wiki.techinc.nl

Thijs/wiki.techinc.nl

History

C. Scott Ananian f87898b488 Protect legacy URL parameter syntax in link and alt options HTML doesn't allow certain semicolon-less HTML entities in attribute values to avoid breaking legacy markup like: <a href="http://example.com?foo&param=bar">...</a> (Note that the & in that URL is not properly entity-escaped as `&`.) Unlike wikitext, HTML generally allows semicolon-less legacy entities in text. Our alt and link option processing shove text through Sanitizer::stripAllTags, which does entity decoding including these legacy semicolon-less entities. Wikitext doesn't allow semicolon-less entities, so escape & characters where appropriate to protect alt/link options and avoid breaking URLs. This was a "regression" in how alt options were handled starting in `ddb4913f53` when we switched to using Remex for Sanitizer::stripAllTags -- semicolon-less entities (previously invalid in wikitext) were now being decoded when stripAllTags was called on alt text. This change became a problem when `ad80f0bca2` sent link option text through Sanitizer::stripAllTags (with the new semicolon-less entity decode) instead of PHP's strip_tags (which, in addition to its other faults, doesn't do entity decode at all). This suddenly started decoding "non-wikitext" entities like `&para` inside URLs, breaking links. Filed T210437 as a follow-up to consider changing the behavior of Sanitizer::stripAllTags() globally to prevent it from decoding semicolon-less entities for all callers. Bug: T209236 Change-Id: I5925e110e335d83eafa9de935c4e06806322f4a9		2018-11-27 10:12:05 -05:00
..
preprocess	Do not use real message names in 'All_system_messages' preprocessor test	2017-03-08 17:02:53 +01:00
DbTestPreviewer.php	Improve some parameter docs	2017-09-10 20:32:31 +02:00
DbTestRecorder.php	Avoid bad method call to patchPatch() in DbTestRecorder	2018-06-25 21:14:13 +01:00
DjVuSupport.php	PHP: Use short ternary operator (?:) where possible	2018-06-11 11:26:35 +02:00
editTests.php	build: Updating mediawiki/mediawiki-codesniffer to 22.0.0	2018-09-16 15:51:11 +00:00
extraParserTests.txt	extraParserTests.txt: Fix typo	2018-10-19 22:22:37 +02:00
fuzzTest.php	Update suppressWarning()/restoreWarning() calls	2018-02-10 08:50:12 +00:00
MultiTestRecorder.php	Refactor parser tests	2016-09-12 16:11:42 +10:00
ParserTestMockParser.php	Improve test coverage for ApiStashEdit	2018-08-21 15:32:29 -07:00
ParserTestParserHook.php	Use PHP 7 '??' operator instead of if-then-else	2018-10-27 23:46:13 +02:00
ParserTestPrinter.php	Improve some parameter docs	2017-09-10 20:32:31 +02:00
ParserTestResult.php	Refactor parser tests	2016-09-12 16:11:42 +10:00
ParserTestResultNormalizer.php	Update suppressWarning()/restoreWarning() calls	2018-02-10 08:50:12 +00:00
ParserTestRunner.php	Drop the image_comment_temp table	2018-11-14 15:04:31 -05:00
parserTests.php	Don't infer parsoid-only parser tests based on presence of parsoid option.	2018-11-02 16:41:40 -04:00
parserTests.txt	Protect legacy URL parameter syntax in link and alt options	2018-11-27 10:12:05 -05:00
PhpunitTestRecorder.php	build: Updating mediawiki/mediawiki-codesniffer to 16.0.0	2018-02-17 13:29:13 +01:00
README	tests: Replace implicit Bugzilla bug numbers with Phab ones	2017-02-21 02:14:34 +00:00
TestFileEditor.php	Require indentation of CASE statements in PHP code	2017-12-10 22:07:50 -05:00
TestFileReader.php	Don't infer parsoid-only parser tests based on presence of parsoid option.	2018-11-02 16:41:40 -04:00
TestRecorder.php	Remove trailing empty lines in PHP	2017-01-16 22:06:43 +01:00
TidySupport.php	Use RemexHtml as the tidy implementation for parser tests	2018-03-02 14:30:27 -08:00

README

Parser tests can be run either via PHPUnit or by using the standalone
parserTests.php in this directory. The standalone version provides more
options.

To run parser tests via PHPUnit:

 $ cd tests/phpunit
 ./phpunit.php --testsuite parsertests

You can optionally filter by title using --filter, e.g.

 ./phpunit.php --testsuite parsertests --filter="T6400"