[MediaWiki-commits] [Gerrit] mediawiki...mobileapps[master]: Escape text node content in extractLeadIntroduction.js

Wed, 10 Jan 2018 18:54:32 -0800 

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/403538 )

Change subject: Escape text node content in extractLeadIntroduction.js
......................................................................


Escape text node content in extractLeadIntroduction.js

Bug: T184558
Change-Id: I27ece6ae485520a631aaba9f6f34c40e9bf3e5f4
---
M lib/transformations/extractLeadIntroduction.js
M test/lib/transformations/extractLeadIntroduction.js
2 files changed, 26 insertions(+), 1 deletion(-)

Approvals:
  BearND: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/lib/transformations/extractLeadIntroduction.js 
b/lib/transformations/extractLeadIntroduction.js
index 0b4e934..f586951 100644
--- a/lib/transformations/extractLeadIntroduction.js
+++ b/lib/transformations/extractLeadIntroduction.js
@@ -12,6 +12,24 @@
 }
 
 /*
+ * HTML escape a string.
+ * @param {!String} s
+ * @return {!String}
+ */
+function escape(s) {
+    return s.replace(/[&<>"']/g, (c) => {
+        switch (c) {
+            case '&': return '&amp;';
+            case '<': return '&lt;';
+            case '>': return '&gt;';
+            case '"': return '&quot;';
+            default: return;
+        }
+    });
+}
+
+
+/*
  * Extracts the first non-empty paragraph from an article and any
  * nodes that follow it that are not themselves paragraphs.
  * @param {!Document} doc representing article
@@ -38,7 +56,7 @@
                 // Deal with text nodes
                 if (nextSibling.nodeType === NodeType.TEXT_NODE) {
                     if (!isEmpty(nextSibling)) {
-                        p += nextSibling.textContent;
+                        p += escape(nextSibling.textContent);
                     }
                 } else {
                     p += nextSibling.outerHTML;
diff --git a/test/lib/transformations/extractLeadIntroduction.js 
b/test/lib/transformations/extractLeadIntroduction.js
index 2118354..231ed9b 100644
--- a/test/lib/transformations/extractLeadIntroduction.js
+++ b/test/lib/transformations/extractLeadIntroduction.js
@@ -46,4 +46,11 @@
             assert.equal(lead, test[1]);
         });
     });
+
+    it('Trailing text content is escaped', () => {
+        const html = '<p>foo</p>&lt;script&gt;alert(1);&lt;/script&gt;';
+        const doc = domino.createDocument(html);
+        const lead = extractLeadIntroduction(doc);
+        assert.deepEqual(lead, html);
+    });
 });

-- 
To view, visit https://gerrit.wikimedia.org/r/403538
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I27ece6ae485520a631aaba9f6f34c40e9bf3e5f4
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/mobileapps
Gerrit-Branch: master
Gerrit-Owner: Mholloway <mhollo...@wikimedia.org>
Gerrit-Reviewer: BearND <bsitzm...@wikimedia.org>
Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com>
Gerrit-Reviewer: Fjalapeno <cfl...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Jdlrobson <jrob...@wikimedia.org>
Gerrit-Reviewer: Mhurd <mh...@wikimedia.org>
Gerrit-Reviewer: Ppchelko <ppche...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to