From 56e7fe062f65a469d02477ec16b77615c4b23a14 Mon Sep 17 00:00:00 2001 From: Mark Holmquist Date: Wed, 15 Aug 2012 15:44:35 -0700 Subject: [PATCH] Add in a comment about some funky behavior At Gabriel's behest, I've added some information about a test that is inconsistent with the actual behavior of the parser. Please consider fixing this if you have the time, else, the parser will get fixed sometime in the future by someone on the parsoid team. Change-Id: I2c5db4d9eab6f5f9e84aa354a22eeb2b5124bb0a --- tests/parser/parserTests.txt | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 0f2165de0c..23067c16d9 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -1604,6 +1604,23 @@ External links: [IDN ignored character reference in hostname; strip it right off

!! end +# FIXME: This test (the IDN characters in the text of a link) is an inconsistency. +# Where an external link could easily circumvent the sanitization of the text of +# a link like this (where an IDN-ignore character is in the URL somewhere), this +# test demands a higher standard. That's a bit strange. +# +# Example: +# +# http://e‌xample.com -> [http://example.com|http://example.com] +# [http://example.com|http://e‌xample.com] -> [http://example.com|http://e‌xample.com] +# +# The first example is sanitized, but the second is not. Any security benefits +# from this production are trivial to circumvent. Either remove this test and +# let the parser(s) do their thing unaccosted, or fix the inconsistency and change +# the test accordingly. +# +# All our love, +# The Parsoid team. !! test External links: IDN ignored character reference in hostname; strip it right off !! input -- 2.20.1