Merge "Reserve data-mw and data-parsoid attribute prefix for trusted values"

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 4fc3209..b1b5da2 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -750,7 +750,15 @@ class Sanitizer {
                        }
 
                        # Allow any attribute beginning with "data-"
-                       if ( !preg_match( '/^data-(?!ooui)/i', $attribute ) && !isset( $whitelist[$attribute] ) ) {
+                       # However:
+                       # * data-ooui is reserved for ooui
+                       # * data-mw and data-parsoid are reserved for parsoid
+                       # * data-mw-<ext name here> is reserved for extensions (or core) if
+                       #   they need to communicate some data to the client and want to be
+                       #   sure that it isn't coming from an untrusted user.
+                       if ( !preg_match( '/^data-(?!ooui|mw|parsoid)/i', $attribute )
+                               && !isset( $whitelist[$attribute] )
+                       ) {
                                continue;
                        }
 

diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index 58860e9..c456fcb 100644 (file)
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -26339,3 +26339,12 @@ Empty LI (T49673)
 <li>b</li>
 </ul>
 !! end
+
+!! test
+reserved data attributes stripped
+!! wikitext
+<div data-mw="foo" data-parsoid="bar" data-mw-someext="baz" data-ok="fred" data-ooui="xyzzy">d</div>
+!! html
+<div data-ok="fred">d</div>
+
+!! end