File Sanitizer.php has 1036 lines of code (exceeds 250 allowed). Consider refactoring.

Open

<?php
/**
 * HTML sanitizer for %MediaWiki.
 *
 * Copyright © 2002-2005 Brooke Vibber <bvibber@wikimedia.org> et al

Method setupAttributesAllowedInternal has 186 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    private static function setupAttributesAllowedInternal(): array {
        static $allowed;

        if ( $allowed !== null ) {
            return $allowed;

Sanitizer has 49 functions (exceeds 20 allowed). Consider refactoring.

Open

class Sanitizer {
    /**
     * Regular expression to match various types of character references in
     * Sanitizer::normalizeCharReferences and Sanitizer::decodeCharReferences.
     * Note that HTML5 allows some named entities to omit the trailing

Function validateAttributes has a Cognitive Complexity of 36 (exceeds 5 allowed). Consider refactoring.

Open

    public static function validateAttributes( array $attribs, array $allowed ): array {
        if ( isset( $allowed[0] ) ) {
            // Calling this function with a sequential array is
            // deprecated.  For now just convert it.
            wfDeprecated( __METHOD__ . ' with sequential array', '1.35' );

• Read up
  Read up

Function internalRemoveHtmlTags has a Cognitive Complexity of 31 (exceeds 5 allowed). Consider refactoring.

Open

    public static function internalRemoveHtmlTags( string $text, ?callable $processCallback = null,
        $args = [], array $extratags = [], array $removetags = []
    ): string {
        $tagData = self::getRecognizedTagData( $extratags, $removetags );
        $htmlsingle = $tagData['htmlsingle'];

• Read up
  Read up

Method validateAttributes has 76 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function validateAttributes( array $attribs, array $allowed ): array {
        if ( isset( $allowed[0] ) ) {
            // Calling this function with a sequential array is
            // deprecated.  For now just convert it.
            wfDeprecated( __METHOD__ . ' with sequential array', '1.35' );

Method getRecognizedTagData has 74 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function getRecognizedTagData( array $extratags = [], array $removetags = [] ): array {
        static $commonCase, $staticInitialised;
        $isCommonCase = ( $extratags === [] && $removetags === [] );
        if ( $staticInitialised === false && $isCommonCase && $commonCase ) {
            return $commonCase;

Consider simplifying this complex logical expression.

Open

            if ( $attribute === 'rel' || $attribute === 'rev'
                # RDFa
                || $attribute === 'about' || $attribute === 'property'
                || $attribute === 'resource' || $attribute === 'datatype'
                || $attribute === 'typeof'

Method cleanUrl has 62 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function cleanUrl( string $url ): string {
        # Normalize any HTML entities in input. They will be
        # re-escaped by makeExternalLink().
        $url = self::decodeCharReferences( $url );

Method internalRemoveHtmlTags has 40 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function internalRemoveHtmlTags( string $text, ?callable $processCallback = null,
        $args = [], array $extratags = [], array $removetags = []
    ): string {
        $tagData = self::getRecognizedTagData( $extratags, $removetags );
        $htmlsingle = $tagData['htmlsingle'];

Function removeHTMLcomments has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.

Open

    public static function removeHTMLcomments( string $text ): string {
        while ( ( $start = strpos( $text, '<!--' ) ) !== false ) {
            $end = strpos( $text, '-->', $start + 4 );
            if ( $end === false ) {
                # Unterminated comment; bail out

• Read up
  Read up

Method removeHTMLcomments has 29 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function removeHTMLcomments( string $text ): string {
        while ( ( $start = strpos( $text, '<!--' ) ) !== false ) {
            $end = strpos( $text, '-->', $start + 4 );
            if ( $end === false ) {
                # Unterminated comment; bail out

Method removeSomeTags has 28 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function removeSomeTags(
        string $text, array $options = []
    ): string {
        $extraTags = $options['extraTags'] ?? [];
        $removeTags = $options['removeTags'] ?? [];

Method safeEncodeAttribute has 26 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public static function safeEncodeAttribute( string $text ): string {
        $encValue = self::encodeAttribute( $text );

        # Templates and links may be expanded in later parsing,
        # creating invalid or dangerous output. Suppress this.

Function validateTag has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

Open

    private static function validateTag( string $params, string $element ): bool {
        $params = self::decodeTagAttributes( $params );

        if ( $element == 'meta' || $element == 'link' ) {
            if ( !isset( $params['itemprop'] ) ) {

• Read up
  Read up

Function validateCodepoint has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.

Open

    private static function validateCodepoint( int $codepoint ): bool {
        # U+000C is valid in HTML5 but not allowed in XML.
        # U+000D is valid in XML but not allowed in HTML5.
        # U+007F - U+009F are disallowed in HTML5 (control characters).
        return $codepoint == 0x09

• Read up
  Read up

Method removeHTMLtags has 5 arguments (exceeds 4 allowed). Consider refactoring.

Open

    public static function removeHTMLtags( string $text, ?callable $processCallback = null,
        $args = [], array $extratags = [], array $removetags = []

Method internalRemoveHtmlTags has 5 arguments (exceeds 4 allowed). Consider refactoring.

Open

    public static function internalRemoveHtmlTags( string $text, ?callable $processCallback = null,
        $args = [], array $extratags = [], array $removetags = []

Function getRecognizedTagData has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    public static function getRecognizedTagData( array $extratags = [], array $removetags = [] ): array {
        static $commonCase, $staticInitialised;
        $isCommonCase = ( $extratags === [] && $removetags === [] );
        if ( $staticInitialised === false && $isCommonCase && $commonCase ) {
            return $commonCase;

• Read up
  Read up

Function cssDecodeCallback has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    private static function cssDecodeCallback( array $matches ): string {
        if ( $matches[1] !== '' ) {
            // Line continuation
            return '';
        } elseif ( $matches[2] !== '' ) {

• Read up
  Read up

Function hackDocType has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    public static function hackDocType(): string {
        $out = "<!DOCTYPE html [\n";
        foreach ( HTMLData::$namedEntityTranslations as $entity => $translation ) {
            if ( substr( $entity, -1 ) !== ';' ) {
                // Some HTML entities omit the trailing semicolon;

• Read up
  Read up

Avoid too many return statements within this method.

Open

        return $matches[0];

Function decodeTagAttributes has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

Open

    public static function decodeTagAttributes( string $text ): array {
        if ( trim( $text ) == '' ) {
            return [];
        }

• Read up
  Read up