Page MenuHomePhabricator

Multiple sanitizer vulnerabilities
Closed, ResolvedPublic

Description

A number of sanitizer vulnerabilities were fixed in core with bug 55332. We need to port these fixes over to Parsoid.

In particular, see the failing tests added to the blacklist in https://gerrit.wikimedia.org/r/117033

(It looks like bug 56846 lists a bunch more failing sanitizer tests.)


Version: unspecified
Severity: normal

Details

Reference
bz62267

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:01 AM
bzimport added a project: Parsoid.
bzimport set Reference to bz62267.

I believe we fixed the cases relevant to browsers that are not IE6. See the bug you linked, it has Parsoid changesets linked as well.

The only new failing test case is the "Opera -o-link" CSS sanitization bug. I'm going to merge this bug in with 56846.

  • This bug has been marked as a duplicate of bug 56846 ***