https://www.mediawiki.org/wiki/Special:Code/MediaWiki/111901
Revision: 111901
Author: dantman
Date: 2012-02-20 00:42:24 +0000 (Mon, 20 Feb 2012)
Log Message:
-----------
Followup r111891; Update the test to also make sure things like http-equiv and
rel=stylesheet don't link through. And update the sanitizer code so that bad
<link> and <meta> tags show in proper plaintext when tidy is enabled just like
they do when not.
Modified Paths:
--------------
trunk/phase3/includes/Sanitizer.php
trunk/phase3/tests/parser/parserTests.txt
Modified: trunk/phase3/includes/Sanitizer.php
===================================================================
--- trunk/phase3/includes/Sanitizer.php 2012-02-20 00:23:54 UTC (rev 111900)
+++ trunk/phase3/includes/Sanitizer.php 2012-02-20 00:42:24 UTC (rev 111901)
@@ -564,16 +564,24 @@
preg_match(
'/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
$x, $regs );
@list( /* $qbar */, $slash, $t, $params,
$brace, $rest ) = $regs;
+ $badtag = false;
if ( isset( $htmlelements[$t = strtolower( $t
)] ) ) {
if( is_callable( $processCallback ) ) {
call_user_func_array(
$processCallback, array( &$params, $args ) );
}
+
+ if ( !Sanitizer::validateTag( $params,
$t ) ) {
+ $badtag = true;
+ }
+
$newparams =
Sanitizer::fixTagAttributes( $params, $t );
- $rest = str_replace( '>', '>', $rest
);
- $text .=
"<$slash$t$newparams$brace$rest";
- } else {
- $text .= '<' . str_replace( '>',
'>', $x);
+ if ( !$badtag ) {
+ $rest = str_replace( '>',
'>', $rest );
+ $text .=
"<$slash$t$newparams$brace$rest";
+ continue;
+ }
}
+ $text .= '<' . str_replace( '>', '>', $x);
}
}
wfProfileOut( __METHOD__ );
Modified: trunk/phase3/tests/parser/parserTests.txt
===================================================================
--- trunk/phase3/tests/parser/parserTests.txt 2012-02-20 00:23:54 UTC (rev
111900)
+++ trunk/phase3/tests/parser/parserTests.txt 2012-02-20 00:42:24 UTC (rev
111901)
@@ -5425,16 +5425,20 @@
<div itemscope>
<meta itemprop="hello" content="world">
<meta http-equiv="refresh" content="5">
+ <meta itemprop="hello" http-equiv="refresh" content="5">
<link itemprop="hello" href="{{SERVER}}">
<link rel="stylesheet" href="{{SERVER}}">
+ <link rel="stylesheet" itemprop="hello" href="{{SERVER}}">
</div>
!! result
<div itemscope="itemscope">
<p> <meta itemprop="hello" content="world" />
<meta http-equiv="refresh" content="5">
+ <meta itemprop="hello" content="5" />
</p>
<link itemprop="hello" href="http://Britney-Spears" />
<link rel="stylesheet" href="<a rel="nofollow" class="external free"
href="http://Britney-Spears";>http://Britney-Spears</a>">
+ <link itemprop="hello" href="http://Britney-Spears" />
</div>
!! end
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
