From bba6ac20bdd1ceef22e9ec2e61c1e0e94d29454a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartosz=20Dziewo=C5=84ski?= Date: Fri, 4 Jul 2014 18:09:04 +0200 Subject: [PATCH] ve.ui.MWExtensionInspector: Prevent from setting impossible content MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit XML-like tags in wikitext are not actually XML and don't expect their contents to be escaped. This means that (usually) it is not possible for a tag '' to contain the string '' (see bug 57429 comment 4 for details). Prevent the user from doing that by escaping the first angle bracket '<' to '<' in such inputs when the inspector closes. Bug: 57429 Change-Id: Ia566452ae0ffc9caa3ea48a52e5b8032c33fc9c8 --- .../ve-mw/ui/inspectors/ve.ui.MWExtensionInspector.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/ve-mw/ui/inspectors/ve.ui.MWExtensionInspector.js b/modules/ve-mw/ui/inspectors/ve.ui.MWExtensionInspector.js index b8f4e01f89..a4acb11fdc 100644 --- a/modules/ve-mw/ui/inspectors/ve.ui.MWExtensionInspector.js +++ b/modules/ve-mw/ui/inspectors/ve.ui.MWExtensionInspector.js @@ -193,5 +193,13 @@ ve.ui.MWExtensionInspector.prototype.getTeardownProcess = function ( data ) { * @param {Object} mwData MediaWiki data object */ ve.ui.MWExtensionInspector.prototype.updateMwData = function ( mwData ) { - mwData.body.extsrc = this.whitespace[0] + this.input.getValue() + this.whitespace[1]; + var tagName = mwData.name, + value = this.input.getValue(); + + // XML-like tags in wikitext are not actually XML and don't expect their contents to be escaped. + // This means that it is not possible for a tag '' to contain the string ''. + // Prevent that by escaping the first angle bracket '<' to '<'. (bug 57429) + value = value.replace( new RegExp( '<(/' + tagName + '\\s*>)', 'gi' ), '<$1' ); + + mwData.body.extsrc = this.whitespace[0] + value + this.whitespace[1]; };