Arlolra has uploaded a new change for review.
https://gerrit.wikimedia.org/r/74586
Change subject: Protect Parsoid-generated attributes.
......................................................................
Protect Parsoid-generated attributes.
Strip user provided content when necessary.
Bug: 48772
Change-Id: I76c27639f73c505166d00c24b7164035378613a8
---
M js/lib/ext.core.AttributeExpander.js
M js/lib/pegTokenizer.pegjs.txt
M js/tests/parserTests.txt
3 files changed, 30 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Parsoid
refs/changes/86/74586/1
diff --git a/js/lib/ext.core.AttributeExpander.js
b/js/lib/ext.core.AttributeExpander.js
index 0312693..1129eaf 100644
--- a/js/lib/ext.core.AttributeExpander.js
+++ b/js/lib/ext.core.AttributeExpander.js
@@ -138,6 +138,16 @@
*/
AttributeExpander.prototype.onToken = function ( token, frame, cb ) {
// console.warn( 'AttributeExpander.onToken: ', JSON.stringify( token )
);
+
+ // Remove protected attributes marked for stripping in tokenizer.
+ if ( typeof token.attribs === "object" &&
+ Object.getOwnPropertyDescriptor(token, "attribs").writable
+ ) {
+ token.attribs = token.attribs.filter(function ( attr ) {
+ return !attr.strip;
+ });
+ }
+
if ( (token.constructor === TagTk ||
token.constructor === SelfclosingTagTk) &&
token.attribs &&
diff --git a/js/lib/pegTokenizer.pegjs.txt b/js/lib/pegTokenizer.pegjs.txt
index 881feff..e5732a5 100644
--- a/js/lib/pegTokenizer.pegjs.txt
+++ b/js/lib/pegTokenizer.pegjs.txt
@@ -1700,9 +1700,9 @@
v:generic_attribute_newline_value { return v; })?
{
//console.warn('generic_newline_attribute: ' + pp( name ))
- var res;
+ var res, value = '';
if ( valueData !== '' ) {
- var value = valueData.value;
+ value = valueData.value;
res = new KV( name, value );
res.vsrc = valueData.valueSrc;
} else {
@@ -1711,6 +1711,13 @@
if ( name.constructor === Array ) {
res.ksrc = input.substring( namePos0, namePos );
}
+
+ // Mark protected attributes for stripping.
+ res.strip = typeof name === "string" && ( /^data-parsoid.*/.test( name ) ||
+ ( [ "typeof", "rel", "property" ].indexOf( name.toLowerCase() ) > -1 &&
+ typeof value === "string" && /^mw:.*/.test( value ) ) ||
+ [ "about" ].indexOf( name.toLowerCase() ) > -1 );
+
return res;
}
diff --git a/js/tests/parserTests.txt b/js/tests/parserTests.txt
index 3084e95..2c086e6 100644
--- a/js/tests/parserTests.txt
+++ b/js/tests/parserTests.txt
@@ -16307,6 +16307,17 @@
</p>
!!end
+!!test
+Strip protected attributes from wt
+!!options
+parsoid=wt2html
+!!input
+<div typeof="mw:placeholder" data-parsoid="weird" about="time"
REL="mw:true">foo</div>
+!!result
+<body><div data-parsoid='{"stx":"html","dsr":[0,86,77,6]}'>foo</div>
+</body>
+!!end
+
# -----------------------------------------------------------------
# The following section of tests are primarily to spec requirements
# around serialization of new/edited content.
--
To view, visit https://gerrit.wikimedia.org/r/74586
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I76c27639f73c505166d00c24b7164035378613a8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Parsoid
Gerrit-Branch: master
Gerrit-Owner: Arlolra <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
