From df9752e9c1bfd3eaff132b15817baa1c6e989506 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 10 Apr 2013 18:01:04 +0100
Subject: add comment to Unified Diff Formatter making it clear the output is
 unsafe for use in HTML as is

---
 inc/DifferenceEngine.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inc/DifferenceEngine.php')

diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php
index e0fbf8e03..783d6bea5 100644
--- a/inc/DifferenceEngine.php
+++ b/inc/DifferenceEngine.php
@@ -1004,6 +1004,8 @@ class InlineWordLevelDiff extends MappedDiff {
  * "Unified" diff formatter.
  *
  * This class formats the diff in classic "unified diff" format.
+ *
+ * NOTE: output is plain text and unsafe for use in HTML without escaping.
  */
 class UnifiedDiffFormatter extends DiffFormatter {
 
-- 
cgit v1.2.3


From bfd197d22f32f74940afadf1e308828773dbde18 Mon Sep 17 00:00:00 2001
From: hArpanet <github@harpanet.com>
Date: Mon, 20 May 2013 20:12:52 +0200
Subject: Added comment to DiffFormatter _escape() method

Clarify use of _escape() method in base class.
---
 inc/DifferenceEngine.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'inc/DifferenceEngine.php')

diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php
index 783d6bea5..07df7a4be 100644
--- a/inc/DifferenceEngine.php
+++ b/inc/DifferenceEngine.php
@@ -817,7 +817,16 @@ class DiffFormatter {
         $this->_added($closing);
     }
 
-    function _escape($str){
+    /**
+     * Escape string
+     * 
+     * Override this method within other formatters if escaping required.
+     * Base class requires $str to be returned WITHOUT escaping.
+     * 
+     * @param $str string Text string to escape
+     * @return string The escaped string.
+     */
+     function _escape($str){
         return $str;
     }
 }
-- 
cgit v1.2.3