Arlolra has uploaded a new change for review.
https://gerrit.wikimedia.org/r/113482
Change subject: Fix crasher
......................................................................
Fix crasher
* Introduced in 4d1f0abc7403a33f0aa4e6c0ee616f2b7b030a09. Tokens are
still being shared. Requires further work.
* Some other cleanup while investigating.
Bug: 61298
Change-Id: Iebd2e14bc12d6caddfbac98fea65da0fb8725fab
---
M lib/ext.core.Sanitizer.js
M lib/ext.core.TemplateHandler.js
M lib/mediawiki.TokenTransformManager.js
3 files changed, 20 insertions(+), 14 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid
refs/changes/82/113482/1
diff --git a/lib/ext.core.Sanitizer.js b/lib/ext.core.Sanitizer.js
index 7b436dc..85f1b5d 100644
--- a/lib/ext.core.Sanitizer.js
+++ b/lib/ext.core.Sanitizer.js
@@ -732,6 +732,10 @@
// XXX: Likely better done in AttributeTransformManager when
processing is
// complete
if (attribs && attribs.length > 0) {
+ // FIXME: there's still some token sharing going on and
templates
+ // contained in templates end up getting attributes
stipped
+ // this is #61298
+ token = token.clone();
// is this an htmlpre?
var p = token.getAttribute( "property" );
@@ -764,6 +768,7 @@
// EndTagTk, drop attributes
token.attribs = [];
}
+
}
}
@@ -932,6 +937,12 @@
k === "content" &&
/(?:^|\s)mw:.+?(?=$|\s)/.test(Util.lookup(attrs, 'property'));
};
+// RDFa and microdata properties allow URLs, URIs and/or CURIs.
+var mircoData = JSUtils.arrayToSet([
+ 'rel', 'rev', 'about', 'property', 'resource', 'datatype', 'typeof', //
RDFa
+ 'itemid', 'itemprop', 'itemref', 'itemscope', 'itemtype' // HTML5
microdata
+]);
+
Sanitizer.prototype.sanitizeTagAttrs = function(token, attrs) {
var tag = token.name;
var allowRdfa = this.constants.globalConfig.allowRdfaAttrs;
@@ -990,11 +1001,7 @@
// RDFa and microdata properties allow URLs, URIs and/or CURIs.
// Check them for sanity
- if (k === 'rel' || k === 'rev' ||
- k === 'about' || k === 'property' || k === 'resource'
|| // RDFa
- k === 'datatype' || k === 'typeof' ||
// RDFa
- k === 'itemid' || k === 'itemprop' || k === 'itemref'
|| // HTML5 microdata
- k === 'itemscope' || k === 'itemtype' ) {
// HTML5 microdata
+ if ( mircoData.has( k ) ) {
// Paranoia. Allow "simple" values but suppress
javascript
if (v.match(evilUriRE)) {
@@ -1032,7 +1039,7 @@
}
// SSS FIXME: We are right now adding shadow information for all
sanitized
- // attributes. This is being doing for minimizing dirty diffs for the
first
+ // attributes. This is being done to minimize dirty diffs for the first
// cut. It can be reasonably argued that we can permanently delete
dangerous
// and unacceptable attributes in the interest of safety/security and
the
// resultant dirty diffs should be acceptable. But, this is something
to do
diff --git a/lib/ext.core.TemplateHandler.js b/lib/ext.core.TemplateHandler.js
index 852b131..a137be7 100644
--- a/lib/ext.core.TemplateHandler.js
+++ b/lib/ext.core.TemplateHandler.js
@@ -437,7 +437,7 @@
} else {
newCB = cb;
}
- this.parserFunctions[target](state.token, this.manager.frame,
newCB, pfAttribs);
+ this.parserFunctions[target](state.token, frame, newCB,
pfAttribs);
return;
}
@@ -912,10 +912,9 @@
*/
TemplateHandler.prototype.onTemplateArg = function (token, frame, cb) {
- // SSS FIXME: Are 'frame' and 'this.manager.frame' different?
- var args = this.manager.frame.args.named();
- var attribs = token.attribs;
- var newCB;
+ var args = frame.args.named(),
+ attribs = token.attribs,
+ newCB;
if (this.options.wrapTemplates) {
// This is a bare use of template arg syntax at the top level
diff --git a/lib/mediawiki.TokenTransformManager.js
b/lib/mediawiki.TokenTransformManager.js
index 5a1c05a..3ed163b 100644
--- a/lib/mediawiki.TokenTransformManager.js
+++ b/lib/mediawiki.TokenTransformManager.js
@@ -140,9 +140,9 @@
TokenTransformManager.prototype.addTransform = function ( transformation,
debug_name, rank, type, name ) {
var t = {
rank: rank,
- name: debug_name
+ name: debug_name,
+ transform: transformation
};
- t.transform = transformation;
if (type === 'any') {
// Record the any transformation
@@ -555,7 +555,7 @@
// don't process the array in this phase.
accumChain.push( token );
} else {
- workStack.pushChunk( Object.isFrozen( token ) ?
token.slice() : token );
+ workStack.pushChunk( token );
}
continue;
} else if ( token.constructor === ParserValue ) {
--
To view, visit https://gerrit.wikimedia.org/r/113482
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iebd2e14bc12d6caddfbac98fea65da0fb8725fab
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/parsoid
Gerrit-Branch: master
Gerrit-Owner: Arlolra <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
