Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/parser
History
C. Scott Ananian 5f21cc528e SECURITY: Sanitize data- attributes 
CVE-2025-61638

Previously, if you managed to get data- attributes with e.g spaces or
slashes in the name into validateAttributes(), then the rest of the
attribute name would not be validated and get concatenated into HTML
that would eventually be parsed as separate attributes (or even tag
contents and new markup, if you had a > in the name). I don’t think this
was possible via regular <p> parsing, as decodeTagAttributes() would
decode the attributes differently in that case, but it was possible via
various wikitext constructs, including {{#tag:}}.

Tighten the regex to throw out such invalid attributes, and add a few
tests in this direction. More refactoring, and especially more tests,
can happen later, once this chaneg is public and we can benefit from CI.

Bug: T401099
Change-Id: Id095a3278083dbedba083d5aa3c1cbaa379a682f
Co-Authored-By: Lucas Werkmeister <lucas.werkmeister@wikimedia.de>
2025-10-02 19:21:42 +00:00
..
Hook Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
Parsoid Merge "Deprecate ::setMetrics() calls with StatsdDataFactoryInterface" 2024-10-21 17:12:19 +00:00
BlockLevelPass.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
CacheTime.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
CoreMagicVariables.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
CoreParserFunctions.php Drop PHP 7.4/8.0 support from master (forward-port from MW 1.42) 2025-06-18 10:53:22 +01:00
CoreTagHooks.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
DateFormatter.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
DateFormatterFactory.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
LinkHolderArray.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
MagicWord.php MagicWord::replace*: Make sure we don't pass null into preg_match/preg_replace 2025-03-17 14:19:01 +00:00
MagicWordArray.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
MagicWordFactory.php parser: Add a new {{USERLANGUAGE}} magic word for use in wikitext 2024-09-07 19:16:32 +00:00
MWTidy.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
Parser.php Use Remex/HtmlHelper to implement Parser::replaceTableOfContents 2025-09-29 22:01:08 +00:00
ParserCache.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
ParserCacheFactory.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
ParserCacheFilter.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
ParserCacheMetadata.php
ParserFactory.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
ParserObserver.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
ParserOptions.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
ParserOutput.php ParserOutput: Prepare to allow JsonCodec serialization of TOCData 2025-07-26 01:18:35 +00:00
ParserOutputFlags.php
ParserOutputLinkTypes.php ParserOutput: Introduce ParserOutput::getLinkList() 2024-10-18 13:24:10 -04:00
ParserOutputStringSets.php
PPCustomFrame_Hash.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPDPart_Hash.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPDStack_Hash.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPDStackElement_Hash.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPFrame.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPFrame_Hash.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPNode.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPNode_Hash_Array.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPNode_Hash_Attr.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPNode_Hash_Text.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPNode_Hash_Tree.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
PPTemplateFrame_Hash.php Namespace all remaining classes in includes/parser 2024-10-15 23:54:32 +01:00
Preprocessor.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
Preprocessor_Hash.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
RemexRemoveTagHandler.php
RemexStripTagHandler.php parser: Add missing documentation to class properties 2024-09-07 22:46:08 +02:00
RevisionOutputCache.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00
Sanitizer.php SECURITY: Sanitize data- attributes 2025-10-02 19:21:42 +00:00
StripState.php Use explicit nullable type on parameter arguments 2024-10-16 20:58:33 +02:00