* At that point, element attributes are already escaped so it serves no
purpose. Before `doTableStuff` is called, `Sanitizer::removeHTMLtags`
has been invoked which calls `Sanitizer::fixTagAttributes` which
calls `Sanitizer::safeEncodeTagAttributes` and finally gets down to
`Sanitizer::safeEncodeAttribute`, with the goal of "extra armoring
against further wiki processing."
Change-Id: Ieeb9b21148c2909eb839d13195d7d10012b48e3b
$line = substr( $line, 1 );
}
+ // Implies both are valid for table headings.
if ( $first_character === '!' ) {
$line = str_replace( '!!', '||', $line );
}
# Split up multiple cells on the same line.
# FIXME : This can result in improper nesting of tags processed
- # by earlier parser steps, but should avoid splitting up eg
- # attribute values containing literal "||".
- $cells = StringUtils::explodeMarkup( '||', $line );
+ # by earlier parser steps.
+ $cells = explode( '||', $line );
$outLine = '';
<td data-parsoid='{"startTagSrc":"| ","attrSepSrc":"|","autoInsertedEnd":true}'><a rel="mw:ExtLink" href="ftp://|x||"></a>" onmouseover="alert(document.cookie)">test</td></tr></tbody></table>
!! end
+!! test
+! and || in element attributes should not be parsed as <th>/<td>
+!! wikitext
+{|
+| <div style="color: red !important;" data-contrived="put this here ||">hi</div>
+|}
+!! html/php
+<table>
+<tr>
+<td> <div style="color: red !important;" data-contrived="put this here ||">hi</div>
+</td></tr></table>
+
+!! html/parsoid
+<table>
+<tbody><tr><td> <div style="color: red !important;" data-contrived="put this here ||" data-parsoid='{"stx":"html"}'>hi</div></td></tr>
+</tbody></table>
+!! end
+
# FIXME: The output seems broken. Filed as T110268.
!! test
! and || in td attributes should not be parsed as <th>/<td>