Page MenuHomePhabricator

Sanitizer breaks microdata
Open, MediumPublic

Description

The "Sanitizer: Validating that <meta> and <link> work, but only for Microdata" test case expects that:
<link itemprop="hello" href="{{SERVER}}">
is expanded to
<link itemprop="hello" href="http&#58;//example.org" />
but that
<link rel="stylesheet" href="{{SERVER}}">
is sanitized to
&lt;link rel="stylesheet" href="<a rel="nofollow" class="external free" href="http://example.org">http://example.org</a>"&gt;

We currently render these as:
&lt;link itemprop="hello" href="{{SERVER}}"&gt

&lt;link rel="stylesheet" itemprop="hello" href="{{SERVER}}"&gt;

That is, the sanitizer is breaking metadata in the first example (which it
shouldn't) and {{SERVER}} isn't being expanded in either.


Version: unspecified
Severity: normal

Details

Reference
bz46826

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:37 AM
bzimport added a project: Parsoid.
bzimport set Reference to bz46826.
cscott created this task.Apr 3 2013, 2:44 AM

[Parsoid component reorg by merging JS/General and General. See bug 50685 for more information. Filter bugmail on this comment. parsoidreorg20130704]

Arlolra removed GWicke as the assignee of this task.Nov 25 2014, 8:10 PM
Arlolra set Security to None.
LGoto moved this task from Needs Triage to Backlog on the Parsoid board.Feb 17 2020, 4:43 PM
Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptFeb 17 2020, 4:43 PM

This 2013 bug is still a bug in 2020

[subbu@earth:~/work/wmf/parsoid] php bin/parserTests.php --blacklist false --filter 'Sanitizer: Validating that <meta> and <link> work, but only for Microdata' --wt2html tests/parserTests.txt 
Loaded blacklist from /home/subbu/work/wmf/parsoid/tests/parserTests-blacklist.json. Found 1629 entries!
=====================================================
UNEXPECTED FAIL: Sanitizer: Validating that <meta> and <link> work, but only for Microdata (wt2html)
OPTIONS:

INPUT:
<div itemscope>
	<meta itemprop="hello" content="world">
	<meta http-equiv="refresh" content="5">
	<meta itemprop="hello" http-equiv="refresh" content="5">
	<link itemprop="hello" href="{{SERVER}}">
	<link rel="stylesheet" href="{{SERVER}}">
	<link rel="stylesheet" itemprop="hello" href="{{SERVER}}">
</div>
RAW EXPECTED:
<div itemscope="">
<p>	<meta itemprop="hello" content="world" />
	&lt;meta http-equiv="refresh" content="5"&gt;
	<meta itemprop="hello" content="5" />
	<link itemprop="hello" href="http&#58;//example.org" />
	&lt;link rel="stylesheet" href="<a rel="nofollow" class="external free" href="http://example.org">http://example.org</a>"&gt;
	<link itemprop="hello" href="http&#58;//example.org" />
</p>
</div>
RAW RENDERED:
<div itemscope="" data-parsoid='{"stx":"html","dsr":[0,308,15,6]}'>
	<p data-parsoid='{"dsr":[17,301,0,0]}'>&lt;meta itemprop="hello" content="world">
	&lt;meta http-equiv="refresh" content="5">
	&lt;meta itemprop="hello" http-equiv="refresh" content="5">
	&lt;link itemprop="hello" href="{{SERVER}}">
	&lt;link rel="stylesheet" href="{{SERVER}}">
	&lt;link rel="stylesheet" itemprop="hello" href="{{SERVER}}"></p>
</div>
ssastry raised the priority of this task from Medium to High.May 15 2020, 9:37 PM
ssastry moved this task from Backlog to Bugs & Crashers on the Parsoid board.
MBinder_WMF lowered the priority of this task from High to Medium.Jul 16 2020, 6:26 PM
MBinder_WMF added a subscriber: MBinder_WMF.

Per @ssastry this is at least a couple quarters away

This is interesting. Hopefully it will fall out of work unifying the two Sanitizers: T247804: Move Sanitizer from core into Parsoid.