(bug 41545) Allow kbd, samp, and var to be nested.

HTML5 has various semantics that allow -- or rather require --
<kbd> and <samp> and even <var> to be nested.

eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>
eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>

This fixes the sanitizer to permit their nesting and adds test cases to ensure that some
of HTML5's special semantics are permitted by our sanitizer and not broken.

Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 569a2b9..cf50bb8 100644 (file)
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -93,6 +93,7 @@ production.
 * A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
   strings will now start with digits 0 and 8-f as often as they should.
 * (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
+* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
 
 === API changes in 1.22 ===
 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index e757021..099d0af 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -399,7 +399,8 @@ class Sanitizer {
                        }
                        $htmlnest = array( # Tags that can be nested--??
                                'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul',
-                               'li', 'dl', 'dt', 'dd', 'font', 'big', 'small', 'sub', 'sup', 'span'
+                               'li', 'dl', 'dt', 'dd', 'font', 'big', 'small', 'sub', 'sup', 'span',
+                               'var', 'kbd', 'samp'
                        );
                        $tabletags = array( # Can only appear inside table, we will close them
                                'td', 'th', 'tr',

diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php
index c84f10c..159ea71 100644 (file)
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -101,18 +101,43 @@ class SanitizerTest extends MediaWikiTestCase {
                );
        }
 
-       function testSelfClosingTag() {
-               $this->setMwGlobals( array(
-                       'wgUseTidy' => false
-               ) );
-
-               $this->assertEquals(
-                       '<div>Hello world</div>',
-                       Sanitizer::removeHTMLtags( '<div>Hello world</div />' ),
-                       'Self-closing closing div'
+       function dataRemoveHTMLtags() {
+               return array(
+                       // former testSelfClosingTag
+                       array(
+                               '<div>Hello world</div />',
+                               '<div>Hello world</div>',
+                               'Self-closing closing div'
+                       ),
+                       // Make sure special nested HTML5 semantics are not broken
+                       // http://www.whatwg.org/html/text-level-semantics.html#the-kbd-element
+                       array(
+                               '<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
+                               '<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
+                               'Nested <kbd>.'
+                       ),
+                       // http://www.whatwg.org/html/text-level-semantics.html#the-sub-and-sup-elements
+                       array(
+                               '<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
+                               '<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
+                               'Nested <var>.'
+                       ),
+                       // http://www.whatwg.org/html/text-level-semantics.html#the-dfn-element
+                       array(
+                               '<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
+                               '<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
+                               '<abbr> inside <dfn>',
+                       ),
                );
        }
 
+       /**
+        * @dataProvider dataRemoveHTMLtags
+        */
+       function testRemoveHTMLtags( $input, $output, $msg = null ) {
+               $GLOBALS['wgUseTidy'] = false;
+               $this->assertEquals( $output, Sanitizer::removeHTMLtags( $input ), $msg );
+       }
 
        /**
         * @dataProvider provideTagAttributesToDecode