Page MenuHomePhabricator
Create Task
Maniphest T295168

Ensure <meta typeof="..."> in Parser/Parsoid HTML can't be spoofed from wikitext
Open, MediumPublic
Actions

Description

The core sanitizer generally allows <meta> tags in wikitext as long as they have content and itemprop attributes. That means that the following might make it intact from wikitext into HTML, and then confuse the Parsoid html2wt code:

<meta typeof="mw:Annotation/translate" itemprop="foo" content="bar">
<meta property="mw:PageProp/toc" itemprop="foo" content="bar">

Parsoid contains code in the tokenizer to remap typeof attributes, but it's not clear that the new Annotation code uses those pathways. The page property metas don't use typeof at all, which impacts ToC spoofing. And of course, none of the Parsoid remapping, done in Parsoid's copy of the Sanitizer, is done in core's copy of the Sanitizer (yet): T248211: One Sanitizer to Rule Them All/T247804: Move Sanitizer from core into Parsoid

The MediaWiki DOM Spec briefly mentions "User-supplied RDFa with the mw prefix is moved to a non-clashing prefix in Parsoid." but I don't think we document anywhere (except in code) exactly how that mapping is done.

So this task is to:

  • decide on a uniform attribute sanitization/remapping process to ensure that Parsoid <meta> tags aren't spoofable from wikitext content, while allowing wikitext content maximum flexibility for authoring non-conflicting <meta> tags (see T48826: Sanitizer breaks microdata).
  • implement it both in the core Sanitizer and Parsoid (or in the T248211: One Sanitizer to Rule Them All)
  • document this remapping clearly in the MediaWiki DOM Spec
  • add test cases to show that spoofing isn't possible and protect against future regressions

See comments on https://gerrit.wikimedia.org/r/c/mediawiki/services/parsoid/+/702996 for some places which likely need attention.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenReleaseNoneT84936 Release VisualEditor-MediaWiki as "1.0"
 OpenNoneT50429 [Epic] Support editing parts of a page in VisualEditor-MediaWiki
 OpenNoneT54365 Explore performance gains from progressive (JIT?) de-alienation in VisualEditor
 OpenNoneT396539 Introduce a way to edit a span of text from within read mode
 OpenNoneT393717 Put lints in ParserOutput/RefreshLinksJob
 OpenBUG REPORTNoneT393682 Wikifunctions fragments that trigger errors and try to put the page in a tracking category show it at the bottom of the view page, but the pages using the fragment do not appear on the category page
 OpenNoneT409815 SLI: MediaWiki system load
 OpenNoneT393716 [EPIC] RefreshLinksJob should use Parsoid-generated metadata
 OpenNoneT385558 Improve copy and paste from read mode to VE
 OpenNoneT174303 Copy-pasting linked ISBN numbers from view mode HTML into VisualEditor inserts wikitext links to Special:BookSources (it should turn them into magic links?)
 OpenFeatureNoneT54091 The read HTML should have hinting to allow full DOM copying (as opposed to just rich copying) from read mode into VE surfaces
 OpenNoneT55784 [EPIC] Use Parsoid HTML for all page views
 OpenNoneT272987 [EPIC] Parsoid read views for DiscussionTools
 OpenNoneT297840 Populate ParserCache with Parsoid output as a post-edit hook
 ResolvedssastryT310510 Discussion tools visual diff testing between parsoid read views and legacy read views
 OpenNoneT310511 Metadata comparison testing between Parsoid and the legacy parser
 OpenNoneT310512 Parsoid and the legacy parser should emit exactly the same ParserOutput metadata
 OpenNoneT305159 Improve coverage of the ContentMetadataCollector interface
 OpenNoneT331483 Resolve differences between Parsoid & legacy parser TOC metadata output for template, extension, and parser-function generated content
 ResolvedcscottT213468 Parsoid section IDs don't correspond to PHP section IDs when headings are transcluded
 ResolvedABreault-WMFT215628 Make Parsoid and PHP edit-section numbering consistent when <noinclude> and <includeonly> are in use
 ResolvedcscottT214538 MediaWiki shouldn't assign section numbers during tokenization, but instead only when headings are generated
 OpencscottT359221 Parsoid's TOC handling needs to deal with HTML-returning components (exts, SPTs, parser funcs returning HTML) consistently
 ResolvedssastryT359450 Parsoid is not adding headings to TOC entries in some templated content scenarios
 ResolvedJgiannelosT402456 More Parsoid TOC edge cases?
 OpenJgiannelosT415554 From TOC difftesting (legacy/parsoid): Differences in template handling from sections
 OpenJgiannelosT415558 From TOC difftesting (legacy/parsoid): Mismatch when sections come from the same article
 OpenJgiannelosT415563 From TOC difftesting (legacy/parsoid): Inconsistent index level between legacy and parsoid
 OpenJgiannelosT415565 From TOC difftesting (legacy/parsoid): Section titles wrapped in html elements on parsoid
 ResolvedJgiannelosT403188 Implement TOC comparison in Linter extension
 ResolveddanielT325567 Document how to safely make changes to ParserOutput serialization
 ResolvedcscottT355952 "PHP Deprecated: Use of MediaWiki\Parser\ParserOutput::setTOCHTML was deprecated in MediaWiki 1.40" in PHPUnit tests
 OpenNoneT353570 Clean up old ParserCache serialization test cases
 ResolvedovasilevaT283505 [EPIC] Fixed "sticky" site header
 ResolvedssastryT270199 Table of contents in Parsoid output
 OpenNoneT293513 Deprecate and remove ParserOutput::setTOCHTML()
 ResolvedcscottT295169 Parser TOC placeholder should be a meta tag
 ResolvedmatmarexT218330 Table of contents HTML may be unbalanced
 OpenNoneT48826 Sanitizer breaks microdata
 OpenBUG REPORTNoneT257227 Meta tag displayed in Japanese article infobox
 OpenNoneT248211 One Sanitizer to Rule Them All
 OpenNoneT295168 Ensure <meta typeof="..."> in Parser/Parsoid HTML can't be spoofed from wikitext

Event Timeline

cscott created this task.Nov 5 2021, 3:54 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 5 2021, 3:54 PM
cscott added parent tasks: T48826: Sanitizer breaks microdata, T257227: Meta tag displayed in Japanese article infobox, T248211: One Sanitizer to Rule Them All.Nov 5 2021, 4:01 PM
cscott added a parent task: T295169: Parser TOC placeholder should be a meta tag.Nov 5 2021, 4:04 PM
Izno subscribed.Nov 5 2021, 4:20 PM
Legoktm subscribed.Nov 5 2021, 4:58 PM
Arlolra subscribed.Nov 5 2021, 6:59 PM

add test cases to show that spoofing isn't possible and protect against future regressions

The parserTest "Strip reserved data attributes" exists, as a start

Arlolra triaged this task as Medium priority.Nov 5 2021, 7:01 PM
Arlolra moved this task from Needs Triage to Tech Debt / Big changes on the Parsoid board.
Aklapper removed cscott as the assignee of this task.May 16 2024, 4:29 PM

@cscott: Removing task assignee as this open task has been assigned for more than two years - see the email sent to all task assignees on 2024-04-15.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome! :)
If this task has been resolved in the meantime, or should not be worked on by anybody ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits