Don't replace !! in elements

* 55313f4e almost got it right, but missed the str_replacing table headings. * Thankfully, this was doubly broken before that patch since the StringUtils::explodeMarkup would have skipped the || which would go on to be explode by table cell attribute parsing. The test case provided would look like, <table> <tr> <th class="">|">ha</div> ho </th></tr></table> Suffice it to say, noone is using this in production. * Note that we can't just entity encode the ! since that would break style attributes with !important. * Also note, Parsoid already gets this right. * Adds a StringUtils::replaceMarkup Change-Id: Iab3ae4518fcb307b795d57eece420ba48af0a3bf
2016-02-05 08:00:56 -08:00 · 2016-02-05 08:00:56 -08:00 · 9b510882d7
commit 9b510882d7
parent 0e19c78ca7
3 changed files with 44 additions and 1 deletions
--- a/includes/libs/StringUtils.php
+++ b/includes/libs/StringUtils.php
@ -288,6 +288,31 @@ class StringUtils {
 		return $items;
 	}

+	/**
+	 * More or less "markup-safe" str_replace()
+	 * Ignores any instances of the separator inside `<...>`
+	 * @param string $search
+	 * @param string $replace
+	 * @param string $text
+	 * @return string
+	 */
+	static function replaceMarkup( $search, $replace, $text ) {
+		$placeholder = "\x00";
+
+		// Remove placeholder instances
+		$text = str_replace( $placeholder, '', $text );
+
+		// Replace instances of the separator inside HTML-like tags with the placeholder
+		$replacer = new DoubleReplacer( $search, $placeholder );
+		$cleaned = StringUtils::delimiterReplaceCallback( '<', '>', $replacer->cb(), $text );
+
+		// Explode, then put the replaced separators back in
+		$cleaned = str_replace( $search, $replace, $cleaned );
+		$text = str_replace( $placeholder, $search, $cleaned );
+
+		return $text;
+	}
+
 	/**
 	 * Escape a string to make it suitable for inclusion in a preg_replace()
 	 * replacement parameter.
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@ -1115,7 +1115,7 @@ class Parser {

 				// Implies both are valid for table headings.
 				if ( $first_character === '!' ) {
-					$line = str_replace( '!!', '||', $line );
+					$line = StringUtils::replaceMarkup( '!!', '||', $line );
 				}

 				# Split up multiple cells on the same line.
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@ -6333,6 +6333,24 @@ parsoid=wt2html,html2html
 <td data-parsoid='{"startTagSrc":"| ","attrSepSrc":"|","autoInsertedEnd":true}'><a rel="mw:ExtLink" href="ftp://|x||"></a>" onmouseover="alert(document.cookie)">test</td></tr></tbody></table>
 !! end

+!! test
+Element attributes with double ! should not be broken up by <th>
+!! wikitext
+{|
+! hi <div class="!!">ha</div> ho
+|}
+!! html/php
+<table>
+<tr>
+<th> hi <div class="!!">ha</div> ho
+</th></tr></table>
+
+!! html/parsoid
+<table>
+<tbody><tr><th> hi <div class="!!" data-parsoid='{"stx":"html"}'>ha</div> ho</th></tr>
+</tbody></table>
+!! end
+
 !! test
 ! and || in element attributes should not be parsed as <th>/<td>
 !! wikitext