dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c56eb3)
Preemptively add image-set to our sanitizer.
authorDaniel Friesen <daniel@nadir-seen-fire.com>
Fri, 19 Oct 2012 08:12:56 +0000 (01:12 -0700)
committerGerrit Code Review <gerrit@wikimedia.org>
Mon, 29 Oct 2012 08:32:53 +0000 (08:32 +0000)
WebKit's -webkit-image-set() requires a url() to work however css4-images'
version of image-set permits strings such that image-set( 'asdf.png' 1x ) would be permitted
and would bypass our filters.

Change-Id: I366d04807f66df449f791a5e8e2cb58768124a9a

includes/Sanitizer.php patch | blob | history
tests/phpunit/includes/SanitizerTest.php patch | blob | history

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 2c4ea47..5aa0545 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -916,7 +916,7 @@ class Sanitizer {
                // Reject problematic keywords and control characters
                if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
                        return '/* invalid control char */';
-               } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( | image\s*\( !ix', $value ) ) {
+               } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( | image\s*\( | image-set\s*\( !ix', $value ) ) {
                        return '/* insecure input */';
                }
                return $value;
diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php
index c593d2f..dc672ba 100644 (file)
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -194,6 +194,9 @@ class SanitizerTest extends MediaWikiTestCase {
                        array( '/* insecure input */', 'background-image: image(asdf.png);'),
                        array( '/* insecure input */', 'background-image: -webkit-image(asdf.png);'),
                        array( '/* insecure input */', 'background-image: -moz-image(asdf.png);'),
+                       array( '/* insecure input */', 'background-image: image-set("asdf.png" 1x, "asdf.png" 2x);'),
+                       array( '/* insecure input */', 'background-image: -webkit-image-set("asdf.png" 1x, "asdf.png" 2x);'),
+                       array( '/* insecure input */', 'background-image: -moz-image-set("asdf.png" 1x, "asdf.png" 2x);'),
                );
        }
 }
Wiklou, le Wiki du Wiklou