[MediaWiki-commits] [Gerrit] SECURITY: Fix XSS via __proto__ - change (mediawiki...Kartographer)
jenkins-bot has submitted this change and it was merged. Change subject: SECURITY: Fix XSS via __proto__ .. SECURITY: Fix XSS via __proto__ Bug: T134719 Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 (cherry picked from commit 78bec3f4ecbd877719ad5fbcc8e6c0b4c19035ce) --- M includes/SimpleStyleParser.php M tests/phpunit/KartographerTest.php 2 files changed, 41 insertions(+), 9 deletions(-) Approvals: Mattflaschen: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/SimpleStyleParser.php b/includes/SimpleStyleParser.php index 5acca96..48deb2e 100644 --- a/includes/SimpleStyleParser.php +++ b/includes/SimpleStyleParser.php @@ -17,8 +17,6 @@ class SimpleStyleParser { private static $parsedProps = [ 'title', 'description' ]; - private static $recursedProps = [ 'geometry', 'geometries', 'features' ]; - /** @var Parser */ private $parser; @@ -153,15 +151,18 @@ return; } - if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { - $this->sanitizeProperties( $json->properties ); - } - - foreach ( self::$recursedProps as $prop ) { - if ( property_exists( $json, $prop ) ) { + foreach ( array_keys( get_object_vars( $json ) ) as $prop ) { + // https://phabricator.wikimedia.org/T134719 + if ( $prop[0] === '_' ) { + unset( $json->$prop ); + } else { $this->sanitize( $json->$prop ); } } + + if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { + $this->sanitizeProperties( $json->properties ); + } } /** diff --git a/tests/phpunit/KartographerTest.php b/tests/phpunit/KartographerTest.php index 65c858e..8995c7c 100644 --- a/tests/phpunit/KartographerTest.php +++ b/tests/phpunit/KartographerTest.php @@ -67,8 +67,37 @@ "marker-size": "medium", "marker-color": "0050d0" } - }'; + }'; /** @noinspection HtmlUnknownTarget */ + $xssJson = '[ + { + "__proto__": { "some": "bad stuff" }, + "type": "Feature", + "geometry": { + "type": "Point", + "coordinates": [-122.3988, 37.8013] + }, + "properties": { + "__proto__": { "foo": "bar" }, + "title": "Foo bar" + } + }, + { + "type": "GeometryCollection", + "geometries": [ + { + "__proto__": "recurse me", + "type": "Point", + "coordinates": [ 0, 0 ], + "properties": { "__proto__": "is evil" } + } + ] + } +]'; + $xssJsonSanitized = '{"_a4d5387a1b7974bf854321421a36d913101f5724":[ + {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]},"properties":{"title":"Foo bar"}}, + {"type":"GeometryCollection","geometries":[{"type":"Point","coordinates":[0,0],"properties":{}}]} + ]}'; $wikitextJsonParsed = '{"_be34df99c99d1efd9eaa8eabc87a43f2541a67e5":[ {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]}, "properties":{"title":"scriptalert(document.cookie);\/script", @@ -98,8 +127,10 @@ }', 'Invalid JSON 6' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], + // Bugs [ 'null', "\t\r\n ", 'T127345: whitespace-only tag content, ' ], + [ $xssJsonSanitized, "$xssJson", 'T134719: XSS via __proto__' ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/294650 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Kartographer Gerrit-Branch: wmf/1.28.0-wmf.6 Gerrit-Owner: MattflaschenGerrit-Reviewer: Mattflaschen Gerrit-Reviewer: MaxSem Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix XSS via __proto__ - change (mediawiki...Kartographer)
Mattflaschen has uploaded a new change for review. https://gerrit.wikimedia.org/r/294650 Change subject: SECURITY: Fix XSS via __proto__ .. SECURITY: Fix XSS via __proto__ Bug: T134719 Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 (cherry picked from commit 78bec3f4ecbd877719ad5fbcc8e6c0b4c19035ce) --- M includes/SimpleStyleParser.php M tests/phpunit/KartographerTest.php 2 files changed, 41 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Kartographer refs/changes/50/294650/1 diff --git a/includes/SimpleStyleParser.php b/includes/SimpleStyleParser.php index 5acca96..48deb2e 100644 --- a/includes/SimpleStyleParser.php +++ b/includes/SimpleStyleParser.php @@ -17,8 +17,6 @@ class SimpleStyleParser { private static $parsedProps = [ 'title', 'description' ]; - private static $recursedProps = [ 'geometry', 'geometries', 'features' ]; - /** @var Parser */ private $parser; @@ -153,15 +151,18 @@ return; } - if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { - $this->sanitizeProperties( $json->properties ); - } - - foreach ( self::$recursedProps as $prop ) { - if ( property_exists( $json, $prop ) ) { + foreach ( array_keys( get_object_vars( $json ) ) as $prop ) { + // https://phabricator.wikimedia.org/T134719 + if ( $prop[0] === '_' ) { + unset( $json->$prop ); + } else { $this->sanitize( $json->$prop ); } } + + if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { + $this->sanitizeProperties( $json->properties ); + } } /** diff --git a/tests/phpunit/KartographerTest.php b/tests/phpunit/KartographerTest.php index 65c858e..8995c7c 100644 --- a/tests/phpunit/KartographerTest.php +++ b/tests/phpunit/KartographerTest.php @@ -67,8 +67,37 @@ "marker-size": "medium", "marker-color": "0050d0" } - }'; + }'; /** @noinspection HtmlUnknownTarget */ + $xssJson = '[ + { + "__proto__": { "some": "bad stuff" }, + "type": "Feature", + "geometry": { + "type": "Point", + "coordinates": [-122.3988, 37.8013] + }, + "properties": { + "__proto__": { "foo": "bar" }, + "title": "Foo bar" + } + }, + { + "type": "GeometryCollection", + "geometries": [ + { + "__proto__": "recurse me", + "type": "Point", + "coordinates": [ 0, 0 ], + "properties": { "__proto__": "is evil" } + } + ] + } +]'; + $xssJsonSanitized = '{"_a4d5387a1b7974bf854321421a36d913101f5724":[ + {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]},"properties":{"title":"Foo bar"}}, + {"type":"GeometryCollection","geometries":[{"type":"Point","coordinates":[0,0],"properties":{}}]} + ]}'; $wikitextJsonParsed = '{"_be34df99c99d1efd9eaa8eabc87a43f2541a67e5":[ {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]}, "properties":{"title":"scriptalert(document.cookie);\/script", @@ -98,8 +127,10 @@ }', 'Invalid JSON 6' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], + // Bugs [ 'null', "\t\r\n ", 'T127345: whitespace-only tag content, ' ], + [ $xssJsonSanitized, "$xssJson", 'T134719: XSS via __proto__' ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/294650 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Kartographer Gerrit-Branch: wmf/1.28.0-wmf.6 Gerrit-Owner: MattflaschenGerrit-Reviewer: MaxSem ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix XSS via __proto__ - change (mediawiki...Kartographer)
jenkins-bot has submitted this change and it was merged. Change subject: SECURITY: Fix XSS via __proto__ .. SECURITY: Fix XSS via __proto__ Bug: T134719 Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 --- M includes/SimpleStyleParser.php M tests/phpunit/KartographerTest.php 2 files changed, 42 insertions(+), 9 deletions(-) Approvals: MaxSem: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/SimpleStyleParser.php b/includes/SimpleStyleParser.php index 1157748..714ab27 100644 --- a/includes/SimpleStyleParser.php +++ b/includes/SimpleStyleParser.php @@ -14,8 +14,6 @@ class SimpleStyleParser { private static $parsedProps = [ 'title', 'description' ]; - private static $recursedProps = [ 'geometry', 'geometries', 'features' ]; - /** @var Parser */ private $parser; @@ -145,15 +143,18 @@ return; } - if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { - $this->sanitizeProperties( $json->properties ); - } - - foreach ( self::$recursedProps as $prop ) { - if ( property_exists( $json, $prop ) ) { + foreach ( array_keys( get_object_vars( $json ) ) as $prop ) { + // https://phabricator.wikimedia.org/T134719 + if ( $prop[0] === '_' ) { + unset( $json->$prop ); + } else { $this->sanitize( $json->$prop ); } } + + if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { + $this->sanitizeProperties( $json->properties ); + } } /** diff --git a/tests/phpunit/KartographerTest.php b/tests/phpunit/KartographerTest.php index 4d5ad2e..47610c6 100644 --- a/tests/phpunit/KartographerTest.php +++ b/tests/phpunit/KartographerTest.php @@ -64,7 +64,37 @@ "marker-size": "medium", "marker-color": "0050d0" } - }'; + }'; + /** @noinspection HtmlUnknownTarget */ + $xssJson = '[ + { + "__proto__": { "some": "bad stuff" }, + "type": "Feature", + "geometry": { + "type": "Point", + "coordinates": [-122.3988, 37.8013] + }, + "properties": { + "__proto__": { "foo": "bar" }, + "title": "Foo bar" + } + }, + { + "type": "GeometryCollection", + "geometries": [ + { + "__proto__": "recurse me", + "type": "Point", + "coordinates": [ 0, 0 ], + "properties": { "__proto__": "is evil" } + } + ] + } +]'; + $xssJsonSanitized = '{"_a4d5387a1b7974bf854321421a36d913101f5724":[ + {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]},"properties":{"title":"Foo bar"}}, + {"type":"GeometryCollection","geometries":[{"type":"Point","coordinates":[0,0],"properties":{}}]} + ]}'; $wikitextJsonParsed = '{"_be34df99c99d1efd9eaa8eabc87a43f2541a67e5":[ {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]}, "properties":{"title":"scriptalert(document.cookie);\/script", @@ -79,8 +109,10 @@ [ "{\"_4622d19afa2e6480c327846395ed932ba6fa56d4\":[$validJson]}", "[$validJson]", ' with GeoJSON array' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], + // Bugs [ 'null', "\t\r\n ", 'T127345: whitespace-only tag content, ' ], + [ $xssJsonSanitized, "$xssJson", 'T134719: XSS via __proto__' ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/294412 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Kartographer Gerrit-Branch: REL1_27 Gerrit-Owner: MaxSemGerrit-Reviewer: MaxSem Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix XSS via __proto__ - change (mediawiki...Kartographer)
MaxSem has uploaded a new change for review. https://gerrit.wikimedia.org/r/294412 Change subject: SECURITY: Fix XSS via __proto__ .. SECURITY: Fix XSS via __proto__ Bug: T134719 Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 --- M includes/SimpleStyleParser.php M tests/phpunit/KartographerTest.php 2 files changed, 42 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Kartographer refs/changes/12/294412/1 diff --git a/includes/SimpleStyleParser.php b/includes/SimpleStyleParser.php index 1157748..714ab27 100644 --- a/includes/SimpleStyleParser.php +++ b/includes/SimpleStyleParser.php @@ -14,8 +14,6 @@ class SimpleStyleParser { private static $parsedProps = [ 'title', 'description' ]; - private static $recursedProps = [ 'geometry', 'geometries', 'features' ]; - /** @var Parser */ private $parser; @@ -145,15 +143,18 @@ return; } - if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { - $this->sanitizeProperties( $json->properties ); - } - - foreach ( self::$recursedProps as $prop ) { - if ( property_exists( $json, $prop ) ) { + foreach ( array_keys( get_object_vars( $json ) ) as $prop ) { + // https://phabricator.wikimedia.org/T134719 + if ( $prop[0] === '_' ) { + unset( $json->$prop ); + } else { $this->sanitize( $json->$prop ); } } + + if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { + $this->sanitizeProperties( $json->properties ); + } } /** diff --git a/tests/phpunit/KartographerTest.php b/tests/phpunit/KartographerTest.php index 4d5ad2e..47610c6 100644 --- a/tests/phpunit/KartographerTest.php +++ b/tests/phpunit/KartographerTest.php @@ -64,7 +64,37 @@ "marker-size": "medium", "marker-color": "0050d0" } - }'; + }'; + /** @noinspection HtmlUnknownTarget */ + $xssJson = '[ + { + "__proto__": { "some": "bad stuff" }, + "type": "Feature", + "geometry": { + "type": "Point", + "coordinates": [-122.3988, 37.8013] + }, + "properties": { + "__proto__": { "foo": "bar" }, + "title": "Foo bar" + } + }, + { + "type": "GeometryCollection", + "geometries": [ + { + "__proto__": "recurse me", + "type": "Point", + "coordinates": [ 0, 0 ], + "properties": { "__proto__": "is evil" } + } + ] + } +]'; + $xssJsonSanitized = '{"_a4d5387a1b7974bf854321421a36d913101f5724":[ + {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]},"properties":{"title":"Foo bar"}}, + {"type":"GeometryCollection","geometries":[{"type":"Point","coordinates":[0,0],"properties":{}}]} + ]}'; $wikitextJsonParsed = '{"_be34df99c99d1efd9eaa8eabc87a43f2541a67e5":[ {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]}, "properties":{"title":"scriptalert(document.cookie);\/script", @@ -79,8 +109,10 @@ [ "{\"_4622d19afa2e6480c327846395ed932ba6fa56d4\":[$validJson]}", "[$validJson]", ' with GeoJSON array' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], + // Bugs [ 'null', "\t\r\n ", 'T127345: whitespace-only tag content, ' ], + [ $xssJsonSanitized, "$xssJson", 'T134719: XSS via __proto__' ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/294412 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Kartographer Gerrit-Branch: REL1_27 Gerrit-Owner: MaxSem___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix XSS via __proto__ - change (mediawiki...Kartographer)
jenkins-bot has submitted this change and it was merged. Change subject: SECURITY: Fix XSS via __proto__ .. SECURITY: Fix XSS via __proto__ Bug: T134719 Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 --- M includes/SimpleStyleParser.php M tests/phpunit/KartographerTest.php 2 files changed, 41 insertions(+), 9 deletions(-) Approvals: MaxSem: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/SimpleStyleParser.php b/includes/SimpleStyleParser.php index 5acca96..48deb2e 100644 --- a/includes/SimpleStyleParser.php +++ b/includes/SimpleStyleParser.php @@ -17,8 +17,6 @@ class SimpleStyleParser { private static $parsedProps = [ 'title', 'description' ]; - private static $recursedProps = [ 'geometry', 'geometries', 'features' ]; - /** @var Parser */ private $parser; @@ -153,15 +151,18 @@ return; } - if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { - $this->sanitizeProperties( $json->properties ); - } - - foreach ( self::$recursedProps as $prop ) { - if ( property_exists( $json, $prop ) ) { + foreach ( array_keys( get_object_vars( $json ) ) as $prop ) { + // https://phabricator.wikimedia.org/T134719 + if ( $prop[0] === '_' ) { + unset( $json->$prop ); + } else { $this->sanitize( $json->$prop ); } } + + if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { + $this->sanitizeProperties( $json->properties ); + } } /** diff --git a/tests/phpunit/KartographerTest.php b/tests/phpunit/KartographerTest.php index 65c858e..8995c7c 100644 --- a/tests/phpunit/KartographerTest.php +++ b/tests/phpunit/KartographerTest.php @@ -67,8 +67,37 @@ "marker-size": "medium", "marker-color": "0050d0" } - }'; + }'; /** @noinspection HtmlUnknownTarget */ + $xssJson = '[ + { + "__proto__": { "some": "bad stuff" }, + "type": "Feature", + "geometry": { + "type": "Point", + "coordinates": [-122.3988, 37.8013] + }, + "properties": { + "__proto__": { "foo": "bar" }, + "title": "Foo bar" + } + }, + { + "type": "GeometryCollection", + "geometries": [ + { + "__proto__": "recurse me", + "type": "Point", + "coordinates": [ 0, 0 ], + "properties": { "__proto__": "is evil" } + } + ] + } +]'; + $xssJsonSanitized = '{"_a4d5387a1b7974bf854321421a36d913101f5724":[ + {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]},"properties":{"title":"Foo bar"}}, + {"type":"GeometryCollection","geometries":[{"type":"Point","coordinates":[0,0],"properties":{}}]} + ]}'; $wikitextJsonParsed = '{"_be34df99c99d1efd9eaa8eabc87a43f2541a67e5":[ {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]}, "properties":{"title":"scriptalert(document.cookie);\/script", @@ -98,8 +127,10 @@ }', 'Invalid JSON 6' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], + // Bugs [ 'null', "\t\r\n ", 'T127345: whitespace-only tag content, ' ], + [ $xssJsonSanitized, "$xssJson", 'T134719: XSS via __proto__' ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/294373 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Kartographer Gerrit-Branch: master Gerrit-Owner: MaxSemGerrit-Reviewer: MaxSem Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix XSS via __proto__ - change (mediawiki...Kartographer)
MaxSem has uploaded a new change for review. https://gerrit.wikimedia.org/r/294373 Change subject: SECURITY: Fix XSS via __proto__ .. SECURITY: Fix XSS via __proto__ Bug: T134719 Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 --- M includes/SimpleStyleParser.php M tests/phpunit/KartographerTest.php 2 files changed, 41 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Kartographer refs/changes/73/294373/1 diff --git a/includes/SimpleStyleParser.php b/includes/SimpleStyleParser.php index 5acca96..48deb2e 100644 --- a/includes/SimpleStyleParser.php +++ b/includes/SimpleStyleParser.php @@ -17,8 +17,6 @@ class SimpleStyleParser { private static $parsedProps = [ 'title', 'description' ]; - private static $recursedProps = [ 'geometry', 'geometries', 'features' ]; - /** @var Parser */ private $parser; @@ -153,15 +151,18 @@ return; } - if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { - $this->sanitizeProperties( $json->properties ); - } - - foreach ( self::$recursedProps as $prop ) { - if ( property_exists( $json, $prop ) ) { + foreach ( array_keys( get_object_vars( $json ) ) as $prop ) { + // https://phabricator.wikimedia.org/T134719 + if ( $prop[0] === '_' ) { + unset( $json->$prop ); + } else { $this->sanitize( $json->$prop ); } } + + if ( property_exists( $json, 'properties' ) && is_object( $json->properties ) ) { + $this->sanitizeProperties( $json->properties ); + } } /** diff --git a/tests/phpunit/KartographerTest.php b/tests/phpunit/KartographerTest.php index 65c858e..8995c7c 100644 --- a/tests/phpunit/KartographerTest.php +++ b/tests/phpunit/KartographerTest.php @@ -67,8 +67,37 @@ "marker-size": "medium", "marker-color": "0050d0" } - }'; + }'; /** @noinspection HtmlUnknownTarget */ + $xssJson = '[ + { + "__proto__": { "some": "bad stuff" }, + "type": "Feature", + "geometry": { + "type": "Point", + "coordinates": [-122.3988, 37.8013] + }, + "properties": { + "__proto__": { "foo": "bar" }, + "title": "Foo bar" + } + }, + { + "type": "GeometryCollection", + "geometries": [ + { + "__proto__": "recurse me", + "type": "Point", + "coordinates": [ 0, 0 ], + "properties": { "__proto__": "is evil" } + } + ] + } +]'; + $xssJsonSanitized = '{"_a4d5387a1b7974bf854321421a36d913101f5724":[ + {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]},"properties":{"title":"Foo bar"}}, + {"type":"GeometryCollection","geometries":[{"type":"Point","coordinates":[0,0],"properties":{}}]} + ]}'; $wikitextJsonParsed = '{"_be34df99c99d1efd9eaa8eabc87a43f2541a67e5":[ {"type":"Feature","geometry":{"type":"Point","coordinates":[-122.3988,37.8013]}, "properties":{"title":"scriptalert(document.cookie);\/script", @@ -98,8 +127,10 @@ }', 'Invalid JSON 6' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], [ $wikitextJsonParsed, "[{$this->wikitextJson}]", ' with parsable text and description' ], + // Bugs [ 'null', "\t\r\n ", 'T127345: whitespace-only tag content, ' ], + [ $xssJsonSanitized, "$xssJson", 'T134719: XSS via __proto__' ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/294373 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4b537f018c8d37491f46349ac9c764279123deb1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Kartographer Gerrit-Branch: master Gerrit-Owner: MaxSem___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits