Closed, ResolvedPublic
Actions

Assigned To

Authored By

	• GWicke
	Oct 17 2013, 12:39 AM

Description

The crash in enwiki:Wikipedia:WikiProject_Yugoslavia/Sidebar looks odd. Attributes seem to be able to bypass the sanitizer there, which is not good. We should investigate how that is possible, and make sure it is prevented.

Version: unspecified
Severity: normal

Details

Reference: bz55820

Event Timeline

• bzimport raised the priority of this task from to High.Nov 22 2014, 2:11 AM

• bzimport added a project: Parsoid.

• bzimport set Reference to bz55820.

• GWicke created this task.Oct 17 2013, 12:39 AM

Change 90287 had a related patch set uploaded by Arlolra:
Don't emit foster box in transclusion

https://gerrit.wikimedia.org/r/90287

The reason for the first crasher is the following template,

{{навигационная полоса

стиль_нечетных=

содержание=

<table></table> }} What's happening is similar to the reason for dom.handleUnbalancedTables.js The <td> containing the inner table as content is built up in a few tokens, forcing the tree builder to close the table right before the inner table, stealing its fosterbox. That foster box is a child of <div> and has no siblings, hence the original error. I think the thing to do (as in the patch) is just not emit the foster box for the inner table. We aren't really even using it.

Change 90287 merged by jenkins-bot:
Don't emit foster box in transclusion

https://gerrit.wikimedia.org/r/90287

Change 90436 had a related patch set uploaded by Arlolra:
Only copy data-parsoid attr to shadow meta from el

https://gerrit.wikimedia.org/r/90436

Change 90436 merged by jenkins-bot:
Only copy data-parsoid attribute from element to shadow meta

https://gerrit.wikimedia.org/r/90436

Investigate crashers in https://gerrit.wikimedia.org/r/#/c/90180/Closed, ResolvedPublicActions

Description

Details

Event Timeline

Investigate crashers in https://gerrit.wikimedia.org/r/#/c/90180/
Closed, ResolvedPublic
Actions