CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/201037
Change subject: SECURITY: Escape > in Html::expandAttributes
......................................................................
SECURITY: Escape > in Html::expandAttributes
Escape > characters in attributes, so we don't confuse post-processing,
like LanguageConverter.
Bug: T73394
Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
---
M includes/Html.php
M tests/parser/parserTests.txt
2 files changed, 7 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/37/201037/1
diff --git a/includes/Html.php b/includes/Html.php
index 2187b5b..7fa901f 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -525,17 +525,20 @@
} else {
# Apparently we need to entity-encode \n, \r,
\t, although the
# spec doesn't mention that. Since we're doing
strtr() anyway,
- # and we don't need <> escaped here, we may as
well not call
- # htmlspecialchars().
+ # we may as well not call htmlspecialchars().
# @todo FIXME: Verify that we actually need to
# escape \n\r\t here, and explain why, exactly.
#
# We could call Sanitizer::encodeAttribute()
for this, but we
# don't because we're stubborn and like our
marginal savings on
# byte size from not having to encode
unnecessary quotes.
+ # The only difference between this transform
and the one by
+ # Sanitizer::encodeAttribute() is '<' is only
encoded here if
+ # $wgWellFormedXml is set, and ' is not encoded.
$map = array(
'&' => '&',
'"' => '"',
+ '>' => '>',
"\n" => ' ',
"\r" => ' ',
"\t" => '	'
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index c833ef0..22fe118 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -4506,7 +4506,7 @@
<li class="toclevel-1 tocsection-5"><a href="#text_.22_text"><span
class="tocnumber">5</span> <span class="toctext">text " text</span></a></li>
</ul>
</td></tr></table>
-<h2><span class="editsection">[<a
href="/index.php?title=Parser_test&action=edit&section=1" title="Edit
section: text > text">edit</a>]</span> <span class="mw-headline"
id="text_.3E_text"> text > text </span></h2>
+<h2><span class="editsection">[<a
href="/index.php?title=Parser_test&action=edit&section=1" title="Edit
section: text > text">edit</a>]</span> <span class="mw-headline"
id="text_.3E_text"> text > text </span></h2>
<p>section 1
</p>
<h2><span class="editsection">[<a
href="/index.php?title=Parser_test&action=edit&section=2" title="Edit
section: text < text">edit</a>]</span> <span class="mw-headline"
id="text_.3C_text"> text < text </span></h2>
@@ -9165,7 +9165,7 @@
</ul>
</td></tr></table>
<h2><span class="editsection">[<a
href="/index.php?title=Parser_test&action=edit&section=1" title="Edit
section: Hello">edit</a>]</span> <span class="mw-headline" id="Hello"> <sup
class="in-h2">Hello</sup> </span></h2>
-<h2><span class="editsection">[<a
href="/index.php?title=Parser_test&action=edit&section=2" title="Edit
section: b">Evilbye">edit</a>]</span> <span class="mw-headline"
id="b.22.3EEvilbye"> <sup> b">Evilbye</sup> </span></h2>
+<h2><span class="editsection">[<a
href="/index.php?title=Parser_test&action=edit&section=2" title="Edit
section: b">Evilbye">edit</a>]</span> <span class="mw-headline"
id="b.22.3EEvilbye"> <sup> b">Evilbye</sup> </span></h2>
!! end
--
To view, visit https://gerrit.wikimedia.org/r/201037
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp <cste...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
