T73394-escape_gt-REL1_19.patch
csteipp (Chris Steipp)
Actions

Authored By

	csteipp
	Mar 24 2015, 10:34 PM

Size

3 KB

Referenced Files

None

Subscribers

None

T73394-escape_gt-REL1_19.patch
View Options

	From bc0bf7c258e94fb7bcee711f6e8c582ea731b3f0 Mon Sep 17 00:00:00 2001
	From: csteipp <csteipp@wikimedia.org>
	Date: Tue, 24 Mar 2015 15:32:13 -0700
	Subject: [PATCH] SECURITY: Escape > in Html::expandAttributes

	Escape > characters in attributes, so we don't confuse post-processing,
	like LanguageConverter.

	Bug: T73394
	Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
	---
	includes/Html.php \| 7 +++++--
	tests/parser/parserTests.txt \| 4 ++--
	2 files changed, 7 insertions(+), 4 deletions(-)

	diff --git a/includes/Html.php b/includes/Html.php
	index 2187b5b..7fa901f 100644
	--- a/includes/Html.php
	+++ b/includes/Html.php
	@@ -525,17 +525,20 @@ class Html {
	} else {
	# Apparently we need to entity-encode \n, \r, \t, although the
	# spec doesn't mention that. Since we're doing strtr() anyway,
	- # and we don't need <> escaped here, we may as well not call
	- # htmlspecialchars().
	+ # we may as well not call htmlspecialchars().
	# @todo FIXME: Verify that we actually need to
	# escape \n\r\t here, and explain why, exactly.
	#
	# We could call Sanitizer::encodeAttribute() for this, but we
	# don't because we're stubborn and like our marginal savings on
	# byte size from not having to encode unnecessary quotes.
	+ # The only difference between this transform and the one by
	+ # Sanitizer::encodeAttribute() is '<' is only encoded here if
	+ # $wgWellFormedXml is set, and ' is not encoded.
	$map = array(
	'&' => '&',
	'"' => '"',
	+ '>' => '>',
	"\n" => ' ',
	"\r" => ' ',
	"\t" => ' '
	diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
	index c833ef0..22fe118 100644
	--- a/tests/parser/parserTests.txt
	+++ b/tests/parser/parserTests.txt
	@@ -4506,7 +4506,7 @@ section 5
	<li class="toclevel-1 tocsection-5"><a href="#text_.22_text"><span class="tocnumber">5</span> <span class="toctext">text " text</span></a></li>
	</ul>
	</td></tr></table>
	-<h2><span class="editsection">[<a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: text > text">edit</a>]</span> <span class="mw-headline" id="text_.3E_text"> text > text </span></h2>
	+<h2><span class="editsection">[<a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: text > text">edit</a>]</span> <span class="mw-headline" id="text_.3E_text"> text > text </span></h2>
	<p>section 1
	</p>
	<h2><span class="editsection">[<a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: text < text">edit</a>]</span> <span class="mw-headline" id="text_.3C_text"> text < text </span></h2>
	@@ -9165,7 +9165,7 @@ __TOC__
	</ul>
	</td></tr></table>
	<h2><span class="editsection">[<a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: Hello">edit</a>]</span> <span class="mw-headline" id="Hello"> <sup class="in-h2">Hello</sup> </span></h2>
	-<h2><span class="editsection">[<a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: b">Evilbye">edit</a>]</span> <span class="mw-headline" id="b.22.3EEvilbye"> <sup> b">Evilbye</sup> </span></h2>
	+<h2><span class="editsection">[<a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: b">Evilbye">edit</a>]</span> <span class="mw-headline" id="b.22.3EEvilbye"> <sup> b">Evilbye</sup> </span></h2>

	!! end

	--
	1.8.4.5

File Metadata

Mime Type: text/x-diff
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 100692
Default Alt Text: T73394-escape_gt-REL1_19.patch (3 KB)

T73394-escape_gt-REL1_19.patchcsteipp (Chris Steipp)Actions

T73394-escape_gt-REL1_19.patchView Options

File Metadata

Event Timeline

T73394-escape_gt-REL1_19.patch
csteipp (Chris Steipp)
Actions

T73394-escape_gt-REL1_19.patch
View Options