From 22fe71315b0e836f44a3a8d195cadf6ba3711016 Mon Sep 17 00:00:00 2001
From: Daniel Friesen <daniel@nadir-seen-fire.com>
Date: Tue, 30 Oct 2012 06:34:56 -0700
Subject: [PATCH] (bug 41545) Allow kbd, samp, and var to be nested.

HTML5 has various semantics that allow -- or rather require --
<kbd> and <samp> and even <var> to be nested.

eg: <kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>
eg: <var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>

This fixes the sanitizer to permit their nesting and adds test cases to ensure that some
of HTML5's special semantics are permitted by our sanitizer and not broken.

Change-Id: I6ad64e6eb4c9b5bdc15be513f55c58f6717c3939
---
 RELEASE-NOTES-1.22                       |  1 +
 includes/Sanitizer.php                   |  3 +-
 tests/phpunit/includes/SanitizerTest.php | 43 +++++++++++++++++++-----
 3 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 569a2b9650..cf50bb8e3e 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -93,6 +93,7 @@ production.
 * A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
   strings will now start with digits 0 and 8-f as often as they should.
 * (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
+* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
 
 === API changes in 1.22 ===
 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index e757021ef8..099d0afb53 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -399,7 +399,8 @@ class Sanitizer {
 			}
 			$htmlnest = array( # Tags that can be nested--??
 				'table', 'tr', 'td', 'th', 'div', 'blockquote', 'ol', 'ul',
-				'li', 'dl', 'dt', 'dd', 'font', 'big', 'small', 'sub', 'sup', 'span'
+				'li', 'dl', 'dt', 'dd', 'font', 'big', 'small', 'sub', 'sup', 'span',
+				'var', 'kbd', 'samp'
 			);
 			$tabletags = array( # Can only appear inside table, we will close them
 				'td', 'th', 'tr',
diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php
index c84f10c9b7..159ea71dc5 100644
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -101,18 +101,43 @@ class SanitizerTest extends MediaWikiTestCase {
 		);
 	}
 
-	function testSelfClosingTag() {
-		$this->setMwGlobals( array(
-			'wgUseTidy' => false
-		) );
-
-		$this->assertEquals(
-			'<div>Hello world</div>',
-			Sanitizer::removeHTMLtags( '<div>Hello world</div />' ),
-			'Self-closing closing div'
+	function dataRemoveHTMLtags() {
+		return array(
+			// former testSelfClosingTag
+			array(
+				'<div>Hello world</div />',
+				'<div>Hello world</div>',
+				'Self-closing closing div'
+			),
+			// Make sure special nested HTML5 semantics are not broken
+			// http://www.whatwg.org/html/text-level-semantics.html#the-kbd-element
+			array(
+				'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
+				'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
+				'Nested <kbd>.'
+			),
+			// http://www.whatwg.org/html/text-level-semantics.html#the-sub-and-sup-elements
+			array(
+				'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
+				'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
+				'Nested <var>.'
+			),
+			// http://www.whatwg.org/html/text-level-semantics.html#the-dfn-element
+			array(
+				'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
+				'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
+				'<abbr> inside <dfn>',
+			),
 		);
 	}
 
+	/**
+	 * @dataProvider dataRemoveHTMLtags
+	 */
+	function testRemoveHTMLtags( $input, $output, $msg = null ) {
+		$GLOBALS['wgUseTidy'] = false;
+		$this->assertEquals( $output, Sanitizer::removeHTMLtags( $input ), $msg );
+	}
 
 	/**
 	 * @dataProvider provideTagAttributesToDecode
-- 
2.20.1