Page MenuHomePhabricator

Investigate crashers in
Closed, ResolvedPublic


The crash in enwiki:Wikipedia:WikiProject_Yugoslavia/Sidebar looks odd. Attributes seem to be able to bypass the sanitizer there, which is not good. We should investigate how that is possible, and make sure it is prevented.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 2:11 AM
bzimport added a project: Parsoid.
bzimport set Reference to bz55820.

Change 90287 had a related patch set uploaded by Arlolra:
Don't emit foster box in transclusion

The reason for the first crasher is the following template,

{{навигационная полоса

<table></table> }} What's happening is similar to the reason for dom.handleUnbalancedTables.js The <td> containing the inner table as content is built up in a few tokens, forcing the tree builder to close the table right before the inner table, stealing its fosterbox. That foster box is a child of <div> and has no siblings, hence the original error. I think the thing to do (as in the patch) is just not emit the foster box for the inner table. We aren't really even using it.

Change 90287 merged by jenkins-bot:
Don't emit foster box in transclusion

Change 90436 had a related patch set uploaded by Arlolra:
Only copy data-parsoid attr to shadow meta from el

Change 90436 merged by jenkins-bot:
Only copy data-parsoid attribute from element to shadow meta