandleLink($author_phid), 111 111 $this->renderHandleLink($object_phid), 112 - phutil_escape_html($old), 113 - phutil_escape_html($new)); 112 + $old, 113 + $new); 114 114 case PhabricatorMacroTransactionType::TYPE_DISABLED: 115 115 if ($new) { 116 116 return pht(

+2 -2

src/applications/mailinglists/controller/PhabricatorMailingListsListController.php

··· 31 31 $rows = array(); 32 32 foreach ($lists as $list) { 33 33 $rows[] = array( 34 - phutil_escape_html($list->getName()), 35 - phutil_escape_html($list->getEmail()), 34 + $list->getName(), 35 + $list->getEmail(), 36 36 phutil_tag( 37 37 'a', 38 38 array(

+2 -6

src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php

··· 152 152 switch ($this->getFieldType()) { 153 153 case self::TYPE_BOOL: 154 154 if ($this->getValue()) { 155 - return phutil_escape_html($this->getCheckboxValue()); 155 + return $this->getCheckboxValue(); 156 156 } else { 157 157 return null; 158 158 } 159 159 case self::TYPE_SELECT: 160 160 $display = idx($this->getSelectOptions(), $this->getValue()); 161 - return phutil_escape_html($display); 161 + return $display; 162 162 } 163 163 return parent::renderForDetailView(); 164 164 } ··· 201 201 "from '{$old}' to '{$new}'"; 202 202 } 203 203 break; 204 - } 205 - 206 - if ($target == self::RENDER_TARGET_HTML) { 207 - $desc = phutil_escape_html($desc); 208 204 } 209 205 210 206 return $desc;

+1 -1

src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldSpecification.php

··· 71 71 } 72 72 73 73 public function renderForDetailView() { 74 - return phutil_escape_html($this->getValue()); 74 + return $this->getValue(); 75 75 } 76 76 77 77

+4 -4

src/applications/maniphest/controller/ManiphestExportController.php

··· 28 28 $dialog->setUser($user); 29 29 30 30 $dialog->setTitle('Excel Export Not Configured'); 31 - $dialog->appendChild( 31 + $dialog->appendChild(hsprintf( 32 32 '<p>This system does not have PHPExcel installed. This software '. 33 33 'component is required to export tasks to Excel. Have your system '. 34 34 'administrator install it from:</p>'. ··· 38 38 '</p>'. 39 39 '<br />'. 40 40 '<p>Your PHP "include_path" needs to be updated to include the '. 41 - 'PHPExcel Classes/ directory.</p>'); 41 + 'PHPExcel Classes/ directory.</p>')); 42 42 43 43 $dialog->addCancelButton('/maniphest/'); 44 44 return id(new AphrontDialogResponse())->setDialog($dialog); ··· 59 59 $dialog->setUser($user); 60 60 61 61 $dialog->setTitle('Export Tasks to Excel'); 62 - $dialog->appendChild( 63 - '<p>Do you want to export the query results to Excel?</p>'); 62 + $dialog->appendChild(phutil_tag('p', array(), pht( 63 + 'Do you want to export the query results to Excel?'))); 64 64 65 65 $dialog->addCancelButton('/maniphest/'); 66 66 $dialog->addSubmitButton('Export to Excel');

+3 -3

src/applications/maniphest/controller/ManiphestReportController.php

··· 244 244 )); 245 245 246 246 if ($handle) { 247 - $header = "Task Burn Rate for Project ".$handle->renderLink(); 247 + $header = pht("Task Burn Rate for Project %s", $handle->renderLink()); 248 248 $caption = hsprintf( 249 249 "<p>NOTE: This table reflects tasks <em>currently</em> in ". 250 250 "the project. If a task was opened in the past but added to ". ··· 363 363 $fmt = number_format($delta); 364 364 if ($delta > 0) { 365 365 $fmt = '+'.$fmt; 366 - $fmt = '<span class="red">'.$fmt.'</span>'; 366 + $fmt = hsprintf('<span class="red">%s</span>', $fmt); 367 367 } else { 368 - $fmt = '<span class="green">'.$fmt.'</span>'; 368 + $fmt = hsprintf('<span class="green">%s</span>', $fmt); 369 369 } 370 370 371 371 return array(

+2 -2

src/applications/maniphest/controller/ManiphestSavedQueryListController.php

··· 81 81 'value' => 0, 82 82 'checked' => ($default === null ? 'checked' : null), 83 83 )), 84 - '<em>No Default</em>', 84 + phutil_tag('em', array(), 'No Default'), 85 85 '', 86 86 '', 87 87 ); ··· 111 111 'Save Default Query')); 112 112 $panel->appendChild($table); 113 113 114 - $form = phabricator_render_form( 114 + $form = phabricator_form( 115 115 $user, 116 116 array( 117 117 'method' => 'POST',

+3 -4

src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php

··· 18 18 ManiphestTask::MARKUP_FIELD_DESCRIPTION, 19 19 $request->getUser()); 20 20 21 - $content = 22 - '<div class="phabricator-remarkup">'. 23 - $output. 24 - '</div>'; 21 + $content = hsprintf( 22 + '<div class="phabricator-remarkup">%s</div>', 23 + $output); 25 24 26 25 return id(new AphrontAjaxResponse()) 27 26 ->setContent($content);

+27 -32

src/applications/maniphest/controller/ManiphestTaskDetailController.php

··· 88 88 89 89 if ($parent_task) { 90 90 $context_bar = new AphrontContextBarView(); 91 - $context_bar->addButton( 92 - phutil_tag( 93 - 'a', 94 - array( 95 - 'href' => '/maniphest/task/create/?parent='.$parent_task->getID(), 96 - 'class' => 'green button', 97 - ), 98 - 'Create Another Subtask')); 99 - $context_bar->appendChild( 100 - 'Created a subtask of <strong>'. 101 - $this->getHandle($parent_task->getPHID())->renderLink(). 102 - '</strong>'); 91 + $context_bar->addButton(phutil_tag( 92 + 'a', 93 + array( 94 + 'href' => '/maniphest/task/create/?parent='.$parent_task->getID(), 95 + 'class' => 'green button', 96 + ), 97 + 'Create Another Subtask')); 98 + $context_bar->appendChild(hsprintf( 99 + 'Created a subtask of <strong>%s</strong>', 100 + $this->getHandle($parent_task->getPHID())->renderLink())); 103 101 } else if ($workflow == 'create') { 104 102 $context_bar = new AphrontContextBarView(); 105 - $context_bar->addButton('<label>Create Another:</label>'); 106 - $context_bar->addButton( 107 - phutil_tag( 108 - 'a', 109 - array( 110 - 'href' => '/maniphest/task/create/?template='.$task->getID(), 111 - 'class' => 'green button', 112 - ), 103 + $context_bar->addButton(phutil_tag('label', array(), 'Create Another')); 104 + $context_bar->addButton(phutil_tag( 105 + 'a', 106 + array( 107 + 'href' => '/maniphest/task/create/?template='.$task->getID(), 108 + 'class' => 'green button', 109 + ), 113 110 'Similar Task')); 114 - $context_bar->addButton( 115 - phutil_tag( 116 - 'a', 117 - array( 118 - 'href' => '/maniphest/task/create/', 119 - 'class' => 'green button', 120 - ), 111 + $context_bar->addButton(phutil_tag( 112 + 'a', 113 + array( 114 + 'href' => '/maniphest/task/create/', 115 + 'class' => 'green button', 116 + ), 121 117 'Empty Task')); 122 118 $context_bar->appendChild('New task created.'); 123 119 } ··· 305 301 $comment_header = id(new PhabricatorHeaderView()) 306 302 ->setHeader($is_serious ? pht('Add Comment') : pht('Weigh In')); 307 303 308 - $preview_panel = 304 + $preview_panel = hsprintf( 309 305 '<div class="aphront-panel-preview"> 310 306 <div id="transaction-preview"> 311 - <div class="aphront-panel-preview-loading-text"> 312 - '.pht('Loading preview...').' 313 - </div> 307 + <div class="aphront-panel-preview-loading-text">%s</div> 314 308 </div> 315 - </div>'; 309 + </div>', 310 + pht('Loading preview...')); 316 311 317 312 $transaction_view = new ManiphestTransactionListView(); 318 313 $transaction_view->setTransactions($transactions);

+4 -4

src/applications/maniphest/controller/ManiphestTaskEditController.php

··· 456 456 457 457 if ($files) { 458 458 $file_display = mpull($files, 'getName'); 459 - $file_display = array_interleave(phutil_tag('br'), $file_display); 459 + $file_display = phutil_implode_html(phutil_tag('br'), $file_display); 460 460 461 461 $form->appendChild( 462 462 id(new AphrontFormMarkupControl()) ··· 512 512 $panel->appendChild($form); 513 513 $panel->setNoBackground(); 514 514 515 - $description_preview_panel = 515 + $description_preview_panel = hsprintf( 516 516 '<div class="aphront-panel-preview aphront-panel-preview-full"> 517 517 <div class="maniphest-description-preview-header"> 518 518 Description Preview ··· 522 522 Loading preview... 523 523 </div> 524 524 </div> 525 - </div>'; 525 + </div>'); 526 526 527 527 Javelin::initBehavior( 528 528 'maniphest-description-preview', ··· 542 542 array( 543 543 $error_view, 544 544 $panel, 545 - $description_preview_panel 545 + $description_preview_panel, 546 546 ), 547 547 array( 548 548 'title' => $header_name,

+23 -27

src/applications/maniphest/controller/ManiphestTaskListController.php

··· 298 298 require_celerity_resource('maniphest-task-summary-css'); 299 299 300 300 $list_container = new AphrontNullView(); 301 - $list_container->appendChild('<div class="maniphest-list-container">'); 301 + $list_container->appendChild(hsprintf( 302 + '<div class="maniphest-list-container">')); 302 303 303 304 if (!$have_tasks) { 304 - $list_container->appendChild( 305 + $list_container->appendChild(hsprintf( 305 306 '<h1 class="maniphest-task-group-header">'. 306 307 'No matching tasks.'. 307 - '</h1>'); 308 + '</h1>')); 308 309 } else { 309 310 $pager = new AphrontPagerView(); 310 311 $pager->setURI($request->getRequestURI(), 'offset'); ··· 316 317 $max = min($pager->getOffset() + $page_size, $total_count); 317 318 $tot = $total_count; 318 319 319 - $cur = number_format($cur); 320 - $max = number_format($max); 321 - $tot = number_format($tot); 322 - 323 - $list_container->appendChild( 320 + $list_container->appendChild(hsprintf( 324 321 '<div class="maniphest-total-result-count">'. 325 - "Displaying tasks {$cur} - {$max} of {$tot}.". 326 - '</div>'); 322 + "Displaying tasks %s - %s of %s.". 323 + '</div>', 324 + number_format($cur), 325 + number_format($max), 326 + number_format($tot))); 327 327 328 328 $selector = new AphrontNullView(); 329 329 ··· 334 334 ($group == 'none' || $group == 'priority'); 335 335 336 336 $lists = new AphrontNullView(); 337 - $lists->appendChild('<div class="maniphest-group-container">'); 337 + $lists->appendChild(hsprintf('<div class="maniphest-group-container">')); 338 338 foreach ($tasks as $group => $list) { 339 339 $task_list = new ManiphestTaskListView(); 340 340 $task_list->setShowBatchControls(true); ··· 367 367 368 368 $lists->appendChild($panel); 369 369 } 370 - $lists->appendChild('</div>'); 370 + $lists->appendChild(hsprintf('</div>')); 371 371 $selector->appendChild($lists); 372 372 373 373 374 374 $selector->appendChild($this->renderBatchEditor($query)); 375 375 376 376 $form_id = celerity_generate_unique_node_id(); 377 - $selector = phabricator_render_form( 377 + $selector = phabricator_form( 378 378 $user, 379 379 array( 380 380 'method' => 'POST', ··· 394 394 )); 395 395 } 396 396 397 - $list_container->appendChild('</div>'); 397 + $list_container->appendChild(hsprintf('</div>')); 398 398 $nav->appendChild($list_container); 399 399 400 400 $title = pht('Task List'); ··· 678 678 ), 679 679 'Export Tasks to Excel...'); 680 680 681 - return 681 + return hsprintf( 682 682 '<div class="maniphest-batch-editor">'. 683 683 '<div class="batch-editor-header">Batch Task Editor</div>'. 684 684 '<table class="maniphest-batch-editor-layout">'. 685 685 '<tr>'. 686 - '<td>'. 687 - $select_all. 688 - $select_none. 689 - '</td>'. 690 - '<td>'. 691 - $export. 692 - '</td>'. 693 - '<td id="batch-select-status-cell">'. 694 - '0 Selected Tasks'. 695 - '</td>'. 696 - '<td class="batch-select-submit-cell">'.$submit.'</td>'. 686 + '<td>%s%s</td>'. 687 + '<td>%s</td>'. 688 + '<td id="batch-select-status-cell">0 Selected Tasks</td>'. 689 + '<td class="batch-select-submit-cell">%s</td>'. 697 690 '</tr>'. 698 691 '</table>'. 699 - '</table>'; 692 + '</table>', 693 + $select_all, $select_none, 694 + $export, 695 + $submit); 700 696 } 701 697 702 698 private function buildQueryFromRequest() {

+1 -1

src/applications/maniphest/view/ManiphestTaskListView.php

··· 45 45 $views[] = $view->render(); 46 46 } 47 47 48 - return $this->renderHTMLView($views); 48 + return $this->renderSingleView($views); 49 49 } 50 50 51 51 }

+1 -1

src/applications/maniphest/view/ManiphestTaskProjectsView.php

··· 52 52 "\xE2\x80\xA6"); 53 53 } 54 54 55 - return $this->renderHTMLView($tags); 55 + return $this->renderSingleView($tags); 56 56 } 57 57 58 58 }

+6 -9

src/applications/maniphest/view/ManiphestTransactionDetailView.php

··· 179 179 } 180 180 181 181 if ($this->getRenderSummaryOnly()) { 182 - return implode("\n", $descs); 182 + return phutil_implode_html("\n", $descs); 183 183 } 184 184 185 185 if ($comment_transaction && $comment_transaction->hasComments()) { 186 186 $comment_block = $this->markupEngine->getOutput( 187 187 $comment_transaction, 188 188 ManiphestTransaction::MARKUP_FIELD_BODY); 189 - $comment_block = 190 - '<div class="maniphest-transaction-comments phabricator-remarkup">'. 191 - $comment_block. 192 - '</div>'; 189 + $comment_block = phutil_tag( 190 + 'div', 191 + array('class' => 'maniphest-transaction-comments phabricator-remarkup'), 192 + $comment_block); 193 193 } else { 194 194 $comment_block = null; 195 195 } ··· 590 590 DifferentialChangesetParser::parseRangeSpecification($spec); 591 591 $output = $parser->render($range_s, $range_e, $mask); 592 592 593 - // TODO: [HTML] DifferentialChangesetParser needs cleanup. 594 - $output = phutil_safe_html($output); 595 - 596 593 return $output; 597 594 } 598 595 ··· 627 624 $links[] = $this->handles[$phid]->renderLink(); 628 625 } 629 626 } 630 - return implode(', ', $links); 627 + return phutil_implode_html(', ', $links); 631 628 } 632 629 633 630 private function renderString($string) {

+4 -4

src/applications/maniphest/view/ManiphestTransactionListView.php

··· 102 102 $views[] = $view->render(); 103 103 } 104 104 105 - return 106 - '<div class="maniphest-transaction-list-view">'. 107 - implode("\n", $views). 108 - '</div>'; 105 + return phutil_tag( 106 + 'div', 107 + array('class' => 'maniphest-transaction-list-view'), 108 + $views); 109 109 } 110 110 111 111 }

+2 -2

src/applications/meta/view/PhabricatorApplicationLaunchView.php

··· 128 128 'href' => $application ? $application->getBaseURI() : null, 129 129 'title' => $application ? $application->getShortDescription() : null, 130 130 ), 131 - $this->renderHTMLView( 131 + $this->renderSingleView( 132 132 array( 133 133 $icon, 134 134 $content, 135 135 ))); 136 136 137 - return $this->renderHTMLView( 137 + return $this->renderSingleView( 138 138 array( 139 139 $app_button, 140 140 $create_button,

+1 -1

src/applications/metamta/controller/PhabricatorMetaMTAListController.php

··· 67 67 phabricator_datetime($mail->getDateCreated(), $user), 68 68 phabricator_format_relative_time_detailed( 69 69 time() - $mail->getDateModified()), 70 - phutil_escape_html($mail->getSubject()), 70 + $mail->getSubject(), 71 71 phutil_tag( 72 72 'a', 73 73 array(

+1 -1

src/applications/metamta/controller/PhabricatorMetaMTAReceivedListController.php

··· 38 38 $mail->getRelatedPHID() 39 39 ? $handles[$mail->getRelatedPHID()]->renderLink() 40 40 : '-', 41 - phutil_escape_html($mail->getMessage()), 41 + $mail->getMessage(), 42 42 ); 43 43 } 44 44

+7 -10

src/applications/notification/controller/PhabricatorNotificationListController.php

··· 43 43 44 44 if ($notifications) { 45 45 $builder = new PhabricatorNotificationBuilder($notifications); 46 - $view = $builder->buildView(); 46 + $view = $builder->buildView()->render(); 47 47 } else { 48 - $view = 49 - '<div class="phabricator-notification no-notifications">'. 50 - $no_data. 51 - '</div>'; 48 + $view = hsprintf( 49 + '<div class="phabricator-notification no-notifications">%s</div>', 50 + $no_data); 52 51 } 53 52 54 - $view = array( 55 - '<div class="phabricator-notification-list">', 56 - $view, 57 - '</div>', 58 - ); 53 + $view = hsprintf( 54 + '<div class="phabricator-notification-list">%s</div>', 55 + $view); 59 56 60 57 $panel = new AphrontPanelView(); 61 58 $panel->setHeader($header);

+15 -17

src/applications/notification/controller/PhabricatorNotificationPanelController.php

··· 20 20 $notifications_view = $builder->buildView(); 21 21 $content = $notifications_view->render(); 22 22 } else { 23 - $content = 24 - '<div class="phabricator-notification no-notifications">'. 25 - 'You have no notifications.'. 26 - '</div>'; 23 + $content = hsprintf( 24 + '<div class="phabricator-notification no-notifications">%s</div>', 25 + pht('You have no notifications.')); 27 26 } 28 27 29 - $content = 30 - '<div class="phabricator-notification-header">'. 31 - pht('Notifications'). 32 - '</div>'. 33 - $content. 34 - '<div class="phabricator-notification-view-all">'. 35 - phutil_tag( 36 - 'a', 37 - array( 38 - 'href' => '/notification/', 39 - ), 40 - 'View All Notifications'). 41 - '</div>'; 28 + $content = hsprintf( 29 + '<div class="phabricator-notification-header">%s</div>'. 30 + '%s'. 31 + '<div class="phabricator-notification-view-all">%s</div>', 32 + pht('Notifications'), 33 + $content, 34 + phutil_tag( 35 + 'a', 36 + array( 37 + 'href' => '/notification/', 38 + ), 39 + 'View All Notifications')); 42 40 43 41 $unread_count = id(new PhabricatorFeedStoryNotification()) 44 42 ->countUnread($user);

+2 -5

src/applications/notification/controller/PhabricatorNotificationStatusController.php

··· 45 45 46 46 $rows = array(); 47 47 foreach ($status as $key => $value) { 48 - $label = phutil_escape_html($key); 49 - 50 48 switch ($key) { 51 49 case 'uptime': 52 50 $value /= 1000; 53 51 $value = phabricator_format_relative_time_detailed($value); 54 52 break; 55 53 case 'log': 56 - $value = phutil_escape_html($value); 57 54 break; 58 55 default: 59 - $value = phutil_escape_html(number_format($value)); 56 + $value = number_format($value); 60 57 break; 61 58 } 62 59 63 - $rows[] = array($label, $value); 60 + $rows[] = array($key, $value); 64 61 } 65 62 66 63 $table = new AphrontTableView($rows);

+1 -2

src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php

··· 143 143 144 144 // display time -- make a nice form for the user to grant the client 145 145 // access to the granularity specified by $scope 146 - $name = phutil_escape_html($client->getName()); 147 - $title = 'Authorize ' . $name . '?'; 146 + $title = 'Authorize '.$client->getName().'?'; 148 147 $panel = new AphrontPanelView(); 149 148 $panel->setWidth(AphrontPanelView::WIDTH_FORM); 150 149 $panel->setHeader($title);

+3 -5

src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php

··· 32 32 ->setURI('/oauthserver/client/?deleted=1'); 33 33 } 34 34 35 - $client_name = phutil_escape_html($client->getName()); 36 - $title .= ' '.$client_name; 35 + $title .= ' '.$client->getName(); 37 36 38 37 $dialog = new AphrontDialogView(); 39 38 $dialog->setUser($current_user); 40 39 $dialog->setTitle($title); 41 - $dialog->appendChild( 42 - '<p>Are you sure you want to delete this client?</p>' 43 - ); 40 + $dialog->appendChild(phutil_tag('p', array(), pht( 41 + 'Are you sure you want to delete this client?'))); 44 42 $dialog->addSubmitButton(); 45 43 $dialog->addCancelButton($client->getEditURI()); 46 44 return id(new AphrontDialogResponse())->setDialog($dialog);

-2

src/applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php

··· 113 113 $new = $this->getRequest()->getStr('new'); 114 114 $deleted = $this->getRequest()->getBool('deleted'); 115 115 if ($edited) { 116 - $edited = phutil_escape_html($edited); 117 116 $title = 'Successfully edited client with id '.$edited.'.'; 118 117 } else if ($new) { 119 - $new = phutil_escape_html($new); 120 118 $title = 'Successfully created client with id '.$new.'.'; 121 119 } else if ($deleted) { 122 120 $title = 'Successfully deleted client.';

+3 -6

src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php

··· 37 37 ->loadOneWhere('phid = %s', 38 38 $client_phid); 39 39 if ($client) { 40 - $client_name = phutil_escape_html($client->getName()); 41 - $title .= ' for '.$client_name; 40 + $title .= ' for '.$client->getName(); 42 41 } else { 43 42 // the client does not exist so token is dead already (but 44 43 // let's let the user clean this up anyway in that case) 45 - $client_name = ''; 46 44 } 47 45 48 46 $dialog = new AphrontDialogView(); 49 47 $dialog->setUser($current_user); 50 48 $dialog->setTitle($title); 51 - $dialog->appendChild( 52 - '<p>Are you sure you want to delete this client authorization?</p>' 53 - ); 49 + $dialog->appendChild(phutil_tag('p', array(), pht( 50 + 'Are you sure you want to delete this client authorization?'))); 54 51 $dialog->addSubmitButton(); 55 52 $dialog->addCancelButton($authorization->getEditURI()); 56 53 return id(new AphrontDialogResponse())->setDialog($dialog);

-1

src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationListController.php

··· 137 137 $edited = $this->getRequest()->getStr('edited'); 138 138 $deleted = $this->getRequest()->getBool('deleted'); 139 139 if ($edited) { 140 - $edited = phutil_escape_html($edited); 141 140 $title = 'Successfully edited client authorization.'; 142 141 } else if ($deleted) { 143 142 $title = 'Successfully deleted client authorization.';

+18 -26

src/applications/owners/controller/PhabricatorOwnersDetailController.php

··· 47 47 48 48 $rows = array(); 49 49 50 - $rows[] = array( 51 - 'Name', 52 - phutil_escape_html($package->getName())); 53 - $rows[] = array( 54 - 'Description', 55 - phutil_escape_html($package->getDescription())); 50 + $rows[] = array('Name', $package->getName()); 51 + $rows[] = array('Description', $package->getDescription()); 56 52 57 53 $primary_owner = null; 58 54 $primary_phid = $package->getPrimaryOwnerPHID(); 59 55 if ($primary_phid && isset($handles[$primary_phid])) { 60 - $primary_owner = 61 - '<strong>'.$handles[$primary_phid]->renderLink().'</strong>'; 56 + $primary_owner = phutil_tag( 57 + 'strong', 58 + array(), 59 + $handles[$primary_phid]->renderLink()); 62 60 } 63 - $rows[] = array( 64 - 'Primary Owner', 65 - $primary_owner, 66 - ); 61 + $rows[] = array('Primary Owner', $primary_owner); 67 62 68 63 $owner_links = array(); 69 64 foreach ($owners as $owner) { 70 65 $owner_links[] = $handles[$owner->getUserPHID()]->renderLink(); 71 66 } 72 - $owner_links = implode('<br />', $owner_links); 73 - $rows[] = array( 74 - 'Owners', 75 - $owner_links); 67 + $owner_links = phutil_implode_html(phutil_tag('br'), $owner_links); 68 + $rows[] = array('Owners', $owner_links); 76 69 77 70 $rows[] = array( 78 71 'Auditing', ··· 99 92 'href' => (string) $href, 100 93 ), 101 94 $path->getPath()); 102 - $path_links[] = 103 - ($path->getExcluded() ? '–' : '+').' '. 104 - $repo_name.' '.$path_link; 95 + $path_links[] = hsprintf( 96 + '%s %s %s', 97 + ($path->getExcluded() ? "\xE2\x80\x93" : '+'), 98 + $repo_name, 99 + $path_link); 105 100 } 106 - $path_links = implode('<br />', $path_links); 107 - $rows[] = array( 108 - 'Paths', 109 - $path_links); 101 + $path_links = phutil_implode_html(phutil_tag('br'), $path_links); 102 + $rows[] = array('Paths', $path_links); 110 103 111 104 $table = new AphrontTableView($rows); 112 105 $table->setColumnClasses( ··· 116 109 )); 117 110 118 111 $panel = new AphrontPanelView(); 119 - $panel->setHeader( 120 - 'Package Details for "'.phutil_escape_html($package->getName()).'"'); 112 + $panel->setHeader('Package Details for "'.$package->getName().'"'); 121 113 $panel->addButton( 122 114 javelin_tag( 123 115 'a', ··· 207 199 $commit_panels = array(); 208 200 foreach ($commit_views as $commit_view) { 209 201 $commit_panel = new AphrontPanelView(); 210 - $commit_panel->setHeader(phutil_escape_html($commit_view['header'])); 202 + $commit_panel->setHeader($commit_view['header']); 211 203 if (isset($commit_view['button'])) { 212 204 $commit_panel->addButton($commit_view['button']); 213 205 }

+9 -8

src/applications/owners/controller/PhabricatorOwnersListController.php

··· 235 235 foreach ($pkg_owners as $key => $owner) { 236 236 $pkg_owners[$key] = $handles[$owner->getUserPHID()]->renderLink(); 237 237 if ($owner->getUserPHID() == $package->getPrimaryOwnerPHID()) { 238 - $pkg_owners[$key] = '<strong>'.$pkg_owners[$key].'</strong>'; 238 + $pkg_owners[$key] = phutil_tag('strong', array(), $pkg_owners[$key]); 239 239 } 240 240 } 241 - $pkg_owners = implode('<br />', $pkg_owners); 241 + $pkg_owners = phutil_implode_html(phutil_tag('br'), $pkg_owners); 242 242 243 243 $pkg_paths = idx($paths, $package->getID(), array()); 244 244 foreach ($pkg_paths as $key => $path) { ··· 251 251 'path' => $path->getPath(), 252 252 'action' => 'browse', 253 253 )); 254 - $pkg_paths[$key] = 255 - ($path->getExcluded() ? '–' : '+').' '. 256 - phutil_tag('strong', array(), $repo->getName()). 254 + $pkg_paths[$key] = hsprintf( 255 + '%s %s%s', 256 + ($path->getExcluded() ? "\xE2\x80\x93" : '+'), 257 + phutil_tag('strong', array(), $repo->getName()), 257 258 phutil_tag( 258 259 'a', 259 260 array( 260 261 'href' => (string) $href, 261 262 ), 262 - $path->getPath()); 263 + $path->getPath())); 263 264 } else { 264 - $pkg_paths[$key] = phutil_escape_html($path->getPath()); 265 + $pkg_paths[$key] = $path->getPath(); 265 266 } 266 267 } 267 - $pkg_paths = implode('<br />', $pkg_paths); 268 + $pkg_paths = phutil_implode_html(phutil_tag('br'), $pkg_paths); 268 269 269 270 $rows[] = array( 270 271 phutil_tag(

+1 -1

src/applications/paste/controller/PhabricatorPasteListController.php

··· 109 109 $lang_name = $paste->getLanguage(); 110 110 if ($lang_name) { 111 111 $lang_name = idx($lang_map, $lang_name, $lang_name); 112 - $item->addIcon('none', phutil_escape_html($lang_name)); 112 + $item->addIcon('none', $lang_name); 113 113 } 114 114 115 115 $list->addItem($item);

+23 -28

src/applications/people/controller/PhabricatorPeopleLdapController.php

··· 153 153 154 154 private function renderUserInputs($user) { 155 155 $username = $user[0]; 156 - $inputs = phutil_tag( 157 - 'input', 158 - array( 159 - 'type' => 'checkbox', 160 - 'name' => 'usernames[]', 161 - 'value' =>$username, 162 - ), 163 - ''); 164 - 165 - $inputs .= phutil_tag( 166 - 'input', 167 - array( 168 - 'type' => 'hidden', 169 - 'name' => "email[$username]", 170 - 'value' =>$user[1], 171 - ), 172 - ''); 173 - 174 - $inputs .= phutil_tag( 175 - 'input', 176 - array( 177 - 'type' => 'hidden', 178 - 'name' => "name[$username]", 179 - 'value' =>$user[2], 180 - ), 181 - ''); 182 - 183 - return $inputs; 156 + return hsprintf( 157 + '%s%s%s', 158 + phutil_tag( 159 + 'input', 160 + array( 161 + 'type' => 'checkbox', 162 + 'name' => 'usernames[]', 163 + 'value' => $username, 164 + )), 165 + phutil_tag( 166 + 'input', 167 + array( 168 + 'type' => 'hidden', 169 + 'name' => "email[$username]", 170 + 'value' => $user[1], 171 + )), 172 + phutil_tag( 173 + 'input', 174 + array( 175 + 'type' => 'hidden', 176 + 'name' => "name[$username]", 177 + 'value' => $user[2], 178 + ))); 184 179 } 185 180 186 181 }

+1 -1

src/applications/people/controller/PhabricatorPeopleListController.php

··· 55 55 'href' => '/p/'.$user->getUsername().'/', 56 56 ), 57 57 $user->getUserName()), 58 - phutil_escape_html($user->getRealName()), 58 + $user->getRealName(), 59 59 $status, 60 60 $email, 61 61 phutil_tag(

+2 -4

src/applications/people/controller/PhabricatorPeopleLogsController.php

··· 157 157 phabricator_date($log->getDateCreated(),$user), 158 158 phabricator_time($log->getDateCreated(),$user), 159 159 $log->getAction(), 160 - $log->getActorPHID() 161 - ? phutil_escape_html($handles[$log->getActorPHID()]->getName()) 162 - : null, 163 - phutil_escape_html($handles[$log->getUserPHID()]->getName()), 160 + $log->getActorPHID() ? $handles[$log->getActorPHID()]->getName() : null, 161 + $handles[$log->getUserPHID()]->getName(), 164 162 json_encode($log->getOldValue(), true), 165 163 json_encode($log->getNewValue(), true), 166 164 phutil_tag(

+7 -10

src/applications/people/controller/PhabricatorPeopleProfileController.php

··· 142 142 143 143 $nav->appendChild($header); 144 144 145 - $content = '<div style="padding: 1em;">'.$content.'</div>'; 145 + $content = hsprintf('<div style="padding: 1em;">%s</div>', $content); 146 146 $header->appendChild($content); 147 147 148 148 if ($user->getPHID() == $viewer->getPHID()) { ··· 172 172 173 173 $blurb = nonempty( 174 174 $profile->getBlurb(), 175 - '//'. 176 - pht('Nothing is known about this rare specimen.') 177 - .'//' 175 + '//'.pht('Nothing is known about this rare specimen.').'//' 178 176 ); 179 177 180 178 $engine = PhabricatorMarkupEngine::newProfileMarkupEngine(); 181 - $blurb = phutil_safe_html($engine->markupText($blurb)); 179 + $blurb = $engine->markupText($blurb); 182 180 183 181 $viewer = $this->getRequest()->getUser(); 184 182 ··· 232 230 $builder->setUser($viewer); 233 231 $view = $builder->buildView(); 234 232 235 - return 233 + return hsprintf( 236 234 '<div class="phabricator-profile-info-group"> 237 235 <h1 class="phabricator-profile-info-header">Activity Feed</h1> 238 - <div class="phabricator-profile-info-pane"> 239 - '.$view->render().' 240 - </div> 241 - </div>'; 236 + <div class="phabricator-profile-info-pane">%s</div> 237 + </div>', 238 + $view->render()); 242 239 } 243 240 }

+1 -1

src/applications/phame/controller/blog/PhameBlogDeleteController.php

··· 41 41 ->appendChild( 42 42 pht( 43 43 'Really delete the blog "%s"? It will be gone forever.', 44 - phutil_escape_html($blog->getName()))) 44 + $blog->getName())) 45 45 ->addSubmitButton(pht('Delete')) 46 46 ->addCancelButton($cancel_uri); 47 47

+1 -1

src/applications/phame/controller/post/PhamePostDeleteController.php

··· 41 41 ->appendChild( 42 42 pht( 43 43 'Really delete the post "%s"? It will be gone forever.', 44 - phutil_escape_html($post->getTitle()))) 44 + $post->getTitle())) 45 45 ->addSubmitButton(pht('Delete')) 46 46 ->addCancelButton($cancel_uri); 47 47

+2 -2

src/applications/phame/controller/post/PhamePostEditController.php

··· 148 148 ->setValue($submit_button) 149 149 ); 150 150 151 - $preview_panel = 151 + $preview_panel = hsprintf( 152 152 '<div class="aphront-panel-preview"> 153 153 <div class="phame-post-preview-header"> 154 154 Post Preview ··· 158 158 Loading preview... 159 159 </div> 160 160 </div> 161 - </div>'; 161 + </div>'); 162 162 163 163 require_celerity_resource('phame-css'); 164 164 Javelin::initBehavior(

+6 -6

src/applications/phame/controller/post/PhamePostNotLiveController.php

··· 25 25 26 26 $reasons = array(); 27 27 if (!$post->getBlog()) { 28 - $reasons[] = 29 - '<p>'.pht('You can not view the live version of this post because it '. 28 + $reasons[] = phutil_tag('p', array(), pht( 29 + 'You can not view the live version of this post because it '. 30 30 'is not associated with a blog. Move the post to a blog in order to '. 31 - 'view it live.').'</p>'; 31 + 'view it live.')); 32 32 } 33 33 34 34 if ($post->isDraft()) { 35 - $reasons[] = 36 - '<p>'.pht('You can not view the live version of this post because it '. 37 - 'is still a draft. Use "Preview/Publish" to publish the post.').'</p>'; 35 + $reasons[] = phutil_tag('p', array(), pht( 36 + 'You can not view the live version of this post because it '. 37 + 'is still a draft. Use "Preview/Publish" to publish the post.')); 38 38 } 39 39 40 40 if ($reasons) {

+1 -1

src/applications/phame/controller/post/PhamePostPreviewController.php

··· 23 23 PhamePost::MARKUP_FIELD_BODY, 24 24 $user); 25 25 26 - $content = '<div class="phabricator-remarkup">'.$content.'</div>'; 26 + $content = hsprintf('<div class="phabricator-remarkup">%s</div>', $content); 27 27 28 28 return id(new AphrontAjaxResponse())->setContent($content); 29 29 }

+1 -1

src/applications/phame/controller/post/PhamePostUnpublishController.php

··· 45 45 pht( 46 46 'The post "%s" will no longer be visible to other users until you '. 47 47 'republish it.', 48 - phutil_escape_html($post->getTitle()))) 48 + $post->getTitle())) 49 49 ->addSubmitButton(pht('Unpublish')) 50 50 ->addCancelButton($cancel_uri); 51 51

+1 -1

src/applications/phame/skins/PhameBasicBlogSkin.php

··· 123 123 } 124 124 125 125 protected function render404Page() { 126 - return '<h2>404 Not Found</h2>'; 126 + return hsprintf('<h2>404 Not Found</h2>'); 127 127 } 128 128 129 129 final public function getResourceURI($resource) {

+2 -2

src/applications/phame/skins/PhameBasicTemplateBlogSkin.php

··· 26 26 'href' => $this->getResourceURI('css/'.$path), 27 27 )); 28 28 } 29 - $this->cssResources = implode("\n", $this->cssResources); 29 + $this->cssResources = phutil_implode_html("\n", $this->cssResources); 30 30 } 31 31 32 32 $request = $this->getRequest(); ··· 43 43 ); 44 44 45 45 $response = new AphrontWebpageResponse(); 46 - $response->setContent(implode("\n", $content)); 46 + $response->setContent(phutil_implode_html("\n", $content)); 47 47 48 48 return $response; 49 49 }

+3 -3

src/applications/phid/controller/PhabricatorPHIDLookupController.php

··· 24 24 } 25 25 26 26 $rows[] = array( 27 - phutil_escape_html($handle->getPHID()), 28 - phutil_escape_html($handle->getType()), 29 - phutil_escape_html($handle->getName()), 27 + $handle->getPHID(), 28 + $handle->getType(), 29 + $handle->getName(), 30 30 $link, 31 31 ); 32 32 }

+1 -1

src/applications/pholio/controller/PholioMockViewController.php

··· 145 145 foreach ($subscribers as $subscriber) { 146 146 $sub_view[] = $this->getHandle($subscriber)->renderLink(); 147 147 } 148 - $sub_view = array_interleave(', ', $sub_view); 148 + $sub_view = phutil_implode_html(', ', $sub_view); 149 149 } else { 150 150 $sub_view = phutil_tag('em', array(), pht('None')); 151 151 }

+3 -3

src/applications/pholio/storage/PholioTransaction.php

··· 44 44 return pht( 45 45 '%s renamed this mock from "%s" to "%s".', 46 46 $this->renderHandleLink($author_phid), 47 - phutil_escape_html($old), 48 - phutil_escape_html($new)); 47 + $old, 48 + $new); 49 49 break; 50 50 case PholioTransactionType::TYPE_DESCRIPTION: 51 51 return pht( 52 52 '%s updated the description of this mock. '. 53 53 'The old description was: %s', 54 54 $this->renderHandleLink($author_phid), 55 - phutil_escape_html($old)); 55 + $old); 56 56 } 57 57 58 58 return parent::getTitle();

+1 -1

src/applications/pholio/view/PholioMockImagesView.php

··· 91 91 $thumbnails); 92 92 } 93 93 94 - return $this->renderHTMLView($mockview); 94 + return $this->renderSingleView($mockview); 95 95 } 96 96 }

+9 -6

src/applications/phpast/controller/PhabricatorXHPASTViewFramesetController.php

··· 14 14 15 15 $response = new AphrontWebpageResponse(); 16 16 $response->setFrameable(true); 17 - $response->setContent( 18 - '<frameset cols="33%, 34%, 33%">'. 19 - '<frame src="/xhpast/input/'.$id.'/" />'. 20 - '<frame src="/xhpast/tree/'.$id.'/" />'. 21 - '<frame src="/xhpast/stream/'.$id.'/" />'. 22 - '</frameset>'); 17 + $response->setContent(hsprintf( 18 + '<frameset cols="33%%, 34%%, 33%%">'. 19 + '<frame src="/xhpast/input/%s/" />'. 20 + '<frame src="/xhpast/tree/%s/" />'. 21 + '<frame src="/xhpast/stream/%s/" />'. 22 + '</frameset>', 23 + $id, 24 + $id, 25 + $id)); 23 26 24 27 return $response; 25 28 }

+1 -2

src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php

··· 5 5 6 6 public function processRequest() { 7 7 $input = $this->getStorageTree()->getInput(); 8 - return $this->buildXHPASTViewPanelResponse( 9 - phutil_escape_html($input)); 8 + return $this->buildXHPASTViewPanelResponse($input); 10 9 } 11 10 }

+4 -5

src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php

··· 20 20 } 21 21 22 22 protected function buildXHPASTViewPanelResponse($content) { 23 - $content = 23 + $content = hsprintf( 24 24 '<!DOCTYPE html>'. 25 25 '<html>'. 26 26 '<head>'. ··· 57 57 58 58 </style>'. 59 59 '</head>'. 60 - '<body>'. 61 - $content. 62 - '</body>'. 63 - '</html>'; 60 + '<body>%s</body>'. 61 + '</html>', 62 + $content); 64 63 65 64 $response = new AphrontWebpageResponse(); 66 65 $response->setFrameable(true);

+2 -1

src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php

··· 27 27 $token->getValue()); 28 28 } 29 29 30 - return $this->buildXHPASTViewPanelResponse(implode('', $tokens)); 30 + return $this->buildXHPASTViewPanelResponse( 31 + phutil_implode_html('', $tokens)); 31 32 } 32 33 }

+12 -12

src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php

··· 12 12 $input, 13 13 array(0, $stdout, '')); 14 14 15 - $tree = '<ul>'.$this->buildTree($tree->getRootNode()).'</ul>'; 15 + $tree = phutil_tag('ul', array(), $this->buildTree($tree->getRootNode())); 16 16 return $this->buildXHPASTViewPanelResponse($tree); 17 17 } 18 18 ··· 27 27 } 28 28 29 29 $tree = array(); 30 - $tree[] = 31 - '<li>'. 32 - phutil_tag( 33 - 'span', 34 - array( 35 - 'title' => $title, 36 - ), 37 - $name). 38 - '</li>'; 30 + $tree[] = phutil_tag( 31 + 'li', 32 + array(), 33 + phutil_tag( 34 + 'span', 35 + array( 36 + 'title' => $title, 37 + ), 38 + $name)); 39 39 foreach ($root->getChildren() as $child) { 40 - $tree[] = '<ul>'.$this->buildTree($child).'</ul>'; 40 + $tree[] = phutil_tag('ul', array(), $this->buildTree($child)); 41 41 } 42 - return implode("\n", $tree); 42 + return phutil_implode_html("\n", $tree); 43 43 } 44 44 45 45 }

+18 -14

src/applications/phriction/controller/PhrictionDiffController.php

··· 155 155 $link_r = pht('Most Recent Change'); 156 156 } 157 157 158 - $navigation_table = 158 + $navigation_table = hsprintf( 159 159 '<table class="phriction-history-nav-table"> 160 160 <tr> 161 - <td class="nav-prev">'.$link_l.'</td> 162 - <td class="nav-next">'.$link_r.'</td> 161 + <td class="nav-prev">%s</td> 162 + <td class="nav-next">%s</td> 163 163 </tr> 164 - </table>'; 164 + </table>', 165 + $link_l, 166 + $link_r); 165 167 } 166 168 167 169 168 170 169 - $output = 171 + $output = hsprintf( 170 172 '<div class="phriction-document-history-diff">'. 171 - $comparison_table->render(). 172 - '<br />'. 173 - '<br />'. 174 - $navigation_table. 173 + '%s<br /><br />%s'. 175 174 '<table class="phriction-revert-table">'. 176 - '<tr><td>'.$revert_l.'</td><td>'.$revert_r.'</td>'. 175 + '<tr><td>%s</td><td>%s</td>'. 177 176 '</table>'. 178 - $output. 179 - '</div>'; 177 + '%s'. 178 + '</div>', 179 + $comparison_table->render(), 180 + $navigation_table, 181 + $revert_l, 182 + $revert_r, 183 + $output); 180 184 181 185 return $this->buildStandardPageResponse( 182 186 array( ··· 234 238 $rows[] = array( 235 239 phabricator_date($c->getDateCreated(), $user), 236 240 phabricator_time($c->getDateCreated(), $user), 237 - phutil_escape_html('Version '.$c->getVersion()), 241 + 'Version '.$c->getVersion(), 238 242 $handles[$c->getAuthorPHID()]->renderLink(), 239 - phutil_escape_html($c->getDescription()), 243 + $c->getDescription(), 240 244 ); 241 245 } 242 246

+36 -40

src/applications/phriction/controller/PhrictionDocumentController.php

··· 110 110 111 111 $project_info = null; 112 112 if ($project_phid) { 113 - $project_info = 114 - '<br />This document is about the project '. 115 - $handles[$project_phid]->renderLink().'.'; 113 + $project_info = hsprintf( 114 + '<br />This document is about the project %s.', 115 + $handles[$project_phid]->renderLink()); 116 116 } 117 117 118 118 $index_link = phutil_tag( ··· 122 122 ), 123 123 pht('Document Index')); 124 124 125 - $byline = 126 - '<div class="phriction-byline">'. 127 - "Last updated {$when} by ". 128 - $handles[$content->getAuthorPHID()]->renderLink().'.'. 129 - $project_info. 130 - '</div>'; 125 + $byline = hsprintf( 126 + '<div class="phriction-byline">Last updated %s by %s.%s</div>', 127 + $when, 128 + $handles[$content->getAuthorPHID()]->renderLink(), 129 + $project_info); 131 130 132 131 133 132 $doc_status = $document->getStatus(); ··· 145 144 throw new Exception("Unknown document status '{$doc_status}'!"); 146 145 } 147 146 148 - $page_content = 149 - '<div class="phriction-content">'. 150 - $index_link. 151 - $byline. 152 - $core_content. 153 - '</div>'; 147 + $page_content = hsprintf( 148 + '<div class="phriction-content">%s%s%s</div>', 149 + $index_link, 150 + $byline, 151 + $core_content); 154 152 } 155 153 156 154 if ($version_note) { 157 155 $version_note = $version_note->render(); 158 156 } 159 157 160 - $children = $this->renderChildren($slug); 158 + $children = $this->renderDocumentChildren($slug); 161 159 162 160 $crumbs = $this->buildApplicationCrumbs(); 163 161 $crumb_views = $this->renderBreadcrumbs($slug); ··· 169 167 170 168 $header = id(new PhabricatorHeaderView()) 171 169 ->setHeader($page_title); 172 - 173 - $page = 174 - $crumbs->render(). 175 - $header->render(). 176 - $actions->render(). 177 - $version_note. 178 - $page_content. 179 - $children; 180 170 181 171 return $this->buildApplicationPage( 182 172 array( 183 - $page, 173 + $crumbs->render(), 174 + $header->render(), 175 + $actions->render(), 176 + $version_note, 177 + $page_content, 178 + $children, 184 179 ), 185 180 array( 186 181 'title' => $page_title, ··· 225 220 ->setHref(PhrictionDocument::getSlugURI($slug, 'history'))); 226 221 } 227 222 228 - private function renderChildren($slug) { 223 + private function renderDocumentChildren($slug) { 229 224 $document_dao = new PhrictionDocument(); 230 225 $content_dao = new PhrictionContent(); 231 226 $conn = $document_dao->establishConnection('r'); ··· 309 304 $children = isort($children, 'title'); 310 305 311 306 $list = array(); 312 - $list[] = '<ul>'; 313 307 foreach ($children as $child) { 308 + $list[] = hsprintf('<li>'); 314 309 $list[] = $this->renderChildDocumentLink($child); 315 310 $grand = idx($grandchildren, $child['slug'], array()); 316 311 if ($grand) { 317 - $list[] = '<ul>'; 312 + $list[] = hsprintf('<ul>'); 318 313 foreach ($grand as $grandchild) { 314 + $list[] = hsprintf('<li>'); 319 315 $list[] = $this->renderChildDocumentLink($grandchild); 316 + $list[] = hsprintf('</li>'); 320 317 } 321 - $list[] = '</ul>'; 318 + $list[] = hsprintf('</ul>'); 322 319 } 320 + $list[] = hsprintf('</li>'); 323 321 } 324 322 if ($more_children) { 325 - $list[] = '<li>'.pht('More...').'</li>'; 323 + $list[] = phutil_tag('li', array(), pht('More...')); 326 324 } 327 - $list[] = '</ul>'; 328 - $list = implode("\n", $list); 329 325 330 - return 326 + return hsprintf( 331 327 '<div class="phriction-children">'. 332 - '<div class="phriction-children-header">'. 333 - pht('Document Hierarchy'). 334 - '</div>'. 335 - $list. 336 - '</div>'; 328 + '<div class="phriction-children-header">%s</div>'. 329 + '%s'. 330 + '</div>', 331 + pht('Document Hierarchy'), 332 + phutil_tag('ul', array(), $list)); 337 333 } 338 334 339 335 private function renderChildDocumentLink(array $info) { ··· 346 342 $title); 347 343 348 344 if (isset($info['empty'])) { 349 - $item = '<em>'.$item.'</em>'; 345 + $item = phutil_tag('em', array(), $item); 350 346 } 351 347 352 - return '<li>'.$item.'</li>'; 348 + return $item; 353 349 } 354 350 355 351 }

+10 -12

src/applications/phriction/controller/PhrictionEditController.php

··· 108 108 $dialog = new AphrontDialogView(); 109 109 $dialog->setUser($user); 110 110 $dialog->setTitle(pht('No Edits')); 111 - $dialog->appendChild( 112 - '<p>'.pht('You did not make any changes to the document.').'</p>'); 111 + $dialog->appendChild(phutil_tag('p', array(), pht( 112 + 'You did not make any changes to the document.'))); 113 113 $dialog->addCancelButton($request->getRequestURI()); 114 114 115 115 return id(new AphrontDialogResponse())->setDialog($dialog); ··· 122 122 $dialog = new AphrontDialogView(); 123 123 $dialog->setUser($user); 124 124 $dialog->setTitle(pht('Empty Page')); 125 - $dialog->appendChild( 126 - '<p>'.pht('You can not create an empty document.').'</p>'); 125 + $dialog->appendChild(phutil_tag('p', array(), pht( 126 + 'You can not create an empty document.'))); 127 127 $dialog->addCancelButton($request->getRequestURI()); 128 128 129 129 return id(new AphrontDialogResponse())->setDialog($dialog); ··· 231 231 ->setHeader($panel_header) 232 232 ->appendChild($form); 233 233 234 - $preview_panel = 234 + $preview_panel = hsprintf( 235 235 '<div class="aphront-panel-preview aphront-panel-preview-wide"> 236 - <div class="phriction-document-preview-header"> 237 - '.pht('Document Preview').' 238 - </div> 236 + <div class="phriction-document-preview-header">%s</div> 239 237 <div id="document-preview"> 240 - <div class="aphront-panel-preview-loading-text"> 241 - '.pht('Loading preview...').' 242 - </div> 238 + <div class="aphront-panel-preview-loading-text">%s</div> 243 239 </div> 244 - </div>'; 240 + </div>', 241 + pht('Document Preview'), 242 + pht('Loading preview...')); 245 243 246 244 Javelin::initBehavior( 247 245 'phriction-document-preview',

+3 -3

src/applications/phriction/controller/PhrictionHistoryController.php

··· 49 49 50 50 $diff_uri = new PhutilURI('/phriction/diff/'.$document->getID().'/'); 51 51 52 - $vs_previous = '<em>'.pht('Created').'</em>'; 52 + $vs_previous = phutil_tag('em', array(), pht('Created')); 53 53 if ($content->getVersion() != 1) { 54 54 $uri = $diff_uri 55 55 ->alter('l', $content->getVersion() - 1) ··· 62 62 pht('Show Change')); 63 63 } 64 64 65 - $vs_head = '<em>'.pht('Current').'</em>'; 65 + $vs_head = phutil_tag('em', array(), pht('Current')); 66 66 if ($content->getID() != $document->getContentID()) { 67 67 $uri = $diff_uri 68 68 ->alter('l', $content->getVersion()) ··· 90 90 pht('Version %s', $version)), 91 91 $handles[$content->getAuthorPHID()]->renderLink(), 92 92 $change_type, 93 - phutil_escape_html($content->getDescription()), 93 + $content->getDescription(), 94 94 $vs_previous, 95 95 $vs_head, 96 96 );

+10 -11

src/applications/phriction/storage/PhrictionContent.php

··· 75 75 $engine); 76 76 77 77 if ($toc) { 78 - $toc = 78 + $toc = hsprintf( 79 79 '<div class="phabricator-remarkup-toc">'. 80 - '<div class="phabricator-remarkup-toc-header">'. 81 - pht('Table of Contents'). 82 - '</div>'. 83 - $toc. 84 - '</div>'; 80 + '<div class="phabricator-remarkup-toc-header">%s</div>'. 81 + '%s'. 82 + '</div>', 83 + pht('Table of Contents'), 84 + $toc); 85 85 } 86 86 87 - return 88 - '<div class="phabricator-remarkup">'. 89 - $toc. 90 - $output. 91 - '</div>'; 87 + return hsprintf( 88 + '<div class="phabricator-remarkup">%s%s</div>', 89 + $toc, 90 + $output); 92 91 } 93 92 94 93

+1 -1

src/applications/policy/filter/PhabricatorPolicy.php

··· 84 84 ), 85 85 $this->getName()); 86 86 } else { 87 - $desc = phutil_escape_html($this->getName()); 87 + $desc = $this->getName(); 88 88 } 89 89 90 90 switch ($this->getType()) {

+2 -1

src/applications/ponder/controller/PonderAnswerSaveController.php

··· 23 23 $dialog = new AphrontDialogView(); 24 24 $dialog->setUser($request->getUser()); 25 25 $dialog->setTitle('Empty answer'); 26 - $dialog->appendChild('<p>Your answer must not be empty.</p>'); 26 + $dialog->appendChild(phutil_tag('p', array(), pht( 27 + 'Your answer must not be empty.'))); 27 28 $dialog->addCancelButton('/Q'.$question_id); 28 29 29 30 return id(new AphrontDialogResponse())->setDialog($dialog);

+2 -1

src/applications/ponder/controller/PonderCommentSaveController.php

··· 32 32 $dialog = new AphrontDialogView(); 33 33 $dialog->setUser($request->getUser()); 34 34 $dialog->setTitle('Empty comment'); 35 - $dialog->appendChild('<p>Your comment must not be empty.</p>'); 35 + $dialog->appendChild(phutil_tag('p', array(), pht( 36 + 'Your comment must not be empty.'))); 36 37 $dialog->addCancelButton('/Q'.$question_id); 37 38 38 39 return id(new AphrontDialogResponse())->setDialog($dialog);

+4 -5

src/applications/ponder/controller/PonderQuestionAskController.php

··· 74 74 id(new AphrontFormSubmitControl()) 75 75 ->setValue('Ask Away!')); 76 76 77 - $preview = 77 + $preview = hsprintf( 78 78 '<div class="aphront-panel-flush">'. 79 79 '<div id="question-preview">'. 80 - '<span class="aphront-panel-preview-loading-text">'. 81 - pht('Loading question preview...'). 82 - '</span>'. 80 + '<span class="aphront-panel-preview-loading-text">%s</span>'. 83 81 '</div>'. 84 - '</div>'; 82 + '</div>', 83 + pht('Loading question preview...')); 85 84 86 85 Javelin::initBehavior( 87 86 'ponder-feedback-preview',

+2 -2

src/applications/ponder/view/PonderAddAnswerView.php

··· 44 44 id(new AphrontFormSubmitControl()) 45 45 ->setValue($is_serious ? 'Submit' : 'Make it so')); 46 46 47 - $preview = 47 + $preview = hsprintf( 48 48 '<div class="aphront-panel-flush">'. 49 49 '<div id="answer-preview">'. 50 50 '<span class="aphront-panel-preview-loading-text">'. 51 51 'Loading answer preview...'. 52 52 '</span>'. 53 53 '</div>'. 54 - '</div>'; 54 + '</div>'); 55 55 56 56 Javelin::initBehavior( 57 57 'ponder-feedback-preview',

+2 -1

src/applications/ponder/view/PonderAnswerListView.php

··· 70 70 71 71 $panel->appendChild($view); 72 72 $panel->appendChild($commentview); 73 - $panel->appendChild('<div style="height: 40px; clear : both"></div>'); 73 + $panel->appendChild( 74 + hsprintf('<div style="height: 40px; clear : both"></div>')); 74 75 75 76 } 76 77

+1 -1

src/applications/ponder/view/PonderPostBodyView.php

··· 64 64 $content); 65 65 66 66 $author = $this->handles[$target->getAuthorPHID()]; 67 - $actions = array($author->renderLink().' '.$this->action); 67 + $actions = array(hsprintf('%s %s', $author->renderLink(), $this->action)); 68 68 $author_link = $author->renderLink(); 69 69 $xaction_view = id(new PhabricatorTransactionView()) 70 70 ->setUser($user)

+20 -25

src/applications/ponder/view/PonderQuestionSummaryView.php

··· 43 43 '</div>', 44 44 $question->getAnswerCount()); 45 45 46 - $title = 47 - '<h2 class="ponder-question-title">'. 48 - phutil_tag( 49 - 'a', 50 - array( 51 - "href" => '/Q' . $question->getID(), 52 - ), 53 - 'Q' . $question->getID() . 54 - ' ' . $question->getTitle() 55 - ) . 56 - '</h2>'; 46 + $title = hsprintf('<h2 class="ponder-question-title">%s</h2>', 47 + phutil_tag( 48 + 'a', 49 + array( 50 + "href" => '/Q' . $question->getID(), 51 + ), 52 + 'Q' . $question->getID() . 53 + ' ' . $question->getTitle() 54 + )); 57 55 58 - $rhs = 56 + $rhs = hsprintf( 59 57 '<div class="ponder-metadata">'. 60 - $title. 61 - '<span class="ponder-small-metadata">'. 62 - 'asked on '. 63 - phabricator_datetime($question->getDateCreated(), $user). 64 - ' by ' . $authorlink. 65 - '</span>'. 66 - '</div>'; 58 + '%s <span class="ponder-small-metadata">asked on %s by %s</span>'. 59 + '</div>', 60 + $title, 61 + phabricator_datetime($question->getDateCreated(), $user), 62 + $authorlink); 67 63 68 - $summary = 69 - '<div class="ponder-question-summary">'. 70 - $votecount. 71 - $answercount. 72 - $rhs. 73 - '</div>'; 64 + $summary = hsprintf( 65 + '<div class="ponder-question-summary">%s%s%s</div>', 66 + $votecount, 67 + $answercount, 68 + $rhs); 74 69 75 70 76 71 return $summary;

+2 -2

src/applications/ponder/view/PonderVotableView.php

··· 63 63 ), 64 64 $this->count); 65 65 66 - return javelin_render_tag( 66 + return javelin_tag( 67 67 'div', 68 68 array( 69 69 'class' => 'ponder-votable', ··· 80 80 'class' => 'ponder-votebox', 81 81 ), 82 82 array($up, $count, $down)), 83 - phutil_render_tag( 83 + phutil_tag( 84 84 'div', 85 85 array( 86 86 'class' => 'ponder-votebox-content',

+3 -4

src/applications/project/controller/PhabricatorProjectListController.php

··· 97 97 'href' => '/project/view/'.$project->getID().'/', 98 98 ), 99 99 $project->getName()), 100 - phutil_escape_html( 101 - PhabricatorProjectStatus::getNameForStatus($project->getStatus())), 102 - phutil_escape_html($blurb), 103 - phutil_escape_html($population), 100 + PhabricatorProjectStatus::getNameForStatus($project->getStatus()), 101 + $blurb, 102 + $population, 104 103 phutil_tag( 105 104 'a', 106 105 array(

+1 -1

src/applications/project/controller/PhabricatorProjectMembersEditController.php

··· 113 113 $panel->setWidth(AphrontPanelView::WIDTH_FORM); 114 114 $panel->setNoBackground(); 115 115 $panel->appendChild($form); 116 - $panel->appendChild('<br />'); 116 + $panel->appendChild(phutil_tag('br')); 117 117 $panel->appendChild($faux_form); 118 118 119 119 $nav = $this->buildLocalNavigation($project);

+28 -33

src/applications/project/controller/PhabricatorProjectProfileController.php

··· 55 55 $query->setViewer($this->getRequest()->getUser()); 56 56 $stories = $query->execute(); 57 57 58 - $content .= $this->renderStories($stories); 58 + $content = hsprintf('%s%s', $content, $this->renderStories($stories)); 59 59 break; 60 60 case 'about': 61 61 $content = $this->renderAboutPage($project, $profile); ··· 114 114 115 115 $nav_view->appendChild($header); 116 116 117 - $content = '<div style="padding: 1em;">'.$content.'</div>'; 117 + $content = hsprintf('<div style="padding: 1em;">%s</div>', $content); 118 118 $header->appendChild($content); 119 119 120 120 return $this->buildApplicationPage( ··· 183 183 184 184 $affiliated = array(); 185 185 foreach ($handles as $phids => $handle) { 186 - $affiliated[] = '<li>'.$handle->renderLink().'</li>'; 186 + $affiliated[] = phutil_tag('li', array(), $handle->renderLink()); 187 187 } 188 188 189 189 if ($affiliated) { 190 - $affiliated = '<ul>'.implode("\n", $affiliated).'</ul>'; 190 + $affiliated = phutil_tag('ul', array(), $affiliated); 191 191 } else { 192 - $affiliated = 193 - '<p><em>'. 194 - pht('No one is affiliated with this project.'). 195 - '</em></p>'; 192 + $affiliated = hsprintf('<p><em>%s</em></p>', pht( 193 + 'No one is affiliated with this project.')); 196 194 } 197 195 198 - return 196 + return hsprintf( 199 197 '<div class="phabricator-profile-info-group">'. 200 - '<h1 class="phabricator-profile-info-header">'.pht('People').'</h1>'. 201 - '<div class="phabricator-profile-info-pane">'. 202 - $affiliated. 203 - '</div>'. 204 - '</div>'; 198 + '<h1 class="phabricator-profile-info-header">%s</h1>'. 199 + '<div class="phabricator-profile-info-pane">%s</div>'. 200 + '</div>', 201 + pht('People'), 202 + $affiliated); 205 203 } 206 204 207 205 private function renderFeedPage( ··· 228 226 $builder->setUser($this->getRequest()->getUser()); 229 227 $view = $builder->buildView(); 230 228 231 - return 229 + return hsprintf( 232 230 '<div class="phabricator-profile-info-group">'. 233 - '<h1 class="phabricator-profile-info-header">'. 234 - pht('Activity Feed'). 235 - '</h1>'. 236 - '<div class="phabricator-profile-info-pane">'. 237 - $view->render(). 238 - '</div>'. 239 - '</div>'; 231 + '<h1 class="phabricator-profile-info-header">%s</h1>'. 232 + '<div class="phabricator-profile-info-pane">%s</div>'. 233 + '</div>', 234 + pht('Activity Feed'), 235 + $view->render()); 240 236 } 241 237 242 238 ··· 267 263 } 268 264 269 265 if (empty($tasks)) { 270 - $task_views = '<em>'.pht('No open tasks.').'</em>'; 266 + $task_views = phutil_tag('em', array(), pht('No open tasks.')); 271 267 } else { 272 - $task_views = implode('', $task_views); 268 + $task_views = phutil_implode_html('', $task_views); 273 269 } 274 270 275 271 $open = number_format($count); ··· 281 277 ), 282 278 pht("View All Open Tasks \xC2\xBB")); 283 279 284 - $content = 280 + $content = hsprintf( 285 281 '<div class="phabricator-profile-info-group"> 286 - <h1 class="phabricator-profile-info-header">'. 287 - pht("Open Tasks (%d)", $open). 288 - '</h1>'. 282 + <h1 class="phabricator-profile-info-header">%s</h1>'. 289 283 '<div class="phabricator-profile-info-pane">'. 290 - $task_views. 291 - '<div class="phabricator-profile-info-pane-more-link">'. 292 - $more_link. 293 - '</div>'. 284 + '%s'. 285 + '<div class="phabricator-profile-info-pane-more-link">%s</div>'. 294 286 '</div> 295 - </div>'; 287 + </div>', 288 + pht('Open Tasks (%s)', $open), 289 + $task_views, 290 + $more_link); 296 291 297 292 return $content; 298 293 }

+3 -5

src/applications/project/controller/PhabricatorProjectUpdateController.php

··· 62 62 $dialog = new AphrontDialogView(); 63 63 $dialog->setUser($user); 64 64 $dialog->setTitle(pht('Really leave project?')); 65 - $dialog->appendChild( 66 - '<p>'. 67 - pht('Your tremendous contributions to this project will be sorely '. 68 - 'missed. Are you sure you want to leave?'). 69 - '</p>'); 65 + $dialog->appendChild(phutil_tag('p', array(), pht( 66 + 'Your tremendous contributions to this project will be sorely '. 67 + 'missed. Are you sure you want to leave?'))); 70 68 $dialog->addCancelButton($project_uri); 71 69 $dialog->addSubmitButton(pht('Leave Project')); 72 70 break;

+1 -1

src/applications/remarkup/conduit/ConduitAPI_remarkup_process_Method.php

··· 45 45 46 46 $text = $engine->markupText($content); 47 47 if ($text) { 48 - $content = phutil_safe_html($text)->getHTMLContent(); 48 + $content = hsprintf('%s', $text)->getHTMLContent(); 49 49 } else { 50 50 $content = ''; 51 51 }

+5 -5

src/applications/repository/controller/PhabricatorRepositoryListController.php

··· 27 27 ), 28 28 'View in Diffusion'); 29 29 } else { 30 - $diffusion_link = '<em>Not Tracked</em>'; 30 + $diffusion_link = phutil_tag('em', array(), 'Not Tracked'); 31 31 } 32 32 33 33 $rows[] = array( 34 - phutil_escape_html($repo->getCallsign()), 35 - phutil_escape_html($repo->getName()), 34 + $repo->getCallsign(), 35 + $repo->getName(), 36 36 PhabricatorRepositoryType::getNameForRepositoryType( 37 37 $repo->getVersionControlSystem()), 38 38 $diffusion_link, ··· 98 98 foreach ($projects as $project) { 99 99 $repo = idx($repos, $project->getRepositoryID()); 100 100 if ($repo) { 101 - $repo_name = phutil_escape_html($repo->getName()); 101 + $repo_name = $repo->getName(); 102 102 } else { 103 103 $repo_name = '-'; 104 104 } 105 105 106 106 $rows[] = array( 107 - phutil_escape_html($project->getName()), 107 + $project->getName(), 108 108 $repo_name, 109 109 phutil_tag( 110 110 'a',

+8 -8

src/applications/search/controller/PhabricatorSearchController.php

··· 242 242 ->setObject(idx($objects, $phid)); 243 243 $results[] = $view->render(); 244 244 } 245 - $results = 245 + $results = hsprintf( 246 246 '<div class="phabricator-search-result-list">'. 247 - implode("\n", $results). 248 - '<div class="search-results-pager">'. 249 - $pager->render(). 250 - '</div>'. 251 - '</div>'; 247 + '%s'. 248 + '<div class="search-results-pager">%s</div>'. 249 + '</div>', 250 + phutil_implode_html("\n", $results), 251 + $pager->render()); 252 252 } else { 253 - $results = 253 + $results = hsprintf( 254 254 '<div class="phabricator-search-result-list">'. 255 255 '<p class="phabricator-search-no-results">No search results.</p>'. 256 - '</div>'; 256 + '</div>'); 257 257 } 258 258 } else { 259 259 $results = null;

+15 -11

src/applications/search/view/PhabricatorSearchResultView.php

··· 70 70 break; 71 71 } 72 72 73 - return 73 + return hsprintf( 74 74 '<div class="phabricator-search-result">'. 75 - $img. 75 + '%s'. 76 76 '<div class="result-desc">'. 77 - phutil_tag( 78 - 'a', 79 - array( 80 - 'class' => 'result-name', 81 - 'href' => $handle->getURI(), 82 - ), 83 - $this->emboldenQuery($object_name)). 84 - '<div class="result-type">'.$type_name.' · '.$link.'</div>'. 77 + '%s'. 78 + '<div class="result-type">%s · %s</div>'. 85 79 '</div>'. 86 80 '<div style="clear: both;"></div>'. 87 - '</div>'; 81 + '</div>', 82 + $img, 83 + phutil_tag( 84 + 'a', 85 + array( 86 + 'class' => 'result-name', 87 + 'href' => $handle->getURI(), 88 + ), 89 + $this->emboldenQuery($object_name)), 90 + $type_name, 91 + $link); 88 92 } 89 93 90 94 private function emboldenQuery($str) {

+3 -3

src/applications/settings/panel/PhabricatorSettingsPanelConduit.php

··· 26 26 $dialog->setSubmitURI($this->getPanelURI()); 27 27 $dialog->addSubmitButton('Regenerate'); 28 28 $dialog->addCancelbutton($this->getPanelURI()); 29 - $dialog->appendChild( 30 - '<p>Really destroy the old certificate? Any established '. 31 - 'sessions will be terminated.'); 29 + $dialog->appendChild(phutil_tag('p', array(), pht( 30 + 'Really destroy the old certificate? Any established '. 31 + 'sessions will be terminated.'))); 32 32 33 33 return id(new AphrontDialogResponse()) 34 34 ->setDialog($dialog);

+7 -7

src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php

··· 103 103 } 104 104 105 105 $rows[] = array( 106 - phutil_escape_html($email->getAddress()), 106 + $email->getAddress(), 107 107 $action, 108 108 $remove, 109 109 ); ··· 191 191 ->setUser($user) 192 192 ->addHiddenInput('new', 'verify') 193 193 ->setTitle('Verification Email Sent') 194 - ->appendChild( 195 - '<p>A verification email has been sent. Click the link in the '. 196 - 'email to verify your address.</p>') 194 + ->appendChild(phutil_tag('p', array(), pht( 195 + 'A verification email has been sent. Click the link in the '. 196 + 'email to verify your address.'))) 197 197 ->setSubmitURI($uri) 198 198 ->addSubmitButton('Done'); 199 199 ··· 264 264 ->setUser($user) 265 265 ->addHiddenInput('delete', $email_id) 266 266 ->setTitle("Really delete address '{$address}'?") 267 - ->appendChild( 268 - '<p>Are you sure you want to delete this address? You will no '. 269 - 'longer be able to use it to login.</p>') 267 + ->appendChild(phutil_tag('p', array(), pht( 268 + 'Are you sure you want to delete this address? You will no '. 269 + 'longer be able to use it to login.'))) 270 270 ->addSubmitButton('Delete') 271 271 ->addCancelButton($uri); 272 272

+1 -1

src/applications/settings/panel/PhabricatorSettingsPanelLDAP.php

··· 75 75 76 76 foreach ($forms as $name => $form) { 77 77 if ($name) { 78 - $panel->appendChild('<br /><h1>'.$name.'</h1><br />'); 78 + $panel->appendChild(hsprintf('<br /><h1>%s</h1><br />', $name)); 79 79 } 80 80 $panel->appendChild($form); 81 81 }

+1 -1

src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php

··· 215 215 216 216 foreach ($forms as $name => $form) { 217 217 if ($name) { 218 - $panel->appendChild('<br /><h1>'.$name.'</h1><br />'); 218 + $panel->appendChild(hsprintf('<br /><h1>%s</h1><br />', $name)); 219 219 } 220 220 $panel->appendChild($form); 221 221 }

+7 -7

src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php

··· 182 182 'href' => $this->getPanelURI('?edit='.$key->getID()), 183 183 ), 184 184 $key->getName()), 185 - phutil_escape_html($key->getKeyComment()), 186 - phutil_escape_html($key->getKeyType()), 185 + $key->getKeyComment(), 186 + $key->getKeyType(), 187 187 phabricator_date($key->getDateCreated(), $user), 188 188 phabricator_time($key->getDateCreated(), $user), 189 189 javelin_tag( ··· 240 240 241 241 $user = $request->getUser(); 242 242 243 - $name = phutil_escape_html($key->getName()); 243 + $name = phutil_tag('strong', array(), $key->getName()); 244 244 245 245 if ($request->isDialogFormPost()) { 246 246 $key->delete(); ··· 252 252 ->setUser($user) 253 253 ->addHiddenInput('delete', $key->getID()) 254 254 ->setTitle('Really delete SSH Public Key?') 255 - ->appendChild( 256 - '<p>The key "<strong>'.$name.'</strong>" will be permanently deleted, '. 257 - 'and you will not longer be able to use the corresponding private key '. 258 - 'to authenticate.</p>') 255 + ->appendChild(phutil_tag('p', array(), pht( 256 + 'The key "%s" will be permanently deleted, and you will not longer be '. 257 + 'able to use the corresponding private key to authenticate.', 258 + $name))) 259 259 ->addSubmitButton('Delete Public Key') 260 260 ->addCancelButton($this->getPanelURI()); 261 261

+3 -4

src/applications/slowvote/controller/PhabricatorSlowvotePollController.php

··· 177 177 178 178 179 179 $panel = new AphrontPanelView(); 180 - $panel->setHeader(phutil_escape_html($poll->getQuestion())); 180 + $panel->setHeader($poll->getQuestion()); 181 181 $panel->setWidth(AphrontPanelView::WIDTH_WIDE); 182 182 183 183 $panel->appendChild($form); 184 - $panel->appendChild('<br /><br />'); 184 + $panel->appendChild(hsprintf('<br /><br />')); 185 185 $panel->appendChild($result_markup); 186 186 187 187 return $this->buildStandardPageResponse( ··· 203 203 foreach ($comments as $comment) { 204 204 $handle = $handles[$comment->getAuthorPHID()]; 205 205 206 - $markup = phutil_safe_html( 207 - $engine->markupText($comment->getCommentText())); 206 + $markup = $engine->markupText($comment->getCommentText()); 208 207 209 208 require_celerity_resource('phabricator-remarkup-css'); 210 209

+3 -3

src/applications/subscriptions/events/PhabricatorSubscriptionsUIEventListener.php

··· 36 36 ->setDisabled(true) 37 37 ->setRenderAsForm(true) 38 38 ->setHref('/subscriptions/add/'.$object->getPHID().'/') 39 - ->setName(phutil_escape_html('Automatically Subscribed')) 39 + ->setName('Automatically Subscribed') 40 40 ->setIcon('subscribe-auto'); 41 41 } else { 42 42 $subscribed = false; ··· 59 59 ->setWorkflow(true) 60 60 ->setRenderAsForm(true) 61 61 ->setHref('/subscriptions/delete/'.$object->getPHID().'/') 62 - ->setName(phutil_escape_html('Unsubscribe')) 62 + ->setName('Unsubscribe') 63 63 ->setIcon('subscribe-delete'); 64 64 } else { 65 65 $sub_action = id(new PhabricatorActionView()) ··· 67 67 ->setWorkflow(true) 68 68 ->setRenderAsForm(true) 69 69 ->setHref('/subscriptions/add/'.$object->getPHID().'/') 70 - ->setName(phutil_escape_html('Subscribe')) 70 + ->setName('Subscribe') 71 71 ->setIcon('subscribe-add'); 72 72 } 73 73

+2 -1

src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php

··· 57 57 ->setTitle($title); 58 58 59 59 foreach ($xactions as $xaction) { 60 - $dialog->appendChild('<p>'.$xaction->getNoEffectDescription().'</p>'); 60 + $dialog->appendChild( 61 + phutil_tag('p', array(), $xaction->getNoEffectDescription())); 61 62 } 62 63 $dialog->appendChild($tail); 63 64

+6 -6

src/applications/transactions/storage/PhabricatorApplicationTransaction.php

··· 134 134 if ($this->renderingTarget == self::TARGET_HTML) { 135 135 return $this->getHandle($phid)->renderLink(); 136 136 } else { 137 - return $this->getHandle($phid)->getName(); 137 + return hsprintf('%s', $this->getHandle($phid)->getName()); 138 138 } 139 139 } 140 140 ··· 143 143 foreach ($phids as $phid) { 144 144 $links[] = $this->renderHandleLink($phid); 145 145 } 146 - return phutil_safe_html(implode(', ', $links)); 146 + return phutil_implode_html(', ', $links); 147 147 } 148 148 149 149 public function getIcon() { ··· 218 218 '%s changed the visibility of this %s from "%s" to "%s".', 219 219 $this->renderHandleLink($author_phid), 220 220 $this->getApplicationObjectTypeName(), 221 - phutil_escape_html($old), 222 - phutil_escape_html($new)); 221 + $old, 222 + $new); 223 223 case PhabricatorTransactions::TYPE_EDIT_POLICY: 224 224 // TODO: Render human-readable. 225 225 return pht( 226 226 '%s changed the edit policy of this %s from "%s" to "%s".', 227 227 $this->renderHandleLink($author_phid), 228 228 $this->getApplicationObjectTypeName(), 229 - phutil_escape_html($old), 230 - phutil_escape_html($new)); 229 + $old, 230 + $new); 231 231 case PhabricatorTransactions::TYPE_SUBSCRIBERS: 232 232 $add = array_diff($new, $old); 233 233 $rem = array_diff($old, $new);

+1 -1

src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php

··· 128 128 'id' => $this->getPreviewPanelID(), 129 129 'style' => 'display: none', 130 130 ), 131 - self::renderHTMLView( 131 + self::renderSingleView( 132 132 array( 133 133 $header, 134 134 $preview,

+2 -2

src/applications/transactions/view/PhabricatorApplicationTransactionView.php

··· 99 99 $event->appendChild( 100 100 $engine->getOutput($xaction->getComment(), $field)); 101 101 } else if ($has_deleted_comment) { 102 - $event->appendChild( 103 - '<em>'.pht('This comment has been deleted.').'</em>'); 102 + $event->appendChild(phutil_tag('em', array(), pht( 103 + 'This comment has been deleted.'))); 104 104 } 105 105 106 106 $events[] = $event;

-3

src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php

··· 297 297 $rows = array(); 298 298 foreach ($results as $result) { 299 299 $wire = $result->getWireFormat(); 300 - foreach ($wire as $k => $v) { 301 - $wire[$k] = phutil_escape_html($v); 302 - } 303 300 $rows[] = $wire; 304 301 } 305 302

+1 -1

src/applications/uiexample/examples/PhabricatorActionListExample.php

··· 104 104 105 105 return array( 106 106 $view, 107 - '<div style="clear: both;"></div>', 107 + hsprintf('<div style="clear: both;"></div>'), 108 108 $notices, 109 109 ); 110 110 }

+2 -2

src/applications/uiexample/examples/PhabricatorButtonsExample.php

··· 35 35 ), 36 36 ucwords($size.' '.$color.' '.$tag)); 37 37 38 - $view[] = '<br /><br />'; 38 + $view[] = hsprintf('<br /><br />'); 39 39 } 40 40 } 41 41 } 42 42 43 - return '<div style="margin: 1em 2em;">'.implode('', $view).'</div>'; 43 + return phutil_tag('div', array('style' => 'margin: 1em 2em;'), $view); 44 44 } 45 45 }

+12 -13

src/applications/uiexample/examples/PhabricatorTagExample.php

··· 19 19 ->setName('@alincoln') 20 20 ->setHref('#'); 21 21 $tags[] = ' how is stuff?'; 22 - $tags[] = '<br /><br />'; 22 + $tags[] = hsprintf('<br /><br />'); 23 23 24 24 25 25 $tags[] = 'Did you hear that '; ··· 41 41 ->setDotColor(PhabricatorTagView::COLOR_GREY) 42 42 ->setHref('#'); 43 43 $tags[] = ' is gone?'; 44 - $tags[] = '<br /><br />'; 44 + $tags[] = hsprintf('<br /><br />'); 45 45 46 46 $tags[] = 'Take a look at '; 47 47 $tags[] = id(new PhabricatorTagView()) ··· 49 49 ->setName('D123') 50 50 ->setHref('#'); 51 51 $tags[] = ' when you get a chance.'; 52 - $tags[] = '<br /><br />'; 52 + $tags[] = hsprintf('<br /><br />'); 53 53 54 54 $tags[] = 'Hmm? '; 55 55 $tags[] = id(new PhabricatorTagView()) ··· 63 63 ->setBackgroundColor(PhabricatorTagView::COLOR_BLACK) 64 64 ->setName('Abandoned'); 65 65 $tags[] = '.'; 66 - $tags[] = '<br /><br />'; 66 + $tags[] = hsprintf('<br /><br />'); 67 67 68 68 $tags[] = 'I hope someone is going to '; 69 69 $tags[] = id(new PhabricatorTagView()) ··· 77 77 ->setBackgroundColor(PhabricatorTagView::COLOR_REDORANGE) 78 78 ->setName('High Priority'); 79 79 $tags[] = '!'; 80 - $tags[] = '<br /><br />'; 80 + $tags[] = hsprintf('<br /><br />'); 81 81 82 82 83 83 $tags[] = id(new PhabricatorHeaderView()) ··· 89 89 ->setType(PhabricatorTagView::TYPE_STATE) 90 90 ->setBackgroundColor($color) 91 91 ->setName(ucwords($color)); 92 - $tags[] = '<br /><br />'; 92 + $tags[] = hsprintf('<br /><br />'); 93 93 } 94 94 95 95 $tags[] = id(new PhabricatorHeaderView()) ··· 101 101 ->setDotColor(PhabricatorTagView::COLOR_RED) 102 102 ->setBarColor(PhabricatorTagView::COLOR_RED) 103 103 ->setName('Christmas'); 104 - $tags[] = '<br /><br />'; 104 + $tags[] = hsprintf('<br /><br />'); 105 105 $tags[] = id(new PhabricatorTagView()) 106 106 ->setType(PhabricatorTagView::TYPE_OBJECT) 107 107 ->setBackgroundColor(PhabricatorTagView::COLOR_ORANGE) 108 108 ->setDotColor(PhabricatorTagView::COLOR_BLACK) 109 109 ->setBarColor(PhabricatorTagView::COLOR_BLACK) 110 110 ->setName('Halloween'); 111 - $tags[] = '<br /><br />'; 111 + $tags[] = hsprintf('<br /><br />'); 112 112 $tags[] = id(new PhabricatorTagView()) 113 113 ->setType(PhabricatorTagView::TYPE_STATE) 114 114 ->setBackgroundColor(PhabricatorTagView::COLOR_MAGENTA) ··· 116 116 ->setBarColor(PhabricatorTagView::COLOR_BLUE) 117 117 ->setName('Easter'); 118 118 119 - return array( 120 - '<div style="padding: 1em 2em;">', 121 - $tags, 122 - '</div>', 123 - ); 119 + return phutil_tag( 120 + 'div', 121 + array('style' => 'padding: 1em 2em;'), 122 + $tags); 124 123 } 125 124 }

+1 -1

src/applications/uiexample/examples/PhabricatorUINotificationExample.php

··· 23 23 ), 24 24 'Show Notification'); 25 25 26 - $content = '<div style="padding: 1em 3em;">'.$content.'</content>'; 26 + $content = hsprintf('<div style="padding: 1em 3em;">%s</div>', $content); 27 27 28 28 return $content; 29 29 }

+6 -6

src/applications/uiexample/examples/PhabricatorUIPagerExample.php

··· 35 35 $panel = new AphrontPanelView(); 36 36 $panel->appendChild($table); 37 37 38 - $panel->appendChild( 38 + $panel->appendChild(hsprintf( 39 39 '<p class="phabricator-ui-example-note">'. 40 40 'Use <tt>AphrontPagerView</tt> to render a pager element.'. 41 - '</p>'); 41 + '</p>')); 42 42 43 43 $pager = new AphrontPagerView(); 44 44 $pager->setPageSize($page_size); ··· 47 47 $pager->setURI($request->getRequestURI(), 'offset'); 48 48 $panel->appendChild($pager); 49 49 50 - $panel->appendChild( 50 + $panel->appendChild(hsprintf( 51 51 '<p class="phabricator-ui-example-note">'. 52 52 'You can show more or fewer pages of surrounding context.'. 53 - '</p>'); 53 + '</p>')); 54 54 55 55 $many_pages_pager = new AphrontPagerView(); 56 56 $many_pages_pager->setPageSize($page_size); ··· 60 60 $many_pages_pager->setSurroundingPages(7); 61 61 $panel->appendChild($many_pages_pager); 62 62 63 - $panel->appendChild( 63 + $panel->appendChild(hsprintf( 64 64 '<p class="phabricator-ui-example-note">'. 65 65 'When it is prohibitively expensive or complex to attain a complete '. 66 66 'count of the items, you can select one extra item and set '. 67 67 '<tt>hasMorePages(true)</tt> if it exists, creating an inexact pager.'. 68 - '</p>'); 68 + '</p>')); 69 69 70 70 $inexact_pager = new AphrontPagerView(); 71 71 $inexact_pager->setPageSize($page_size);

+26 -14

src/docs/developer/rendering_html.diviner

··· 108 108 109 109 If you need to build a list of items with some element in between each of them 110 110 (like a middot, comma, or vertical bar) you can use 111 - @{function:array_interleave}: 111 + @{function:phutil_implode_html}: 112 112 113 113 // Render links with commas between them. 114 114 phutil_tag( 115 115 'div', 116 116 array(), 117 - array_interleave(', ', $list_of_links)); 117 + phutil_implode_html(', ', $list_of_links)); 118 118 119 119 = AphrontView Classes = 120 120 ··· 124 124 125 125 return phutil_tag('div', ...); 126 126 127 - @{class:AphrontView} subclasses can use `renderHTMLChildren()` and 128 - `renderHTMLView()` to build @{class@libphutil:PhutilSafeHTML} objects from 129 - children or arbitrary lists of components. 130 - 131 - @{class:AphrontView} subclasses should avoid `renderChildren()` and 132 - `renderSingleView()` and transition callers to the `HTML` varieties. These older 133 - methods do not return @{class@libphutil:PhutilSafeHTML} objects. 134 - 135 127 = Internationalization: pht() = 136 128 137 129 The @{function:pht} function has some special rules. If any input to ··· 156 148 you are wrong and the string is not actually safe, you have introduced an XSS 157 149 vulnerability. Consequently, you should avoid calling this if possible. 158 150 159 - You can use @{function@libphutil:phutil_escape_html} to explicitly escape an 160 - HTML string. You should not normally need to use it. 161 - 162 151 You can use @{function@libphutil:phutil_escape_html_newlines} to escape HTML 163 - while converting newlines to `<br />`. 152 + while converting newlines to `<br />`. You should not need to explicitly use 153 + @{function@libphutil:phutil_escape_html} anywhere. 154 + 155 + If you need to apply a string function (such as `trim()`) to safe HTML, use 156 + @{method@libphutil:PhutilSafeHTML::applyFunction}. 164 157 165 158 If you need to extract the content of a @{class@libphutil:PhutilSafeHTML} 166 159 object, you should call `getHTMLContent()`, not cast it to a string. Eventually, 167 160 we would like to remove the string cast entirely. 161 + 162 + Functions @{function@libphutil:phutil_tag} and @{function@libphutil:hsprintf} 163 + are not safe if you pass the user input for the tag or attribute name. All the 164 + following examples are dangerous: 165 + 166 + counterexample 167 + phutil_tag($evil); 168 + 169 + phutil_tag('span', array($evil => $evil2)); 170 + 171 + // Use PhutilURI to check if $evil is valid HTTP link. 172 + phutil_tag('a', array('href' => $evil)); 173 + 174 + phutil_tag('span', array('onmouseover' => $evil)); 175 + 176 + hsprintf('<%s>%s</%s>', $evil, $evil2, $evil); 177 + 178 + // We have a lint rule disallowing this. 179 + hsprintf($evil); 168 180 169 181 = Deprecated Functions = 170 182

+5 -3

src/infrastructure/celerity/CelerityStaticResourceResponse.php

··· 98 98 $this->hasRendered[$resource['uri']] = true; 99 99 100 100 $output[] = $this->renderResource($resource); 101 + $output[] = "\n"; 101 102 } 102 - return implode("\n", $output)."\n"; 103 + return phutil_implode_html('', $output); 103 104 } 104 105 105 106 private function renderResource(array $resource) { ··· 180 181 181 182 if ($data) { 182 183 $data = implode("\n", $data); 183 - return '<script type="text/javascript">//<![CDATA['."\n". 184 - $data.'//]]></script>'; 184 + return hsprintf( 185 + '<script type="text/javascript">//<![CDATA['."\n".'%s//]]></script>', 186 + phutil_safe_html($data)); 185 187 } else { 186 188 return ''; 187 189 }

+1 -1

src/infrastructure/diff/PhabricatorInlineCommentController.php

··· 71 71 $dialog->setTitle('Really delete this comment?'); 72 72 $dialog->addHiddenInput('id', $this->getCommentID()); 73 73 $dialog->addHiddenInput('op', 'delete'); 74 - $dialog->appendChild('<p>Delete this inline comment?</p>'); 74 + $dialog->appendChild(hsprintf('<p>Delete this inline comment?</p>')); 75 75 76 76 $dialog->addCancelButton('#'); 77 77 $dialog->addSubmitButton('Delete');

+1 -1

src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php

··· 34 34 $view->setPreview(true); 35 35 $views[] = $view->render(); 36 36 } 37 - $views = implode("\n", $views); 37 + $views = phutil_implode_html("\n", $views); 38 38 39 39 return id(new AphrontAjaxResponse()) 40 40 ->setContent($views);

+21 -14

src/infrastructure/diff/view/PhabricatorInlineSummaryView.php

··· 15 15 16 16 public function render() { 17 17 require_celerity_resource('inline-comment-summary-css'); 18 - return $this->renderHeader().$this->renderTable(); 18 + return hsprintf('%s%s', $this->renderHeader(), $this->renderTable()); 19 19 } 20 20 21 21 private function renderHeader() { ··· 79 79 80 80 $where = idx($item, 'where'); 81 81 82 - $colspan = ($has_where ? '' : ' colspan="2"'); 83 - $rows[] = 82 + $colspan = ($has_where ? null : 2); 83 + $rows[] = hsprintf( 84 84 '<tr>'. 85 - '<td class="inline-line-number">'.$lines.'</td>'. 86 - ($has_where 87 - ? hsprintf('<td class="inline-which-diff">%s</td>', $where) 88 - : null). 89 - '<td class="inline-summary-content"'.$colspan.'>'. 90 - '<div class="phabricator-remarkup">'. 91 - $item['content']. 92 - '</div>'. 93 - '</td>'. 94 - '</tr>'; 85 + '<td class="inline-line-number">%s</td>'. 86 + '%s'. 87 + '%s'. 88 + '</tr>', 89 + $lines, 90 + ($has_where 91 + ? hsprintf('<td class="inline-which-diff">%s</td>', $where) 92 + : null), 93 + phutil_tag( 94 + 'td', 95 + array( 96 + 'class' => 'inline-summary-content', 97 + 'colspan' => $colspan, 98 + ), 99 + hsprintf( 100 + '<div class="phabricator-remarkup">%s</div>', 101 + $item['content']))); 95 102 } 96 103 } 97 104 ··· 100 107 array( 101 108 'class' => 'phabricator-inline-summary-table', 102 109 ), 103 - new PhutilSafeHTML(implode("\n", $rows))); 110 + phutil_implode_html("\n", $rows)); 104 111 } 105 112 106 113 }

+18

src/infrastructure/lint/PhabricatorLintEngine.php

··· 5 5 public function buildLinters() { 6 6 $linters = parent::buildLinters(); 7 7 8 + foreach ($linters as $linter) { 9 + if ($linter instanceof ArcanistPhutilXHPASTLinter) { 10 + $linter->setDeprecatedFunctions(array( 11 + 'phutil_escape_html' => 12 + 'The phutil_escape_html() function is deprecated. Raw strings '. 13 + 'passed to phutil_tag() or hsprintf() are escaped automatically.', 14 + 15 + 'javelin_render_tag' => 16 + 'The javelin_render_tag() function is deprecated and unsafe. '. 17 + 'Use javelin_tag() instead.', 18 + 19 + 'phabricator_render_form' => 20 + 'The phabricator_render_form() function is deprecated and unsafe. '. 21 + 'Use phabricator_form() instead.', 22 + )); 23 + } 24 + } 25 + 8 26 $paths = $this->getPaths(); 9 27 10 28 foreach ($paths as $key => $path) {

+2 -4

src/infrastructure/markup/PhabricatorMarkupEngine.php

··· 41 41 42 42 private $objects = array(); 43 43 private $viewer; 44 - private $version = 2; 44 + private $version = 3; 45 45 46 46 47 47 /* -( Markup Pipeline )---------------------------------------------------- */ ··· 160 160 "Call process() before getOutput()."); 161 161 } 162 162 163 - return new PhutilSafeHTML($this->objects[$key]['output']); 163 + return $this->objects[$key]['output']; 164 164 } 165 165 166 166 ··· 424 424 425 425 $rules[] = new PhabricatorRemarkupRuleMention(); 426 426 427 - $rules[] = new PhutilRemarkupRuleEscapeHTML(); 428 427 $rules[] = new PhutilRemarkupRuleBold(); 429 428 $rules[] = new PhutilRemarkupRuleItalic(); 430 429 $rules[] = new PhutilRemarkupRuleDel(); ··· 450 449 foreach ($blocks as $block) { 451 450 if ($block instanceof PhutilRemarkupEngineRemarkupLiteralBlockRule) { 452 451 $literal_rules = array(); 453 - $literal_rules[] = new PhutilRemarkupRuleEscapeHTML(); 454 452 $literal_rules[] = new PhutilRemarkupRuleLinebreaks(); 455 453 $block->setMarkupRules($literal_rules); 456 454 } else if (

+7 -10

src/infrastructure/markup/rule/PhabricatorRemarkupRuleCountdown.php

··· 8 8 const KEY_RULE_COUNTDOWN = 'rule.countdown'; 9 9 10 10 public function apply($text) { 11 - return preg_replace_callback( 11 + return $this->replaceHTML( 12 12 "@\B{C(\d+)}\B@", 13 13 array($this, 'markupCountdown'), 14 14 $text); 15 15 } 16 16 17 - private function markupCountdown($matches) { 17 + protected function markupCountdown($matches) { 18 18 $countdown = id(new PhabricatorTimer())->load($matches[1]); 19 19 if (!$countdown) { 20 20 return $matches[0]; ··· 46 46 47 47 foreach ($metadata as $id => $info) { 48 48 list($time, $token) = $info; 49 + $prefix = 'phabricator-timer-'; 49 50 $count = phutil_tag( 50 51 'span', 51 52 array( 52 53 'id' => $id, 53 54 ), 54 55 array( 55 - javelin_tag('span', 56 - array('sigil' => 'phabricator-timer-days'), '').'d', 57 - javelin_tag('span', 58 - array('sigil' => 'phabricator-timer-hours'), '').'h', 59 - javelin_tag('span', 60 - array('sigil' => 'phabricator-timer-minutes'), '').'m', 61 - javelin_tag('span', 62 - array('sigil' => 'phabricator-timer-seconds'), '').'s', 56 + javelin_tag('span', array('sigil' => $prefix.'days'), ''), 'd', 57 + javelin_tag('span', array('sigil' => $prefix.'hours'), ''), 'h', 58 + javelin_tag('span', array('sigil' => $prefix.'minutes'), ''), 'm', 59 + javelin_tag('span', array('sigil' => $prefix.'seconds'), ''), 's', 63 60 )); 64 61 Javelin::initBehavior('countdown-timer', array( 65 62 'timestamp' => $time,

+1 -1

src/infrastructure/markup/rule/PhabricatorRemarkupRuleEmbedFile.php

··· 10 10 const KEY_EMBED_FILE_PHIDS = 'phabricator.embedded-file-phids'; 11 11 12 12 public function apply($text) { 13 - return preg_replace_callback( 13 + return $this->replaceHTML( 14 14 "@{F(\d+)([^}]+?)?}@", 15 15 array($this, 'markupEmbedFile'), 16 16 $text);

+5 -3

src/infrastructure/markup/rule/PhabricatorRemarkupRuleImageMacro.php

··· 9 9 private $images; 10 10 11 11 public function apply($text) { 12 - return preg_replace_callback( 12 + return $this->replaceHTML( 13 13 '@^([a-zA-Z0-9:_\-]+)$@m', 14 14 array($this, 'markupImageMacro'), 15 15 $text); ··· 25 25 } 26 26 } 27 27 28 - if (array_key_exists($matches[1], $this->images)) { 29 - $phid = $this->images[$matches[1]]; 28 + $name = (string)$matches[1]; 29 + 30 + if (array_key_exists($name, $this->images)) { 31 + $phid = $this->images[$name]; 30 32 31 33 $file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $phid); 32 34 $style = null;

+1 -1

src/infrastructure/markup/rule/PhabricatorRemarkupRuleMeme.php

··· 9 9 private $images; 10 10 11 11 public function apply($text) { 12 - return preg_replace_callback( 12 + return $this->replaceHTML( 13 13 '@{meme,([^}]+)}$@m', 14 14 array($this, 'markupMeme'), 15 15 $text);

+2 -2

src/infrastructure/markup/rule/PhabricatorRemarkupRuleMention.php

··· 21 21 const REGEX = '/(?<!\w)@([a-zA-Z0-9._-]*[a-zA-Z0-9_-])/'; 22 22 23 23 public function apply($text) { 24 - return preg_replace_callback( 24 + return $this->replaceHTML( 25 25 self::REGEX, 26 26 array($this, 'markupMention'), 27 27 $text); 28 28 } 29 29 30 - private function markupMention($matches) { 30 + protected function markupMention($matches) { 31 31 $engine = $this->getEngine(); 32 32 $token = $engine->storeText(''); 33 33

+2 -2

src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectHandle.php

··· 13 13 14 14 public function apply($text) { 15 15 $prefix = $this->getObjectNamePrefix(); 16 - return preg_replace_callback( 16 + return $this->replaceHTML( 17 17 "@\B{{$prefix}(\d+)}\B@", 18 18 array($this, 'markupObjectHandle'), 19 19 $text); 20 20 } 21 21 22 - private function markupObjectHandle($matches) { 22 + protected function markupObjectHandle($matches) { 23 23 // TODO: These are single gets but should be okay for now, they're behind 24 24 // the cache. 25 25 $phid = $this->loadObjectPHID($matches[1]);

+1 -1

src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectName.php

··· 15 15 public function apply($text) { 16 16 $prefix = $this->getObjectNamePrefix(); 17 17 $id = $this->getObjectIDPattern(); 18 - return preg_replace_callback( 18 + return $this->replaceHTML( 19 19 "@\b({$prefix})({$id})(?:#([-\w\d]+))?\b@", 20 20 array($this, 'markupObjectNameLink'), 21 21 $text);

+2 -2

src/infrastructure/markup/rule/PhabricatorRemarkupRulePhriction.php

··· 7 7 extends PhutilRemarkupRule { 8 8 9 9 public function apply($text) { 10 - return preg_replace_callback( 10 + return $this->replaceHTML( 11 11 '@\B\\[\\[([^|\\]]+)(?:\\|([^\\]]+))?\\]\\]\B@U', 12 12 array($this, 'markupDocumentLink'), 13 13 $text); ··· 28 28 $href = (string) id(new PhutilURI($slug))->setFragment($fragment); 29 29 30 30 if ($this->getEngine()->getState('toc')) { 31 - $text = phutil_escape_html($name); 31 + $text = $name; 32 32 } else { 33 33 $text = phutil_tag( 34 34 'a',

+16 -20

src/infrastructure/markup/rule/PhabricatorRemarkupRuleYoutube.php

··· 10 10 $this->uri = new PhutilURI($text); 11 11 12 12 if ($this->uri->getDomain() && 13 - preg_match('/(^|\.)youtube\.com$/', $this->uri->getDomain())) { 13 + preg_match('/(^|\.)youtube\.com$/', $this->uri->getDomain()) && 14 + idx($this->uri->getQueryParams(), 'v')) { 14 15 return $this->markupYoutubeLink(); 15 16 } 16 17 ··· 19 20 20 21 public function markupYoutubeLink() { 21 22 $v = idx($this->uri->getQueryParams(), 'v'); 22 - if ($v) { 23 - $youtube_src = 'https://www.youtube.com/embed/'.$v; 24 - $iframe = 25 - '<div class="embedded-youtube-video">'. 26 - phutil_tag( 27 - 'iframe', 28 - array( 29 - 'width' => '650', 30 - 'height' => '400', 31 - 'style' => 'margin: 1em auto; border: 0px;', 32 - 'src' => $youtube_src, 33 - 'frameborder' => 0, 34 - ), 35 - ''). 36 - '</div>'; 37 - return $this->getEngine()->storeText($iframe); 38 - } else { 39 - return $this->uri; 40 - } 23 + $youtube_src = 'https://www.youtube.com/embed/'.$v; 24 + $iframe = hsprintf( 25 + '<div class="embedded-youtube-video">%s</div>', 26 + phutil_tag( 27 + 'iframe', 28 + array( 29 + 'width' => '650', 30 + 'height' => '400', 31 + 'style' => 'margin: 1em auto; border: 0px;', 32 + 'src' => $youtube_src, 33 + 'frameborder' => 0, 34 + ), 35 + '')); 36 + return $this->getEngine()->storeText($iframe); 41 37 } 42 38 43 39 }

+21 -21

src/view/AphrontDialogView.php

··· 99 99 ), 100 100 $this->cancelText); 101 101 } 102 - $buttons = implode('', $buttons); 103 102 104 103 if (!$this->user) { 105 104 throw new Exception( ··· 131 130 ); 132 131 133 132 $hidden_inputs = array(); 133 + $hidden_inputs[] = phutil_tag( 134 + 'input', 135 + array( 136 + 'type' => 'hidden', 137 + 'name' => '__dialog__', 138 + 'value' => '1', 139 + )); 140 + 134 141 foreach ($this->hidden as $desc) { 135 142 list($key, $value) = $desc; 136 143 $hidden_inputs[] = javelin_tag( ··· 142 149 'sigil' => 'aphront-dialog-application-input' 143 150 )); 144 151 } 145 - $hidden_inputs = implode("\n", $hidden_inputs); 146 - $hidden_inputs = 147 - '<input type="hidden" name="__dialog__" value="1" />'. 148 - $hidden_inputs; 149 - 150 152 151 153 if (!$this->renderAsForm) { 152 - $buttons = phabricator_render_form( 154 + $buttons = array(phabricator_form( 153 155 $this->user, 154 156 $form_attributes, 155 - $hidden_inputs.$buttons); 157 + array_merge($hidden_inputs, $buttons))); 156 158 } 157 159 158 - $content = 159 - hsprintf('<div class="aphront-dialog-head">%s</div>', $this->title). 160 - '<div class="aphront-dialog-body">'. 161 - $this->renderChildren(). 162 - '</div>'. 163 - '<div class="aphront-dialog-tail">'. 164 - $buttons. 165 - '<div style="clear: both;"></div>'. 166 - '</div>'; 160 + $buttons[] = phutil_tag('div', array('style' => 'clear: both;'), ''); 161 + $children = $this->renderChildren(); 162 + 163 + $content = hsprintf( 164 + '%s%s%s', 165 + phutil_tag('div', array('class' => 'aphront-dialog-head'), $this->title), 166 + phutil_tag('div', array('class' => 'aphront-dialog-body'), $children), 167 + phutil_tag('div', array('class' => 'aphront-dialog-tail'), $buttons)); 167 168 168 169 if ($this->renderAsForm) { 169 - return phabricator_render_form( 170 + return phabricator_form( 170 171 $this->user, 171 172 $form_attributes + $attributes, 172 - $hidden_inputs. 173 - $content); 173 + array($hidden_inputs, $content)); 174 174 } else { 175 - return javelin_render_tag( 175 + return javelin_tag( 176 176 'div', 177 177 $attributes, 178 178 $content);

+2 -2

src/view/AphrontJavelinView.php

··· 21 21 22 22 public function render() { 23 23 $id = celerity_generate_unique_node_id(); 24 - $placeholder = "<span id={$id} />"; 24 + $placeholder = phutil_tag('span', array('id' => $id)); 25 25 26 26 require_celerity_resource($this->getCelerityResource()); 27 27 ··· 32 32 'id' => $id, 33 33 'view' => $this->getName(), 34 34 'params' => $this->getParameters(), 35 - 'children' => $this->renderChildren(), 35 + 'children' => implode('', $this->renderChildren()), 36 36 'trigger_id' => $render_context, 37 37 )); 38 38

+1 -1

src/view/AphrontNullView.php

··· 3 3 final class AphrontNullView extends AphrontView { 4 4 5 5 public function render() { 6 - return $this->renderChildren(); 6 + return phutil_implode_html('', $this->renderChildren()); 7 7 } 8 8 9 9 }

+1 -1

src/view/AphrontTagView.php

··· 87 87 } 88 88 89 89 protected function getTagContent() { 90 - return $this->renderHTMLChildren(); 90 + return $this->renderChildren(); 91 91 } 92 92 93 93 protected function willRender() {

+1 -25

src/view/AphrontView.php

··· 33 33 foreach ($this->children as $child) { 34 34 $out[] = $this->renderSingleView($child); 35 35 } 36 - return implode('', $out); 37 - } 38 - 39 - final protected function renderHTMLChildren() { 40 - $out = array(); 41 - foreach ($this->children as $child) { 42 - $out[] = $this->renderHTMLView($child); 43 - } 44 36 return $out; 45 37 } 46 38 ··· 52 44 foreach ($child as $element) { 53 45 $out[] = $this->renderSingleView($element); 54 46 } 55 - return implode('', $out); 47 + return phutil_implode_html('', $out); 56 48 } else { 57 49 return $child; 58 - } 59 - } 60 - 61 - final protected function renderHTMLView($child) { 62 - if ($child instanceof AphrontView) { 63 - return phutil_safe_html($child->render()); 64 - } else if ($child instanceof PhutilSafeHTML) { 65 - return $child; 66 - } else if (is_array($child)) { 67 - $out = array(); 68 - foreach ($child as $element) { 69 - $out[] = $this->renderHTMLView($element); 70 - } 71 - return phutil_safe_html(implode('', $out)); 72 - } else { 73 - return phutil_safe_html(phutil_escape_html($child)); 74 50 } 75 51 } 76 52

+9 -5

src/view/control/AphrontAttachedFileView.php

··· 44 44 ), 45 45 "\xE2\x9C\x96"); // "Heavy Multiplication X" 46 46 47 - return 47 + return hsprintf( 48 48 '<table class="aphront-attached-file-view"> 49 49 <tr> 50 - <td>'.$thumb.'</td> 51 - <th><strong>'.$name.'</strong><br />'.$size.'</th> 52 - <td class="aphront-attached-file-view-remove">'.$remove.'</td> 50 + <td>%s</td> 51 + <th><strong>%s</strong><br />%s</th> 52 + <td class="aphront-attached-file-view-remove">%s</td> 53 53 </tr> 54 - </table>'; 54 + </table>', 55 + $thumb, 56 + $name, 57 + $size, 58 + $remove); 55 59 } 56 60 57 61 }

+4 -4

src/view/control/AphrontCursorPagerView.php

··· 120 120 "Next \xE2\x80\xBA"); 121 121 } 122 122 123 - return 124 - '<div class="aphront-pager-view">'. 125 - implode('', $links). 126 - '</div>'; 123 + return phutil_tag( 124 + 'div', 125 + array('class' => 'aphront-pager-view'), 126 + $links); 127 127 } 128 128 129 129 }

+5 -5

src/view/control/AphrontPagerView.php

··· 115 115 if ($max - $min > $last) { 116 116 $max = $min + $last; 117 117 if ($max == $min) { 118 - return '<div class="aphront-pager-view"></div>'; 118 + return phutil_tag('div', array('class' => 'aphront-pager-view'), ''); 119 119 } 120 120 } 121 121 ··· 196 196 $label); 197 197 } 198 198 199 - return 200 - '<div class="aphront-pager-view">'. 201 - implode('', $rendered_links). 202 - '</div>'; 199 + return phutil_tag( 200 + 'div', 201 + array('class' => 'aphront-pager-view'), 202 + $rendered_links); 203 203 } 204 204 205 205 private function getDisplayIndex($page_index) {

+33 -40

src/view/control/AphrontTableView.php

··· 111 111 public function render() { 112 112 require_celerity_resource('aphront-table-view-css'); 113 113 114 - $table_class = $this->className; 115 - 116 - if ($this->deviceReadyTable) { 117 - $table_class .= ' aphront-table-view-device-ready'; 118 - } 119 - 120 - if ($table_class !== null) { 121 - $table_class = ' class="aphront-table-view '.$table_class.'"'; 122 - } else { 123 - $table_class = ' class="aphront-table-view"'; 124 - } 125 - $table = array('<table'.$table_class.'>'); 114 + $table = array(); 126 115 127 116 $col_classes = array(); 128 117 foreach ($this->columnClasses as $key => $class) { ··· 151 140 while (count($headers) > count($sort_values)) { 152 141 $sort_values[] = null; 153 142 } 154 - $table[] = '<tr>'; 143 + 144 + $tr = array(); 155 145 foreach ($headers as $col_num => $header) { 156 146 if (!$visibility[$col_num]) { 157 147 continue; ··· 202 192 } 203 193 204 194 if ($classes) { 205 - $class = ' class="'.implode(' ', $classes).'"'; 195 + $class = implode(' ', $classes); 206 196 } else { 207 197 $class = null; 208 198 } ··· 221 211 ), 222 212 $short_headers[$col_num]); 223 213 224 - $header = $header_nodevice.$header_device; 214 + $header = hsprintf('%s %s', $header_nodevice, $header_device); 225 215 } 226 216 227 - $table[] = '<th'.$class.'>'.$header.'</th>'; 217 + $tr[] = phutil_tag('th', array('class' => $class), $header); 228 218 } 229 - $table[] = '</tr>'; 219 + $table[] = phutil_tag('tr', array(), $tr); 230 220 } 231 221 232 222 foreach ($col_classes as $key => $value) { ··· 251 241 while (count($row) > count($visibility)) { 252 242 $visibility[] = true; 253 243 } 254 - $class = idx($this->rowClasses, $row_num); 255 - if ($this->zebraStripes && ($row_num % 2)) { 256 - if ($class !== null) { 257 - $class = 'alt alt-'.$class; 258 - } else { 259 - $class = 'alt'; 260 - } 261 - } 262 - if ($class !== null) { 263 - $class = ' class="'.$class.'"'; 264 - } 265 - $table[] = '<tr'.$class.'>'; 244 + $tr = array(); 266 245 // NOTE: Use of a separate column counter is to allow this to work 267 246 // correctly if the row data has string or non-sequential keys. 268 247 $col_num = 0; ··· 275 254 if (!empty($this->cellClasses[$row_num][$col_num])) { 276 255 $class = trim($class.' '.$this->cellClasses[$row_num][$col_num]); 277 256 } 257 + $tr[] = phutil_tag('td', array('class' => $class), $value); 258 + ++$col_num; 259 + } 260 + 261 + $class = idx($this->rowClasses, $row_num); 262 + if ($this->zebraStripes && ($row_num % 2)) { 278 263 if ($class !== null) { 279 - $table[] = '<td class="'.$class.'">'; 264 + $class = 'alt alt-'.$class; 280 265 } else { 281 - $table[] = '<td>'; 266 + $class = 'alt'; 282 267 } 283 - $table[] = $value.'</td>'; 284 - ++$col_num; 285 268 } 269 + 270 + $table[] = phutil_tag('tr', array('class' => $class), $tr); 286 271 ++$row_num; 287 272 } 288 273 } else { 289 274 $colspan = max(count(array_filter($visibility)), 1); 290 - $table[] = 291 - '<tr class="no-data"><td colspan="'.$colspan.'">'. 292 - coalesce($this->noDataString, 'No data available.'). 293 - '</td></tr>'; 275 + $table[] = hsprintf( 276 + '<tr class="no-data"><td colspan="%s">%s</td></tr>', 277 + $colspan, 278 + coalesce($this->noDataString, 'No data available.')); 294 279 } 295 - $table[] = '</table>'; 296 - $html = implode('', $table); 297 - return '<div class="aphront-table-wrap">'.$html.'</div>'; 280 + 281 + $table_class = 'aphront-table-view'; 282 + if ($this->className !== null) { 283 + $table_class .= ' '.$this->className; 284 + } 285 + if ($this->deviceReadyTable) { 286 + $table_class .= ' aphront-table-view-device-ready'; 287 + } 288 + 289 + $html = phutil_tag('table', array('class' => $table_class), $table); 290 + return hsprintf('<div class="aphront-table-wrap">%s</div>', $html); 298 291 } 299 292 300 293 public static function renderSingleDisplayLine($line) {

+31 -30

src/view/control/PhabricatorObjectSelectorDialog.php

··· 101 101 ), 102 102 $label); 103 103 } 104 - $options = implode("\n", $options); 105 104 106 105 $instructions = null; 107 106 if ($this->instructions) { 108 - $instructions = 109 - '<p class="phabricator-object-selector-instructions">'. 110 - $this->instructions. 111 - '</p>'; 107 + $instructions = phutil_tag( 108 + 'p', 109 + array('class' => 'phabricator-object-selector-instructions'), 110 + $this->instructions); 112 111 } 113 112 114 - $search_box = phabricator_render_form( 113 + $search_box = phabricator_form( 115 114 $user, 116 115 array( 117 116 'method' => 'POST', 118 117 'action' => $this->submitURI, 119 118 'id' => $search_id, 120 119 ), 121 - '<table class="phabricator-object-selector-search"> 122 - <tr> 123 - <td class="phabricator-object-selector-search-filter"> 124 - <select id="'.$filter_id.'">'. 125 - $options. 126 - '</select> 127 - </td> 128 - <td class="phabricator-object-selector-search-text"> 129 - <input type="text" id="'.$query_id.'" /> 130 - </td> 131 - </tr> 132 - </table>'); 133 - $result_box = 134 - '<div class="phabricator-object-selector-results" id="'.$results_id.'">'. 135 - '</div>'; 136 - $attached_box = 120 + hsprintf( 121 + '<table class="phabricator-object-selector-search"> 122 + <tr> 123 + <td class="phabricator-object-selector-search-filter">%s</td> 124 + <td class="phabricator-object-selector-search-text">%s</td> 125 + </tr> 126 + </table>', 127 + phutil_tag('select', array('id' => $filter_id), $options), 128 + phutil_tag('input', array('id' => $query_id)))); 129 + 130 + $result_box = phutil_tag( 131 + 'div', 132 + array( 133 + 'class' => 'phabricator-object-selector-results', 134 + 'id' => $results_id, 135 + ), 136 + ''); 137 + 138 + $attached_box = hsprintf( 137 139 '<div class="phabricator-object-selector-current">'. 138 140 '<div class="phabricator-object-selector-currently-attached">'. 139 - hsprintf( 140 - '<div class="phabricator-object-selector-header">%s</div>', 141 - $this->header). 142 - '<div id="'.$current_id.'">'. 143 - '</div>'. 144 - $instructions. 141 + '<div class="phabricator-object-selector-header">%s</div>'. 142 + '<div id="%s"></div>'. 143 + '%s'. 145 144 '</div>'. 146 - '</div>'; 147 - 145 + '</div>', 146 + $this->header, 147 + $current_id, 148 + $instructions); 148 149 149 150 $dialog = new AphrontDialogView(); 150 151 $dialog

+1 -1

src/view/form/AphrontErrorView.php

··· 92 92 $classes[] = 'aphront-error-severity-'.$this->severity; 93 93 $classes = implode(' ', $classes); 94 94 95 - $children = $this->renderHTMLChildren(); 95 + $children = $this->renderChildren(); 96 96 $children[] = $list; 97 97 98 98 return phutil_tag(

+1 -1

src/view/form/AphrontFormInsetView.php

··· 102 102 $content[] = $this->content; 103 103 } 104 104 105 - $content = array_merge($content, $this->renderHTMLChildren()); 105 + $content = array_merge($content, $this->renderChildren()); 106 106 107 107 return phutil_tag('div', $div_attributes, $content); 108 108 }

+1 -1

src/view/form/AphrontFormLayoutView.php

··· 38 38 array( 39 39 'class' => $classes, 40 40 ), 41 - $this->renderHTMLChildren()); 41 + $this->renderChildren()); 42 42 } 43 43 }

+1 -1

src/view/form/AphrontFormView.php

··· 68 68 69 69 $layout 70 70 ->appendChild($this->renderDataInputs()) 71 - ->appendChild($this->renderHTMLChildren()); 71 + ->appendChild($this->renderChildren()); 72 72 73 73 if (!$this->user) { 74 74 throw new Exception('You must pass the user to AphrontFormView.');

+1 -1

src/view/form/control/AphrontFormCropControl.php

··· 29 29 $file = $this->getValue(); 30 30 31 31 if ($file === null) { 32 - return phutil_render_tag( 32 + return phutil_tag( 33 33 'img', 34 34 array( 35 35 'src' => PhabricatorUser::getDefaultProfileImageURI()

+1 -1

src/view/form/control/PhabricatorRemarkupControl.php

··· 154 154 array( 155 155 'sigil' => 'remarkup-assist-control', 156 156 ), 157 - $this->renderHTMLView( 157 + $this->renderSingleView( 158 158 array( 159 159 $buttons, 160 160 parent::renderInput(),

+6 -8

src/view/layout/AphrontContextBarView.php

··· 15 15 16 16 require_celerity_resource('aphront-contextbar-view-css'); 17 17 18 - return 18 + return hsprintf( 19 19 '<div class="aphront-contextbar-view">'. 20 20 '<div class="aphront-contextbar-core">'. 21 - '<div class="aphront-contextbar-buttons">'. 22 - $view->render(). 23 - '</div>'. 24 - '<div class="aphront-contextbar-content">'. 25 - $this->renderChildren(). 26 - '</div>'. 21 + '<div class="aphront-contextbar-buttons">%s</div>'. 22 + '<div class="aphront-contextbar-content">%s</div>'. 27 23 '</div>'. 28 24 '<div style="clear: both;"></div>'. 29 - '</div>'; 25 + '</div>', 26 + $view->render(), 27 + $this->renderChildren()); 30 28 } 31 29 32 30 }

+6 -9

src/view/layout/AphrontCrumbsView.php

··· 17 17 foreach ($this->crumbs as $crumb) { 18 18 $out[] = $this->renderSingleView($crumb); 19 19 } 20 - $out = implode( 21 - '<span class="aphront-crumbs-spacer">'. 22 - "\xC2\xBB". 23 - '</span>', 20 + $out = phutil_implode_html( 21 + hsprintf('<span class="aphront-crumbs-spacer">'."\xC2\xBB".'</span>'), 24 22 $out); 25 23 26 - return 24 + return hsprintf( 27 25 '<div class="aphront-crumbs-view">'. 28 - '<div class="aphront-crumbs-content">'. 29 - $out. 30 - '</div>'. 31 - '</div>'; 26 + '<div class="aphront-crumbs-content">%s</div>'. 27 + '</div>', 28 + $out); 32 29 } 33 30 34 31 }

+4 -5

src/view/layout/AphrontListFilterView.php

··· 4 4 5 5 public function render() { 6 6 require_celerity_resource('aphront-list-filter-view-css'); 7 - return 7 + return hsprintf( 8 8 '<table class="aphront-list-filter-view">'. 9 9 '<tr>'. 10 - '<td class="aphront-list-filter-view-controls">'. 11 - $this->renderChildren(). 12 - '</td>'. 10 + '<td class="aphront-list-filter-view-controls">%s</td>'. 13 11 '</tr>'. 14 - '</table>'; 12 + '</table>', 13 + $this->renderChildren()); 15 14 } 16 15 17 16 }

+4 -4

src/view/layout/AphrontMiniPanelView.php

··· 3 3 final class AphrontMiniPanelView extends AphrontView { 4 4 5 5 public function render() { 6 - return 7 - '<div class="aphront-mini-panel-view">'. 8 - $this->renderChildren(). 9 - '</div>'; 6 + return phutil_tag( 7 + 'div', 8 + array('class' => 'aphront-mini-panel-view'), 9 + $this->renderChildren()); 10 10 } 11 11 12 12 }

+13 -12

src/view/layout/AphrontPanelView.php

··· 63 63 64 64 public function render() { 65 65 if ($this->header !== null) { 66 - $header = '<h1>'.$this->header.'</h1>'; 66 + $header = phutil_tag('h1', array(), $this->header); 67 67 } else { 68 68 $header = null; 69 69 } ··· 79 79 80 80 $buttons = null; 81 81 if ($this->buttons) { 82 - $buttons = 83 - '<div class="aphront-panel-view-buttons">'. 84 - implode(" ", $this->buttons). 85 - '</div>'; 82 + $buttons = hsprintf( 83 + '<div class="aphront-panel-view-buttons">%s</div>', 84 + phutil_implode_html(" ", $this->buttons)); 86 85 } 87 - $header_elements = 88 - '<div class="aphront-panel-header">'. 89 - $buttons.$header.$caption. 90 - '</div>'; 91 - $table = $this->renderChildren(); 86 + $header_elements = hsprintf( 87 + '<div class="aphront-panel-header">%s%s%s</div>', 88 + $buttons, 89 + $header, 90 + $caption); 91 + 92 + $table = phutil_implode_html('', $this->renderChildren()); 92 93 93 94 require_celerity_resource('aphront-panel-view-css'); 94 95 ··· 98 99 $classes[] = 'aphront-panel-width-'.$this->width; 99 100 } 100 101 101 - return phutil_render_tag( 102 + return phutil_tag( 102 103 'div', 103 104 array( 104 105 'class' => implode(' ', $classes), 105 106 'id' => $this->id, 106 107 ), 107 - $header_elements.$table); 108 + array($header_elements, $table)); 108 109 } 109 110 110 111 }

+16 -11

src/view/layout/AphrontSideNavFilterView.php

··· 231 231 ), 232 232 ''); 233 233 234 - $local_menu = $this->renderHTMLView( 234 + $local_menu = $this->renderSingleView( 235 235 array( 236 236 $menu_background, 237 237 phutil_tag( ··· 277 277 278 278 $nav_classes = array_merge($nav_classes, $this->classes); 279 279 280 - return phutil_render_tag( 280 + return phutil_tag( 281 281 'div', 282 282 array( 283 283 'class' => implode(' ', $nav_classes), 284 284 'id' => $main_id, 285 285 ), 286 - $local_menu. 287 - $flex_bar. 288 - phutil_render_tag( 289 - 'div', 290 - array( 291 - 'class' => 'phabricator-nav-content', 292 - 'id' => $content_id, 293 - ), 294 - $crumbs.$this->renderChildren())); 286 + array( 287 + $local_menu, 288 + $flex_bar, 289 + phutil_tag( 290 + 'div', 291 + array( 292 + 'class' => 'phabricator-nav-content', 293 + 'id' => $content_id, 294 + ), 295 + array( 296 + $crumbs, 297 + phutil_implode_html('', $this->renderChildren()), 298 + )) 299 + )); 295 300 } 296 301 297 302 }

+1 -1

src/view/layout/PhabricatorActionListView.php

··· 42 42 array( 43 43 'class' => 'phabricator-action-list-view', 44 44 ), 45 - $this->renderHTMLView($actions)); 45 + $this->renderSingleView($actions)); 46 46 } 47 47 48 48

+1 -1

src/view/layout/PhabricatorAnchorView.php

··· 39 39 ), 40 40 ''); 41 41 42 - return $this->renderHTMLView(array($marker, $anchor)); 42 + return $this->renderSingleView(array($marker, $anchor)); 43 43 } 44 44 45 45 }

+2 -2

src/view/layout/PhabricatorCrumbsView.php

··· 55 55 array( 56 56 'class' => 'phabricator-crumbs-actions', 57 57 ), 58 - $this->renderHTMLView($actions)); 58 + $this->renderSingleView($actions)); 59 59 } 60 60 61 61 if ($this->crumbs) { ··· 68 68 'class' => 'phabricator-crumbs-view '. 69 69 'sprite-gradient gradient-breadcrumbs', 70 70 ), 71 - $this->renderHTMLView( 71 + $this->renderSingleView( 72 72 array( 73 73 $action_view, 74 74 $this->crumbs,

+1 -4

src/view/layout/PhabricatorFileLinkListView.php

··· 31 31 $file_links[] = $view->render(); 32 32 } 33 33 34 - return $this->renderHTMLView( 35 - array_interleave( 36 - phutil_tag('br'), 37 - $file_links)); 34 + return phutil_implode_html(phutil_tag('br'), $file_links); 38 35 } 39 36 } 40 37

+1 -1

src/view/layout/PhabricatorHeaderView.php

··· 44 44 array( 45 45 'class' => 'phabricator-header-tags', 46 46 ), 47 - $this->renderHTMLView($this->tags)); 47 + $this->renderSingleView($this->tags)); 48 48 } 49 49 50 50 return phutil_tag(

+2 -2

src/view/layout/PhabricatorMenuItemView.php

··· 117 117 $this->name.$external); 118 118 } 119 119 120 - return $this->renderHTMLView( 120 + return $this->renderSingleView( 121 121 array( 122 - $this->renderHTMLChildren(), 122 + $this->renderChildren(), 123 123 $name, 124 124 )); 125 125 }

+1 -1

src/view/layout/PhabricatorMenuView.php

··· 167 167 } 168 168 169 169 protected function getTagContent() { 170 - return $this->renderHTMLView($this->items); 170 + return $this->renderSingleView($this->items); 171 171 } 172 172 }

+3 -3

src/view/layout/PhabricatorObjectItemListView.php

··· 48 48 } 49 49 50 50 if ($this->items) { 51 - $items = $this->renderHTMLView($this->items); 51 + $items = $this->renderSingleView($this->items); 52 52 } else { 53 53 $string = nonempty($this->noDataString, pht('No data.')); 54 54 $items = id(new AphrontErrorView()) ··· 58 58 59 59 $pager = null; 60 60 if ($this->pager) { 61 - $pager = $this->renderHTMLView($this->pager); 61 + $pager = $this->renderSingleView($this->pager); 62 62 } 63 63 64 64 $classes[] = 'phabricator-object-item-list-view'; ··· 71 71 array( 72 72 'class' => implode(' ', $classes), 73 73 ), 74 - $this->renderHTMLView( 74 + $this->renderSingleView( 75 75 array( 76 76 $header, 77 77 $items,

+2 -2

src/view/layout/PhabricatorObjectItemView.php

··· 166 166 array( 167 167 'class' => 'phabricator-object-item-content', 168 168 ), 169 - $this->renderHTMLView( 169 + $this->renderSingleView( 170 170 array( 171 171 $header, 172 172 $attrs, 173 - $this->renderHTMLChildren(), 173 + $this->renderChildren(), 174 174 ))); 175 175 176 176 return phutil_tag(

+2 -2

src/view/layout/PhabricatorPinboardItemView.php

··· 55 55 'height' => $this->imageHeight, 56 56 ))); 57 57 58 - $content = $this->renderHTMLChildren(); 58 + $content = $this->renderChildren(); 59 59 if ($content) { 60 60 $content = phutil_tag( 61 61 'div', ··· 70 70 array( 71 71 'class' => 'phabricator-pinboard-item-view', 72 72 ), 73 - $this->renderHTMLView( 73 + $this->renderSingleView( 74 74 array( 75 75 $header, 76 76 $image,

+1 -1

src/view/layout/PhabricatorPinboardView.php

··· 31 31 array( 32 32 'class' => 'phabricator-pinboard-view', 33 33 ), 34 - $this->renderHTMLView($this->items)); 34 + $this->renderSingleView($this->items)); 35 35 } 36 36 37 37 }

+5 -4

src/view/layout/PhabricatorProfileHeaderView.php

··· 65 65 <tr> 66 66 <td class="profile-header-description">%s</td> 67 67 </tr> 68 - </table>', 68 + </table> 69 + %s', 69 70 $this->profileName, 70 - phutil_safe_html(self::renderSingleView($this->profileActions)), 71 + self::renderSingleView($this->profileActions), 71 72 $image, 72 - $description). 73 - $this->renderChildren(); 73 + $description, 74 + phutil_implode_html('', $this->renderChildren())); 74 75 } 75 76 }

+3 -3

src/view/layout/PhabricatorPropertyListView.php

··· 78 78 array( 79 79 'class' => 'phabricator-property-list-view', 80 80 ), 81 - $this->renderHTMLView($items)); 81 + $this->renderSingleView($items)); 82 82 } 83 83 84 84 private function renderPropertyPart(array $part) { ··· 99 99 array( 100 100 'class' => 'phabricator-property-list-value', 101 101 ), 102 - $this->renderHTMLView($value)); 102 + $this->renderSingleView($value)); 103 103 } 104 104 105 105 $list = phutil_tag( ··· 107 107 array( 108 108 'class' => 'phabricator-property-list-properties', 109 109 ), 110 - $this->renderHTMLView($items)); 110 + $this->renderSingleView($items)); 111 111 112 112 $shortcuts = null; 113 113 if ($this->hasKeyboardShortcuts) {

+9 -11

src/view/layout/PhabricatorSourceCodeView.php

··· 38 38 ), 39 39 pht('...')); 40 40 } else { 41 - $content_number = phutil_escape_html($line_number); 42 - $content_line = "\xE2\x80\x8B".$line; 41 + $content_number = $line_number; 42 + $content_line = hsprintf("\xE2\x80\x8B%s", $line); 43 43 } 44 44 45 45 // TODO: Provide nice links. 46 46 47 - $rows[] = 47 + $rows[] = hsprintf( 48 48 '<tr>'. 49 - '<th class="phabricator-source-line">'. 50 - $content_number. 51 - '</th>'. 52 - '<td class="phabricator-source-code">'. 53 - $content_line. 54 - '</td>'. 55 - '</tr>'; 49 + '<th class="phabricator-source-line">%s</th>'. 50 + '<td class="phabricator-source-code">%s</td>'. 51 + '</tr>', 52 + $content_number, 53 + $content_line); 56 54 57 55 if ($hit_limit) { 58 56 break; ··· 76 74 array( 77 75 'class' => implode(' ', $classes), 78 76 ), 79 - new PhutilSafeHTML(implode('', $rows)))); 77 + phutil_implode_html('', $rows))); 80 78 } 81 79 82 80 }

+4 -4

src/view/layout/PhabricatorTimelineEventView.php

··· 100 100 } 101 101 102 102 public function render() { 103 - $content = $this->renderHTMLChildren(); 103 + $content = $this->renderChildren(); 104 104 105 105 $title = $this->title; 106 106 if (($title === null) && $this->isEmptyContent($content)) { ··· 138 138 ), 139 139 array($title, $extra)); 140 140 141 - $title = $this->renderHTMLView(array($icon, $title)); 141 + $title = $this->renderSingleView(array($icon, $title)); 142 142 } 143 143 144 144 $wedge = phutil_tag( ··· 275 275 ->setAnchorName($this->anchor) 276 276 ->render(); 277 277 278 - $date = $this->renderHTMLView( 278 + $date = $this->renderSingleView( 279 279 array( 280 280 $anchor, 281 281 phutil_tag( ··· 296 296 array( 297 297 'class' => 'phabricator-timeline-extra', 298 298 ), 299 - array_interleave(" \xC2\xB7 ", $extra)); 299 + phutil_implode_html(" \xC2\xB7 ", $extra)); 300 300 } 301 301 302 302 return $extra;

+27 -25

src/view/layout/PhabricatorTransactionView.php

··· 58 58 $actions = $this->renderTransactionActions(); 59 59 $style = $this->renderTransactionStyle(); 60 60 $content = $this->renderTransactionContent(); 61 - $classes = phutil_escape_html(implode(' ', $this->classes)); 61 + $classes = implode(' ', $this->classes); 62 62 63 63 $transaction_id = $this->anchorName ? 'anchor-'.$this->anchorName : null; 64 64 65 - return phutil_render_tag( 65 + return phutil_tag( 66 66 'div', 67 67 array( 68 68 'class' => 'phabricator-transaction-view', 69 69 'id' => $transaction_id, 70 70 'style' => $style, 71 71 ), 72 - '<div class="phabricator-transaction-detail '.$classes.'">'. 73 - '<div class="phabricator-transaction-header">'. 74 - $info. 75 - $actions. 76 - '</div>'. 77 - $content. 78 - '</div>'); 72 + hsprintf( 73 + '<div class="phabricator-transaction-detail %s">'. 74 + '<div class="phabricator-transaction-header">%s%s</div>'. 75 + '%s'. 76 + '</div>', 77 + $classes, 78 + $info, 79 + $actions, 80 + $content)); 79 81 80 82 } 81 83 ··· 105 107 ->setAnchorName($this->anchorName) 106 108 ->render(); 107 109 108 - $info[] = $anchor.phutil_tag( 109 - 'a', 110 - array( 111 - 'href' => '#'.$this->anchorName, 112 - ), 113 - $this->anchorText); 110 + $info[] = hsprintf( 111 + '%s%s', 112 + $anchor, 113 + phutil_tag( 114 + 'a', 115 + array('href' => '#'.$this->anchorName), 116 + $this->anchorText)); 114 117 } 115 118 116 - $info = implode(' · ', $info); 119 + $info = phutil_implode_html(" \xC2\xB7 ", $info); 117 120 118 - return 119 - '<span class="phabricator-transaction-info">'. 120 - $info. 121 - '</span>'; 121 + return hsprintf( 122 + '<span class="phabricator-transaction-info">%s</span>', 123 + $info); 122 124 } 123 125 124 126 private function renderTransactionActions() { 125 - return implode('', $this->actions); 127 + return phutil_implode_html('', $this->actions); 126 128 } 127 129 128 130 private function renderTransactionStyle() { ··· 138 140 if (!$content) { 139 141 return null; 140 142 } 141 - return 142 - '<div class="phabricator-transaction-content">'. 143 - $content. 144 - '</div>'; 143 + return phutil_tag( 144 + 'div', 145 + array('class' => 'phabricator-transaction-content'), 146 + $this->renderSingleView($content)); 145 147 } 146 148 147 149 }

+18 -16

src/view/page/AphrontPageView.php

··· 22 22 } 23 23 24 24 protected function getBody() { 25 - return $this->renderChildren(); 25 + return phutil_implode_html('', $this->renderChildren()); 26 26 } 27 27 28 28 protected function getTail() { ··· 45 45 46 46 $this->willRenderPage(); 47 47 48 - $title = phutil_escape_html($this->getTitle()); 48 + $title = $this->getTitle(); 49 49 $head = $this->getHead(); 50 50 $body = $this->getBody(); 51 51 $tail = $this->getTail(); 52 52 53 53 $body_classes = $this->getBodyClasses(); 54 54 55 - $body = phutil_render_tag( 55 + $body = phutil_tag( 56 56 'body', 57 57 array( 58 58 'class' => nonempty($body_classes, null), 59 59 ), 60 - $body.$tail); 61 - 62 - $response = <<<EOHTML 63 - <!DOCTYPE html> 64 - <html> 65 - <head> 66 - <meta charset="UTF-8" /> 67 - <title>{$title}</title> 68 - {$head} 69 - </head> 70 - {$body} 71 - </html> 60 + array($body, $tail)); 72 61 73 - EOHTML; 62 + $response = hsprintf( 63 + '<!DOCTYPE html>'. 64 + '<html>'. 65 + '<head>'. 66 + '<meta charset="UTF-8" />'. 67 + '<title>%s</title>'. 68 + '%s'. 69 + '</head>'. 70 + '%s'. 71 + '</html>', 72 + $title, 73 + $head, 74 + $body); 74 75 75 76 $response = $this->willSendResponse($response); 77 + 76 78 return $response; 77 79 78 80 }

+6 -6

src/view/page/AphrontRequestFailureView.php

··· 13 13 final public function render() { 14 14 require_celerity_resource('aphront-request-failure-view-css'); 15 15 16 - return 16 + return hsprintf( 17 17 '<div class="aphront-request-failure-view">'. 18 18 '<div class="aphront-request-failure-head">'. 19 - phutil_tag('h1', array(), $this->header). 20 - '</div>'. 21 - '<div class="aphront-request-failure-body">'. 22 - $this->renderChildren(). 19 + '<h1>%s</h1>'. 23 20 '</div>'. 24 - '</div>'; 21 + '<div class="aphront-request-failure-body">%s</div>'. 22 + '</div>', 23 + $this->header, 24 + $this->renderChildren()); 25 25 } 26 26 27 27 }

+7 -17

src/view/page/PhabricatorBarePageView.php

··· 55 55 protected function willRenderPage() { 56 56 // We render this now to resolve static resources so they can appear in the 57 57 // document head. 58 - $this->bodyContent = $this->renderChildren(); 58 + $this->bodyContent = phutil_implode_html('', $this->renderChildren()); 59 59 } 60 60 61 61 protected function getHead() { 62 62 $framebust = null; 63 63 if (!$this->getFrameable()) { 64 - $framebust = '(top != self) && top.location.replace(self.location.href);'; 64 + $framebust = '(top == self) || top.location.replace(self.location.href);'; 65 65 } 66 66 67 67 $viewport_tag = null; ··· 78 78 79 79 $response = CelerityAPI::getStaticResourceResponse(); 80 80 81 - $head = array( 81 + return hsprintf( 82 + '%s<script type="text/javascript">%s window.__DEV__=%s;</script>%s', 82 83 $viewport_tag, 83 - 84 - '<script type="text/javascript">'. 85 - $framebust. 86 - 'window.__DEV__='. 87 - (PhabricatorEnv::getEnvConfig('phabricator.developer-mode') 88 - ? '1' 89 - : '0'). 90 - ';'. 91 - '</script>', 92 - 93 - $response->renderResourcesOfType('css'), 94 - ); 95 - 96 - return implode("\n", $head); 84 + $framebust, 85 + (PhabricatorEnv::getEnvConfig('phabricator.developer-mode') ? '1' : '0'), 86 + $response->renderResourcesOfType('css')); 97 87 } 98 88 99 89 protected function getBody() {

+19 -20

src/view/page/PhabricatorStandardPageView.php

··· 212 212 213 213 $response = CelerityAPI::getStaticResourceResponse(); 214 214 215 - $head = array( 215 + return hsprintf( 216 + '%s<style type="text/css">.PhabricatorMonospaced { font: %s; }</style>%s', 216 217 parent::getHead(), 217 - '<style type="text/css">'. 218 - '.PhabricatorMonospaced { font: '.$monospaced.'; }'. 219 - '</style>', 220 - $response->renderSingleResource('javelin-magical-init'), 221 - ); 222 - 223 - return implode("\n", $head); 218 + phutil_safe_html($monospaced), 219 + $response->renderSingleResource('javelin-magical-init')); 224 220 } 225 221 226 222 public function setGlyph($glyph) { ··· 239 235 $console = $request->getApplicationConfiguration()->getConsole(); 240 236 241 237 if ($console) { 242 - $response = str_replace( 243 - '<darkconsole />', 238 + $response = PhutilSafeHTML::applyFunction( 239 + 'str_replace', 240 + hsprintf('<darkconsole />'), 244 241 $console->render($request), 245 242 $response); 246 243 } ··· 295 292 } 296 293 297 294 return 298 - phutil_render_tag( 295 + phutil_tag( 299 296 'div', 300 297 array( 301 298 'id' => 'base-page', 302 299 'class' => 'phabricator-standard-page', 303 300 ), 304 - $developer_warning. 305 - $setup_warning. 306 - $header_chrome. 307 - '<div class="phabricator-standard-page-body">'. 308 - ($console ? '<darkconsole />' : null). 309 - parent::getBody(). 310 - '<div style="clear: both;"></div>'. 311 - '</div>'); 301 + hsprintf( 302 + '%s%s%s'. 303 + '<div class="phabricator-standard-page-body">'. 304 + '%s%s<div style="clear: both;"></div>'. 305 + '</div>', 306 + $developer_warning, 307 + $setup_warning, 308 + $header_chrome, 309 + ($console ? hsprintf('<darkconsole />') : null), 310 + parent::getBody())); 312 311 } 313 312 314 313 protected function getTail() { ··· 357 356 $response->renderHTMLFooter(), 358 357 ); 359 358 360 - return implode("\n", $tail); 359 + return phutil_implode_html("\n", $tail); 361 360 } 362 361 363 362 protected function getBodyClasses() {

+1 -1

src/view/page/menu/PhabricatorMainMenuGroupView.php

···

+8 -7

src/view/page/menu/PhabricatorMainMenuSearchView.php

···

+10 -7

src/view/page/menu/PhabricatorMainMenuView.php

············

Configure Feed

Configure Feed