At Gabriel's behest, I've added some information about a test that
is inconsistent with the actual behavior of the parser. Please
consider fixing this if you have the time, else, the parser will
get fixed sometime in the future by someone on the parsoid team.
Change-Id: I2c5db4d9eab6f5f9e84aa354a22eeb2b5124bb0a
</p>
!! end
+# FIXME: This test (the IDN characters in the text of a link) is an inconsistency.
+# Where an external link could easily circumvent the sanitization of the text of
+# a link like this (where an IDN-ignore character is in the URL somewhere), this
+# test demands a higher standard. That's a bit strange.
+#
+# Example:
+#
+# http://example.com -> [http://example.com|http://example.com]
+# [http://example.com|http://example.com] -> [http://example.com|http://example.com]
+#
+# The first example is sanitized, but the second is not. Any security benefits
+# from this production are trivial to circumvent. Either remove this test and
+# let the parser(s) do their thing unaccosted, or fix the inconsistency and change
+# the test accordingly.
+#
+# All our love,
+# The Parsoid team.
!! test
External links: IDN ignored character reference in hostname; strip it right off
!! input