Add in a comment about some funky behavior

At Gabriel's behest, I've added some information about a test that
is inconsistent with the actual behavior of the parser. Please
consider fixing this if you have the time, else, the parser will
get fixed sometime in the future by someone on the parsoid team.

Change-Id: I2c5db4d9eab6f5f9e84aa354a22eeb2b5124bb0a

diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index 0f2165d..23067c1 100644 (file)
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -1604,6 +1604,23 @@ External links: [IDN ignored character reference in hostname; strip it right off
 </p>
 !! end
 
+# FIXME: This test (the IDN characters in the text of a link) is an inconsistency.
+# Where an external link could easily circumvent the sanitization of the text of
+# a link like this (where an IDN-ignore character is in the URL somewhere), this
+# test demands a higher standard. That's a bit strange.
+#
+# Example:
+#
+# http://e‌xample.com -> [http://example.com|http://example.com]
+# [http://example.com|http://e‌xample.com] -> [http://example.com|http://e‌xample.com]
+#
+# The first example is sanitized, but the second is not. Any security benefits
+# from this production are trivial to circumvent. Either remove this test and
+# let the parser(s) do their thing unaccosted, or fix the inconsistency and change
+# the test accordingly.
+#
+# All our love,
+# The Parsoid team.
 !! test
 External links: IDN ignored character reference in hostname; strip it right off
 !! input