Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34277806
foo.patch
cscott (C. Scott Ananian)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
cscott
Apr 7 2021, 6:42 PM
2021-04-07 18:42:52 (UTC+0)
Size
564 B
Referenced Files
None
Subscribers
None
foo.patch
View Options
diff --git a/src/Utils/WTUtils.php b/src/Utils/WTUtils.php
index 6ad970aea..305085425 100644
--- a/src/Utils/WTUtils.php
+++ b/src/Utils/WTUtils.php
@@ -725,6 +725,7 @@ class WTUtils {
// Now encode '-', '>' and '&' in the "true value" as HTML entities,
// so that they can be safely embedded in an HTML comment.
// This part doesn't have to map strings 1-to-1.
+ // XXX This is actually the part which protects the "-type" key
return preg_replace_callback( '/[->&]/', function ( $m ) {
return Utils::entityEncodeAll( $m[0] );
}, $trueValue );
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8977532
Default Alt Text
foo.patch (564 B)
Attached To
Mode
T279451: CVE-2021-30458: Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags
Attached
Detach File
Event Timeline
Log In to Comment