dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9efe7ab)
Sanitizer::safeEncodeAttribute(): also encode ]
authorMax Semenik <maxsem.wiki@gmail.com>
Mon, 13 Nov 2017 22:57:23 +0000 (14:57 -0800)
committerFomafix <fomafix@googlemail.com>
Thu, 16 Nov 2017 20:16:37 +0000 (21:16 +0100)
...so that it wouldn't break wikilinks, too.

Bug: T29694
Bug: T51672
Bug: T72875
Change-Id: I189bdefbc9034cf8d221a89d7158195de1c0fa6c

includes/parser/Sanitizer.php patch | blob | history
tests/parser/parserTests.txt patch | blob | history

diff --git a/includes/parser/Sanitizer.php b/includes/parser/Sanitizer.php
index 4c99677..46cf2a5 100644 (file)
--- a/includes/parser/Sanitizer.php
+++ b/includes/parser/Sanitizer.php
@@ -1150,6 +1150,7 @@ class Sanitizer {
                        '{'    => '&#123;',
                        '}'    => '&#125;', // prevent unpaired language conversion syntax
                        '['    => '&#91;',
+                       ']'    => '&#93;',
                        "''"   => '&#39;&#39;',
                        'ISBN' => '&#73;SBN',
                        'RFC'  => '&#82;FC',
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index a505cde..6e9f944 100644 (file)
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -17774,7 +17774,7 @@ T4304: HTML attribute safety (link)
 !! wikitext
 <div title="[[Main Page]]"></div>
 !! html
-<div title="&#91;&#91;Main Page]]"></div>
+<div title="&#91;&#91;Main Page&#93;&#93;"></div>
 
 !! end
 
@@ -17837,7 +17837,7 @@ T4304: HTML attribute safety (named web link)
 !! wikitext
 <div title="[http://example.com/ link]"></div>
 !! html
-<div title="&#91;http&#58;//example.com/ link]"></div>
+<div title="&#91;http&#58;//example.com/ link&#93;"></div>
 
 !! end
 
@@ -29705,3 +29705,27 @@ wgFragmentMode=[ 'html5', 'legacy' ]
 <p><a href="#Foo_bar">#Foo&#160;bar</a>
 </p>
 !! end
+
+!! test
+T51672: Test for brackets in attributes of elements in external link texts
+!! wikitext
+[http://example.com/ link <span title="title with [brackets]">span</span>]
+[http://example.com/ link <span title="title with &#91;brackets&#93;">span</span>]
+
+!! html/php
+<p><a rel="nofollow" class="external text" href="http://example.com/">link <span title="title with &#91;brackets&#93;">span</span></a>
+<a rel="nofollow" class="external text" href="http://example.com/">link <span title="title with &#91;brackets&#93;">span</span></a>
+</p>
+!! end
+
+!! test
+T72875: Test for brackets in attributes of elements in internal link texts
+!! wikitext
+[[Foo|link <span title="title with [[double brackets]]">span</span>]]
+[[Foo|link <span title="title with &#91;&#91;double brackets&#93;&#93;">span</span>]]
+
+!! html/php
+<p><a href="/wiki/Foo" title="Foo">link <span title="title with &#91;&#91;double brackets&#93;&#93;">span</span></a>
+<a href="/wiki/Foo" title="Foo">link <span title="title with &#91;&#91;double brackets&#93;&#93;">span</span></a>
+</p>
+!! end
Wiklou, le Wiki du Wiklou