From 55313f4eaf363d70842c64d964c80796b6f6a761 Mon Sep 17 00:00:00 2001 From: Arlo Breault Date: Wed, 27 Jan 2016 20:21:35 -0800 Subject: [PATCH] Remove use of explodeMarkup * At that point, element attributes are already escaped so it serves no purpose. Before `doTableStuff` is called, `Sanitizer::removeHTMLtags` has been invoked which calls `Sanitizer::fixTagAttributes` which calls `Sanitizer::safeEncodeTagAttributes` and finally gets down to `Sanitizer::safeEncodeAttribute`, with the goal of "extra armoring against further wiki processing." Change-Id: Ieeb9b21148c2909eb839d13195d7d10012b48e3b --- includes/parser/Parser.php | 6 +++--- tests/parser/parserTests.txt | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index 5f7e89ce7d..f947285942 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -1113,15 +1113,15 @@ class Parser { $line = substr( $line, 1 ); } + // Implies both are valid for table headings. if ( $first_character === '!' ) { $line = str_replace( '!!', '||', $line ); } # Split up multiple cells on the same line. # FIXME : This can result in improper nesting of tags processed - # by earlier parser steps, but should avoid splitting up eg - # attribute values containing literal "||". - $cells = StringUtils::explodeMarkup( '||', $line ); + # by earlier parser steps. + $cells = explode( '||', $line ); $outLine = ''; diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 078fa6c07a..d866ed8699 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -6334,6 +6334,24 @@ parsoid=wt2html,html2html " onmouseover="alert(document.cookie)">test !! end +!! test +! and || in element attributes should not be parsed as / +!! wikitext +{| +|
hi
+|} +!! html/php + + +
hi
+
+ +!! html/parsoid + + +
hi
+!! end + # FIXME: The output seems broken. Filed as T110268. !! test ! and || in td attributes should not be parsed as / -- 2.20.1