r67630 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r67629‎ \| r67630 \| r67631 >
Date:	16:06, 8 June 2010
Author:	platonides
Status:	ok
Tags:
Comment:	MFT r67101 fixing in branch parser tests broken in r66990. Reported by freakolowsky on irc.
Modified paths:	/branches/REL1_16/phase3/maintenance/parserTests.txt (modified) (history)

Diff [purge]

Index: branches/REL1_16/phase3/maintenance/parserTests.txt
—	—	@@ -402,7 +402,7 @@
403	403	!! input
404	404	<pre width="8" style="border-width: expression(alert(document.cookie))">Narrow screen goodies</pre>
405	405	!! result
406		~~-<pre width="8">Narrow screen goodies</pre>~~
	406	+<pre width="8" style="/* insecure input */">Narrow screen goodies</pre>
407	407
408	408	!! end
409	409
—	—	@@ -4231,7 +4231,7 @@
4232	4232	!! input
4233	4233	<div style="{{dangerous style attribute}}"></div>
4234	4234	!! result
4235		~~-<div></div>~~
	4235	+<div style="/* insecure input */"></div>
4236	4236
4237	4237	!! end
4238	4238
—	—	@@ -4249,7 +4249,7 @@
4250	4250	!! input
4251	4251	{{div style\|width: expression(alert(document.cookie))}}
4252	4252	!! result
4253		~~-<div>Magic div</div>~~
	4253	+<div style="/* insecure input */">Magic div</div>
4254	4254
4255	4255	!! end
4256	4256
—	—	@@ -4358,7 +4358,7 @@
4359	4359	!! input
4360	4360	<div style="<nowiki>border-left:expression(alert(document.cookie))</nowiki>"></div>
4361	4361	!! result
4362		~~-<div></div>~~
	4362	+<div style="/* insecure input */"></div>
4363	4363
4364	4364	!! end
4365	4365
—	—	@@ -4378,7 +4378,7 @@
4379	4379	!! input
4380	4380	<div style="background-image:u\rl(javascript:alert('boo'))">evil</div>
4381	4381	!! result
4382		~~-<div>evil</div>~~
	4382	+<div style="/* insecure input */">evil</div>
4383	4383
4384	4384	!! end
4385	4385
—	—	@@ -4387,7 +4387,7 @@
4388	4388	!! input
4389	4389	<div style="background-image:u\72l(javascript:alert('boo'))">evil</div>
4390	4390	!! result
4391		~~-<div>evil</div>~~
	4391	+<div style="/* insecure input */">evil</div>
4392	4392
4393	4393	!! end
4394	4394
—	—	@@ -4433,7 +4433,7 @@
4434	4434	!! result
4435	4435	<table>
4436	4436	<tr>
4437		~~-<th> status~~
	4437	+<th style="/* insecure input */"> status
4438	4438	</th></tr></table>
4439	4439
4440	4440	!! end
—	—	@@ -4443,7 +4443,7 @@
4444	4444	!! input
4445	4445	<div style="background-image: u\ rl(test.jpg);"></div>
4446	4446	!! result
4447		~~-<div></div>~~
	4447	+<div style="/* insecure input */"></div>
4448	4448
4449	4449	!! end
4450	4450
—	—	@@ -4452,7 +4452,7 @@
4453	4453	!! input
4454	4454	<div style="background-image: u\ rl(test.jpg); "></div>
4455	4455	!! result
4456		~~-<div></div>~~
	4456	+<div style="/* insecure input */"></div>
4457	4457
4458	4458	!! end
4459	4459

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r66990	Normalise CSS escape sequences.	tstarling	05:02, 28 May 2010
r67101	Follow up r66990. Fix parser tests.	platonides	18:59, 30 May 2010

Status & tagging log

03:00, 9 June 2010 Tim Starling (talk | contribs) changed the status of r67630 [removed: new added: ok]