Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F43922
T73394-escape_gt.patch
csteipp (Chris Steipp)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
csteipp
Feb 19 2015, 11:26 PM
2015-02-19 23:26:12 (UTC+0)
Size
3 KB
Referenced Files
None
Subscribers
None
T73394-escape_gt.patch
View Options
From d7b5482790f74bb6e2661280eda428d1fafe7ebb Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Thu, 19 Feb 2015 15:05:40 -0800
Subject: [PATCH] SECURITY: Escape > in Html::expandAttributes
Escape > characters in attributes, so we don't confuse post-processing,
like LanguageConverter.
Bug: T73394
Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
---
includes/Html.php | 7 +++++--
tests/parser/parserTests.txt | 4 ++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/includes/Html.php b/includes/Html.php
index 93a1a04..cdfb0f1 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -608,17 +608,20 @@ class Html {
} else {
// Apparently we need to entity-encode \n, \r, \t, although the
// spec doesn't mention that. Since we're doing strtr() anyway,
- // and we don't need <> escaped here, we may as well not call
- // htmlspecialchars().
+ // we may as well not call htmlspecialchars().
// @todo FIXME: Verify that we actually need to
// escape \n\r\t here, and explain why, exactly.
#
// We could call Sanitizer::encodeAttribute() for this, but we
// don't because we're stubborn and like our marginal savings on
// byte size from not having to encode unnecessary quotes.
+ // The only difference between this transform and the one by
+ // Sanitizer::encodeAttribute() is '<' is only encoded here if
+ // $wgWellFormedXml is set, and ' is not encoded.
$map = array(
'&' => '&',
'"' => '"',
+ '>' => '>',
"\n" => ' ',
"\r" => ' ',
"\t" => '	'
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index cc66280..fb223a8 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -13576,7 +13576,7 @@ section 5
</ul>
</div>
-<h2><span class="mw-headline" id="text_.3E_text">text > text</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: text > text">edit</a><span class="mw-editsection-bracket">]</span></span></h2>
+<h2><span class="mw-headline" id="text_.3E_text">text > text</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: text > text">edit</a><span class="mw-editsection-bracket">]</span></span></h2>
<p>section 1
</p>
<h2><span class="mw-headline" id="text_.3C_text">text < text</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: text < text">edit</a><span class="mw-editsection-bracket">]</span></span></h2>
@@ -19201,7 +19201,7 @@ __TOC__
</div>
<h2><span class="mw-headline" id="Hello"><sup class="in-h2">Hello</sup></span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=1" title="Edit section: Hello">edit</a><span class="mw-editsection-bracket">]</span></span></h2>
-<h2><span class="mw-headline" id="b.22.3EEvilbye"><sup> b">Evilbye</sup></span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: b">Evilbye">edit</a><span class="mw-editsection-bracket">]</span></span></h2>
+<h2><span class="mw-headline" id="b.22.3EEvilbye"><sup> b">Evilbye</sup></span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Parser_test&action=edit&section=2" title="Edit section: b">Evilbye">edit</a><span class="mw-editsection-bracket">]</span></span></h2>
!! end
--
1.8.4.5
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
41925
Default Alt Text
T73394-escape_gt.patch (3 KB)
Attached To
Mode
T73394: XSS in language converter when used with Html class's tricky escaping
Attached
Detach File
Event Timeline
Log In to Comment