netocrat wrote:

Escape non-open td and tr tags in the sanitizer.

attachment sanitiser.td.tr.patch ignored as obsolete

netocrat wrote:

Comment on attachment 1231
Escape non-open td and tr tags in the sanitizer.

The check for a tag of "single" type is mistaken since even single types cannot
be closed as </singletag> when not already open.

netocrat wrote:

Correction to prevent the escaping of closing td and tr tags when legitimately open

This corrects the previous patch by allowing opening tr, td, li, dt and dd tags
to be added to the tagstack and thereby preventing their legitimate closing
tags from being escaped (an unintended side-effect of the previous patch).

In making this correction I found that all functional use of the $htmlsingle
array has been removed, so the behaviour it was supporting - allowing closing
tags for non-open td, tr, li, dt and dd elements to pass through unescaped -
appears to be by design. I can't see why that would be desirable but there may
be a reason that escapes me.

Attached:

avarab wrote:

FIXED in CVS HEAD, thanks for the patch

There's a parsertest for this bug called "Sanitizer: Closing of closed but not
open table tags"

netocrat wrote:

Cleans up the element arrays; apply over the previous (now accepted) patch

Since the corrective patch was accepted, here's a patch to clean things up on
top of it:

• remove the now unused $htmlsingle array
• use array_merge instead of repeating elements in arrays.

Btw, is normal process to submit a new bug, reopen this bug or submit the patch
by some other method? I've left this bug as closed since this patch doesn't
actually correct any visible behaviour or add new features.

Attached:

netocrat wrote:

Reopened and keywords need-review and patch added as I suspect the cleanup patch
will get lost in the woodwork without doing that.

Duping to bug 5497, where I've got a complete rewrite of the nesting handling.

• This bug has been marked as a duplicate of 5497 ***