jenkins-bot has submitted this change and it was merged.

Change subject: Implement Sanitizer's escapeId
......................................................................


Implement Sanitizer's escapeId

 * Will be useful if/when we generate meta tags with munged ids.

 * Moves some utilities from the Sanitizer's prototype to the constructor
   for use without instantiation.  Necessary for a follow up patch I'm
   working on.

Change-Id: I8758a7af37788a93d2326c7930bb82b9ad138f27
---
M lib/ext.core.Sanitizer.js
M lib/mediawiki.Util.js
2 files changed, 37 insertions(+), 19 deletions(-)

Approvals:
  Subramanya Sastry: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/lib/ext.core.Sanitizer.js b/lib/ext.core.Sanitizer.js
index 08e952b..06cc10c 100644
--- a/lib/ext.core.Sanitizer.js
+++ b/lib/ext.core.Sanitizer.js
@@ -810,12 +810,11 @@
  *
  * gwicke: Use Util.decodeEntities instead?
  */
-Sanitizer.prototype.decodeEntity = function(name) {
-       if (this.constants.htmlEntityAliases[name]) {
-               name = this.constants.htmlEntityAliases[name];
+Sanitizer.decodeEntity = function(name) {
+       if (SanitizerConstants.htmlEntityAliases[name]) {
+               name = SanitizerConstants.htmlEntityAliases[name];
        }
-
-       var e = this.constants.htmlEntities[name];
+       var e = SanitizerConstants.htmlEntities[name];
        return e ? Util.codepointToUtf8(e) : "&" + name + ";";
 };
 
@@ -823,11 +822,11 @@
  * Return UTF-8 string for a codepoint if that is a valid
  * character reference, otherwise U+FFFD REPLACEMENT CHARACTER.
  */
-Sanitizer.prototype.decodeChar = function(codepoint) {
+Sanitizer.decodeChar = function(codepoint) {
        if (Util.validateCodepoint(codepoint)) {
                return Util.codepointToUtf8(codepoint);
        } else {
-               return this.constants.UTF8_REPLACEMENT;
+               return SanitizerConstants.UTF8_REPLACEMENT;
        }
 };
 
@@ -835,15 +834,14 @@
  * Decode any character references, numeric or named entities,
  * in the text and return a UTF-8 string.
  */
-Sanitizer.prototype.decodeCharReferences = function(text) {
-       var sanitizer = this;
-       return text.replace(sanitizer.constants.CHAR_REFS_RE, function() {
+Sanitizer.decodeCharReferences = function(text) {
+       return text.replace(SanitizerConstants.CHAR_REFS_RE, function() {
                if (arguments[1]) {
-                       return sanitizer.decodeEntity(arguments[1]);
+                       return Sanitizer.decodeEntity(arguments[1]);
                } else if (arguments[2]) {
-                       return sanitizer.decodeChar(parseInt(arguments[2], 10));
+                       return Sanitizer.decodeChar(parseInt(arguments[2], 10));
                } else if (arguments[3]) {
-                       return sanitizer.decodeChar(parseInt(arguments[3], 16));
+                       return Sanitizer.decodeChar(parseInt(arguments[3], 16));
                } else {
                        return arguments[4];
                }
@@ -873,7 +871,7 @@
        }
 
        // Decode character references like {
-       text = this.decodeCharReferences(text);
+       text = Sanitizer.decodeCharReferences(text);
        text = text.replace(this.constants.cssDecodeRE, function() {
                                var c;
                                if (arguments[1] !== undefined) {
@@ -940,8 +938,23 @@
        return text;
 };
 
-Sanitizer.prototype.escapeId = function(id, options) {
-       // SSS: Not ported -- is this relevant for security?
+Sanitizer.escapeId = function(id, options) {
+       options = options || {};
+
+       id = Sanitizer.decodeCharReferences(id);
+
+       // Assume $wgExperimentalHtmlIds is `false` for now.
+
+       id = id.replace(/ /g, '_');
+       id = Util.urlencode(id);
+       id = id.replace(/%3A/g, ':');
+       id = id.replace(/%/g, '.');
+
+       if (!/^[a-zA-Z]/.test(id) && !options.hasOwnProperty('noninitial')) {
+               // Initial character must be a letter!
+               id = 'x' + id;
+       }
+
        return id;
 };
 
@@ -1019,9 +1032,9 @@
                        v = this.checkCss(v);
                }
 
-               if (k === 'id') {
-                       v = this.escapeId(v, ['noninitial']);
-               }
+               // if (k === 'id') {
+               //      v = Sanitizer.escapeId(v, { 'noninitial': true });
+               // }
 
                // RDFa and microdata properties allow URLs, URIs and/or CURIs.
                // Check them for sanity
diff --git a/lib/mediawiki.Util.js b/lib/mediawiki.Util.js
index 8946ab9..f93c331 100644
--- a/lib/mediawiki.Util.js
+++ b/lib/mediawiki.Util.js
@@ -1031,6 +1031,11 @@
                return num + '';
        },
 
+       // php's urlencode
+       urlencode: function(txt) {
+               return encodeURIComponent(txt).replace(/%20/g, '+');
+       },
+
        decodeURI: function(s) {
                return s.replace(/(%[0-9a-fA-F][0-9a-fA-F])+/g, function(m) {
                        try {

-- 
To view, visit https://gerrit.wikimedia.org/r/226032
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I8758a7af37788a93d2326c7930bb82b9ad138f27
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/services/parsoid
Gerrit-Branch: master
Gerrit-Owner: Arlolra <[email protected]>
Gerrit-Reviewer: Cscott <[email protected]>
Gerrit-Reviewer: Subramanya Sastry <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to