jenkins-bot has submitted this change and it was merged.
Change subject: Run mw.html.escape on page extract and title
......................................................................
Run mw.html.escape on page extract and title
Add tests for XSS attack
Bug: T69180
Change-Id: I0c423b1046257a0ddacec1315bafcbf1f94b9958
(cherry picked from commit a98b009b49e5dc8af56898b68cf009678722a40b)
---
M resources/ext.popups.renderer.article.js
M tests/qunit/ext.popups.renderer.article.test.js
2 files changed, 8 insertions(+), 1 deletion(-)
Approvals:
MaxSem: Looks good to me, approved
jenkins-bot: Verified
diff --git a/resources/ext.popups.renderer.article.js
b/resources/ext.popups.renderer.article.js
index 972fa6a..698c588 100644
--- a/resources/ext.popups.renderer.article.js
+++ b/resources/ext.popups.renderer.article.js
@@ -147,6 +147,8 @@
* @return {String}
*/
article.getProcessedHtml = function ( extract, title ) {
+ extract = mw.html.escape( extract );
+ title = mw.html.escape( title );
title = title.replace( /([.?*+^$[\]\\(){}|-])/g, '\\$1' ); //
Escape RegExp elements
var regExp = new RegExp( '(^|\\s)(' + title + ')(\\s|$)', 'ig'
);
// Make title bold in the extract text
diff --git a/tests/qunit/ext.popups.renderer.article.test.js
b/tests/qunit/ext.popups.renderer.article.test.js
index 1ebd7e1..0aef5b9 100644
--- a/tests/qunit/ext.popups.renderer.article.test.js
+++ b/tests/qunit/ext.popups.renderer.article.test.js
@@ -2,7 +2,7 @@
QUnit.module( 'ext.popups' );
QUnit.test( 'render.article.getProcessedHtml', function ( assert ) {
- QUnit.expect( 6 );
+ QUnit.expect( 7 );
function test ( extract, title, expected ) {
assert.equal(
@@ -41,6 +41,11 @@
'<b>Brackets</b> ) are funny ( when not used properly'
);
+ test(
+ 'Epic XSS <script>alert("XSS")</script> is epic', 'Epic
XSS',
+ '<b>Epic XSS</b> <script>alert</script> is
epic'
+ );
+
} );
} ) ( jQuery, mediaWiki );
--
To view, visit https://gerrit.wikimedia.org/r/180434
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0c423b1046257a0ddacec1315bafcbf1f94b9958
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Popups
Gerrit-Branch: REL1_24
Gerrit-Owner: Mglaser <[email protected]>
Gerrit-Reviewer: MaxSem <[email protected]>
Gerrit-Reviewer: Prtksxna <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
