Sanitizer breaks microdata
Open, MediumPublic
Actions

Assigned To

None

Authored By

	cscott
	Apr 3 2013, 2:44 AM

Description

The "Sanitizer: Validating that <meta> and <link> work, but only for Microdata" test case expects that:
<link itemprop="hello" href="{{SERVER}}">
is expanded to
<link itemprop="hello" href="http://example.org" />
but that
<link rel="stylesheet" href="{{SERVER}}">
is sanitized to
<link rel="stylesheet" href="<a rel="nofollow" class="external free" href="http://example.org">http://example.org</a>">

We currently render these as:
<link itemprop="hello" href="{{SERVER}}"&gt

&lt;link rel="stylesheet" itemprop="hello" href="{{SERVER}}"&gt;

That is, the sanitizer is breaking metadata in the first example (which it
shouldn't) and {{SERVER}} isn't being expanded in either.

Version: unspecified
Severity: normal

Details

Reference: bz46826

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T48826 Sanitizer breaks microdata
Open		None	T247804 Move Sanitizer from core into Parsoid
Resolved	Goal	cscott	T239660 Integrate Parsoid/PHP with core as a composer library
Resolved		cscott	T213494 Installing composer modules for deployment
Resolved		cscott	T240054 Move top level namespace from Parsoid to Wikimedia\Parsoid
Resolved		cscott	T240055 Craft a deployment strategy to transition Parsoid/PHP from a faux extension to a composer library without breaking incoming requests
Resolved		Dzahn	T245877 Give all members of the Parsing team production `deployment` access ( add arlolra to deployers)
Declined		Jdforrester-WMF	T245886 Create /srv/mediawiki/parsoid-vendor on production MW appservers, a check out of vendor.git's parsoid branch
Resolved		Jdforrester-WMF	T246854 Replace deployment-mediawiki-parsoid10 with a "purer" deployment-parsoid11 box
Resolved		Jdforrester-WMF	T247147 Puppet fails on Beta Cluster because "did not find a value for the name 'profile::envoy::ensure'"
Resolved		Krenair	T246937 deployment-puppetmaster04 disc use exploding
Resolved		Krenair	T247151 Puppet fails on Beta Cluster because Safe_service_restart is expecting lvs_services set though `has_lvs: false`
Resolved		Dzahn	T247480 Sync parsoid11 config from Horizon back to puppet git
Resolved		Krenair	T247545 Fix scap on deployment-parsoid11
Resolved		cscott	T247589 Parsoid-PHP should be publicly accessible in beta
Open		None	T204279 Fine-grained Sanitizer control
Open		cscott	T295168 Ensure <meta typeof="..."> in Parser/Parsoid HTML can't be spoofed from wikitext

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:37 AM

• bzimport added a project: Parsoid.

• bzimport set Reference to bz46826.

cscott created this task.Apr 3 2013, 2:44 AM

[Parsoid component reorg by merging JS/General and General. See bug 50685 for more information. Filter bugmail on this comment. parsoidreorg20130704]

Arlolra removed • GWicke as the assignee of this task.Nov 25 2014, 8:10 PM

Arlolra set Security to None.

LGoto moved this task from Needs Triage to Backlog on the Parsoid board.Feb 17 2020, 4:43 PM

Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptFeb 17 2020, 4:43 PM

This 2013 bug is still a bug in 2020

[subbu@earth:~/work/wmf/parsoid] php bin/parserTests.php --blacklist false --filter 'Sanitizer: Validating that <meta> and <link> work, but only for Microdata' --wt2html tests/parserTests.txt 
Loaded blacklist from /home/subbu/work/wmf/parsoid/tests/parserTests-blacklist.json. Found 1629 entries!
=====================================================
UNEXPECTED FAIL: Sanitizer: Validating that <meta> and <link> work, but only for Microdata (wt2html)
OPTIONS:

INPUT:
<div itemscope>
	<meta itemprop="hello" content="world">
	<meta http-equiv="refresh" content="5">
	<meta itemprop="hello" http-equiv="refresh" content="5">
	<link itemprop="hello" href="{{SERVER}}">
	<link rel="stylesheet" href="{{SERVER}}">
	<link rel="stylesheet" itemprop="hello" href="{{SERVER}}">
</div>
RAW EXPECTED:
<div itemscope="">
<p>	<meta itemprop="hello" content="world" />
	&lt;meta http-equiv="refresh" content="5"&gt;
	<meta itemprop="hello" content="5" />
	<link itemprop="hello" href="http&#58;//example.org" />
	&lt;link rel="stylesheet" href="<a rel="nofollow" class="external free" href="http://example.org">http://example.org</a>"&gt;
	<link itemprop="hello" href="http&#58;//example.org" />
</p>
</div>
RAW RENDERED:
<div itemscope="" data-parsoid='{"stx":"html","dsr":[0,308,15,6]}'>
	<p data-parsoid='{"dsr":[17,301,0,0]}'>&lt;meta itemprop="hello" content="world">
	&lt;meta http-equiv="refresh" content="5">
	&lt;meta itemprop="hello" http-equiv="refresh" content="5">
	&lt;link itemprop="hello" href="{{SERVER}}">
	&lt;link rel="stylesheet" href="{{SERVER}}">
	&lt;link rel="stylesheet" itemprop="hello" href="{{SERVER}}"></p>
</div>

ssastry raised the priority of this task from Medium to High.May 15 2020, 9:37 PM

ssastry moved this task from Backlog to Bugs & Crashers on the Parsoid board.

ssastry mentioned this in T257227: Meta tag displayed in Japanese article infobox.Jul 13 2020, 11:08 PM

ssastry added a project: Parsoid-Rendering.Jul 16 2020, 3:13 AM