From: Max Semenik Date: Mon, 13 Nov 2017 22:57:23 +0000 (-0800) Subject: Sanitizer::safeEncodeAttribute(): also encode ] X-Git-Tag: 1.31.0-rc.0~1439^2 X-Git-Url: https://git.cyclocoop.org/%27%20.%20%24this-%3EgetSkin%28%29-%3EescapeSearchLink%28%29%20.%20%27?a=commitdiff_plain;h=061f68e63b57299fccf18b074d22805a641e918d;p=lhc%2Fweb%2Fwiklou.git Sanitizer::safeEncodeAttribute(): also encode ] ...so that it wouldn't break wikilinks, too. Bug: T29694 Bug: T51672 Bug: T72875 Change-Id: I189bdefbc9034cf8d221a89d7158195de1c0fa6c --- diff --git a/includes/parser/Sanitizer.php b/includes/parser/Sanitizer.php index 4c996771e8..46cf2a54c2 100644 --- a/includes/parser/Sanitizer.php +++ b/includes/parser/Sanitizer.php @@ -1150,6 +1150,7 @@ class Sanitizer { '{' => '{', '}' => '}', // prevent unpaired language conversion syntax '[' => '[', + ']' => ']', "''" => '''', 'ISBN' => 'ISBN', 'RFC' => 'RFC', diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index a505cde6d4..6e9f9447d3 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -17774,7 +17774,7 @@ T4304: HTML attribute safety (link) !! wikitext
!! html -
+
!! end @@ -17837,7 +17837,7 @@ T4304: HTML attribute safety (named web link) !! wikitext
!! html -
+
!! end @@ -29705,3 +29705,27 @@ wgFragmentMode=[ 'html5', 'legacy' ]

#Foo bar

!! end + +!! test +T51672: Test for brackets in attributes of elements in external link texts +!! wikitext +[http://example.com/ link span] +[http://example.com/ link span] + +!! html/php +

link span +link span +

+!! end + +!! test +T72875: Test for brackets in attributes of elements in internal link texts +!! wikitext +[[Foo|link span]] +[[Foo|link span]] + +!! html/php +

link span +link span +

+!! end