[MediaWiki-commits] [Gerrit] Run mw.html.escape on page extract and title - change (mediawiki...Popups)

Mon, 01 Dec 2014 11:44:22 -0800 

MaxSem has submitted this change and it was merged.

Change subject: Run mw.html.escape on page extract and title
......................................................................


Run mw.html.escape on page extract and title

Add test for XSS attack

Bug: T69180
Change-Id: I213169bd9daed979e63f50cf3926f7196eb6181c
---
M resources/ext.popups.renderer.article.js
M tests/qunit/ext.popups.renderer.article.test.js
2 files changed, 8 insertions(+), 1 deletion(-)

Approvals:
  MaxSem: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/resources/ext.popups.renderer.article.js 
b/resources/ext.popups.renderer.article.js
index ed65b59..bf54b81 100644
--- a/resources/ext.popups.renderer.article.js
+++ b/resources/ext.popups.renderer.article.js
@@ -149,6 +149,8 @@
         * @return {String}
         */
        article.getProcessedHtml = function ( extract, title ) {
+               extract = mw.html.escape( extract );
+               title = mw.html.escape( title );
                title = title.replace( /([.?*+^$[\]\\(){}|-])/g, '\\$1' ); // 
Escape RegExp elements
                var regExp = new RegExp( '(^|\\s)(' + title + ')(\\s|$)', 'ig' 
);
                // Make title bold in the extract text
diff --git a/tests/qunit/ext.popups.renderer.article.test.js 
b/tests/qunit/ext.popups.renderer.article.test.js
index 1ebd7e1..0aef5b9 100644
--- a/tests/qunit/ext.popups.renderer.article.test.js
+++ b/tests/qunit/ext.popups.renderer.article.test.js
@@ -2,7 +2,7 @@
 
        QUnit.module( 'ext.popups' );
        QUnit.test( 'render.article.getProcessedHtml', function ( assert ) {
-               QUnit.expect( 6 );
+               QUnit.expect( 7 );
 
                function test ( extract, title, expected ) {
                        assert.equal(
@@ -41,6 +41,11 @@
                        '<b>Brackets</b> ) are funny ( when not used properly'
                );
 
+               test(
+                       'Epic XSS <script>alert("XSS")</script> is epic', 'Epic 
XSS',
+                       '<b>Epic XSS</b> &lt;script&gt;alert&lt;/script&gt; is 
epic'
+               );
+
        } );
 
 } ) ( jQuery, mediaWiki );

-- 
To view, visit https://gerrit.wikimedia.org/r/176715
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I213169bd9daed979e63f50cf3926f7196eb6181c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Popups
Gerrit-Branch: master
Gerrit-Owner: MaxSem <maxsem.w...@gmail.com>
Gerrit-Reviewer: MaxSem <maxsem.w...@gmail.com>
Gerrit-Reviewer: Prtksxna <psax...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to