CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201222
Change subject: SECURITY: Escape > in Html::expandAttributes ...................................................................... SECURITY: Escape > in Html::expandAttributes Escape > characters in attributes, so we don't confuse post-processing, like LanguageConverter. Bug: T73394 Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 --- M includes/Html.php M tests/parser/parserTests.txt 2 files changed, 7 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/22/201222/1 diff --git a/includes/Html.php b/includes/Html.php index 4b69885..effc488 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -600,17 +600,20 @@ } else { // Apparently we need to entity-encode \n, \r, \t, although the // spec doesn't mention that. Since we're doing strtr() anyway, - // and we don't need <> escaped here, we may as well not call - // htmlspecialchars(). + // we may as well not call htmlspecialchars(). // @todo FIXME: Verify that we actually need to // escape \n\r\t here, and explain why, exactly. # // We could call Sanitizer::encodeAttribute() for this, but we // don't because we're stubborn and like our marginal savings on // byte size from not having to encode unnecessary quotes. + // The only difference between this transform and the one by + // Sanitizer::encodeAttribute() is '<' is only encoded here if + // $wgWellFormedXml is set, and ' is not encoded. $map = array( '&' => '&', '"' => '"', + '>' => '>', "\n" => ' ', "\r" => ' ', "\t" => '	' diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 2b7f4cd..f660678 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -13901,7 +13901,7 @@ </ul> </div> -<h2><span class="mw-headline" id="text_.3E_text">text > text</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: text > text">edit</a><span class="mw-editsection-bracket">]</span></span></h2> +<h2><span class="mw-headline" id="text_.3E_text">text > text</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: text > text">edit</a><span class="mw-editsection-bracket">]</span></span></h2> <p>section 1 </p> <h2><span class="mw-headline" id="text_.3C_text">text < text</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: text < text">edit</a><span class="mw-editsection-bracket">]</span></span></h2> @@ -19608,7 +19608,7 @@ </div> <h2><span class="mw-headline" id="Hello"><sup class="in-h2">Hello</sup></span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: Hello">edit</a><span class="mw-editsection-bracket">]</span></span></h2> -<h2><span class="mw-headline" id="b.22.3EEvilbye"><sup> b">Evilbye</sup></span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: b">Evilbye">edit</a><span class="mw-editsection-bracket">]</span></span></h2> +<h2><span class="mw-headline" id="b.22.3EEvilbye"><sup> b">Evilbye</sup></span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: b">Evilbye">edit</a><span class="mw-editsection-bracket">]</span></span></h2> !! end -- To view, visit https://gerrit.wikimedia.org/r/201222 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp <cste...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits