Last modified: 2006-06-04 01:05:02 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 4373 - Sanitizer does not replace non-open closing td and tr tags.
Sanitizer does not replace non-open closing td and tr tags.
Status: RESOLVED DUPLICATE of bug 5497
Product: MediaWiki
Classification: Unclassified
Parser (Other open bugs)
1.6.x
All All
: Low trivial (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-23 23:08 UTC by netocrat
Modified: 2006-06-04 01:05 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Escape non-open td and tr tags in the sanitizer. (193 bytes, patch)
2005-12-23 23:12 UTC, netocrat
Details
Correction to prevent the escaping of closing td and tr tags when legitimately open (399 bytes, patch)
2005-12-30 02:39 UTC, netocrat
Details
Cleans up the element arrays; apply over the previous (now accepted) patch (2.09 KB, patch)
2006-01-08 04:35 UTC, netocrat
Details

Description netocrat 2005-12-23 23:08:21 UTC
Sanitizer::removeHTMLtags('Table not started</td></tr></table>')
returns:
Table not started</td></tr>&lt;/table&gt;

Expected:
Table not started&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;

After applying the attached patch the function output is as expected.

[the above itself may be garbled due to the bug - I don't know if it's present
in bugzilla and if output of this description depends on it.  To clarify if
that's the case: the pre-patch return only escapes the < and > delimiters for
the closing table tag; post-patch they are also escaped for the closing td and
tr tags]
Comment 1 netocrat 2005-12-23 23:12:06 UTC
Created attachment 1231 [details]
Escape non-open td and tr tags in the sanitizer.
Comment 2 netocrat 2005-12-23 23:23:40 UTC
Comment on attachment 1231 [details]
Escape non-open td and tr tags in the sanitizer.

The check for a tag of "single" type is mistaken since even single types cannot
be closed as </singletag> when not already open.
Comment 3 netocrat 2005-12-30 02:39:28 UTC
Created attachment 1250 [details]
Correction to prevent the escaping of closing td and tr tags when legitimately open

This corrects the previous patch by allowing opening tr, td, li, dt and dd tags
to be added to the tagstack and thereby preventing their legitimate closing
tags from being escaped (an unintended side-effect of the previous patch).

In making this correction I found that all functional use of the $htmlsingle
array has been removed, so the behaviour it was supporting - allowing closing
tags for non-open td, tr, li, dt and dd elements to pass through unescaped -
appears to be by design.  I can't see why that would be desirable but there may
be a reason that escapes me.
Comment 4 Ævar Arnfjörð Bjarmason 2006-01-07 05:00:55 UTC
FIXED in CVS HEAD, thanks for the patch

There's a parsertest for this bug called "Sanitizer: Closing of closed but not
open table tags"
Comment 5 netocrat 2006-01-08 04:35:40 UTC
Created attachment 1274 [details]
Cleans up the element arrays; apply over the previous (now accepted) patch

Since the corrective patch was accepted, here's a patch to clean things up on
top of it:
* remove the now unused $htmlsingle array
* use array_merge instead of repeating elements in arrays.

Btw, is normal process to submit a new bug, reopen this bug or submit the patch
by some other method?  I've left this bug as closed since this patch doesn't
actually correct any visible behaviour or add new features.
Comment 6 netocrat 2006-01-12 05:05:20 UTC
Reopened and keywords need-review and patch added as I suspect the cleanup patch
will get lost in the woodwork without doing that.
Comment 7 Brion Vibber 2006-06-04 01:05:02 UTC
Duping to bug 5497, where I've got a complete rewrite of the nesting handling.

*** This bug has been marked as a duplicate of 5497 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links