wikimedia/mediawiki-extensions-VisualEditor
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor synced 2024-11-25 14:56:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

ve.ui.MWExtensionInspector: Prevent from setting impossible content

Browse source 
XML-like tags in wikitext are not actually XML and don't expect
their contents to be escaped. This means that (usually) it is not
possible for a tag '<foo>…</foo>' to contain the string '</foo>'
(see bug 57429 comment 4 for details).

Prevent the user from doing that by escaping the first angle bracket
'<' to '&lt;' in such inputs when the inspector closes.

Bug: 57429
Change-Id: Ia566452ae0ffc9caa3ea48a52e5b8032c33fc9c8
This commit is contained in:
Bartosz Dziewoński 2014-07-04 18:09:04 +02:00
parent a0989d15d4
commit bba6ac20bd
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/ve-mw/ui/inspectors/ve.ui.MWExtensionInspector.js
View file

@ -193,5 +193,13 @@ ve.ui.MWExtensionInspector.prototype.getTeardownProcess = function ( data ) {
* @param {Object} mwData MediaWiki data object
*/
ve.ui.MWExtensionInspector.prototype.updateMwData = function ( mwData ) {
mwData.body.extsrc = this.whitespace[0] + this.input.getValue() + this.whitespace[1];
var tagName = mwData.name,
value = this.input.getValue();
// XML-like tags in wikitext are not actually XML and don't expect their contents to be escaped.
// This means that it is not possible for a tag '<foo>…</foo>' to contain the string '</foo>'.
// Prevent that by escaping the first angle bracket '<' to '&lt;'. (bug 57429)
value = value.replace( new RegExp( '<(/' + tagName + '\\s*>)', 'gi' ), '&lt;$1' );
mwData.body.extsrc = this.whitespace[0] + value + this.whitespace[1];
};