Skip to content
Permalink
Browse files Browse the repository at this point in the history
XRENDERING-663: Restrict allowed attributes in HTML rendering
* Change HTML renderers to only print allowed attributes and elements.
* Add prefix to forbidden attributes to preserve them in XWiki syntax.
* Adapt tests to expect that invalid attributes get a prefix.
  • Loading branch information
michitux committed Jun 30, 2022
1 parent 40e5d95 commit c40e2f5
Show file tree
Hide file tree
Showing 48 changed files with 330 additions and 117 deletions.
Expand Up @@ -20,16 +20,16 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p><span class="wikiexternallink"><a param="value" href="refe||rence">lab&gt;&gt;el~</a></span></p>
<p><span class="wikiexternallink"><a data-xwiki-translated-attribute-param="value" href="refe||rence">lab&gt;&gt;el~</a></span></p>
.#-----------------------------------------------------
.expect|annotatedxhtml/1.0
.#-----------------------------------------------------
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a data-xwiki-translated-attribute-param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
[[lab~>~>el~~~~>>refe~|~|rence||param="value"]]
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a data-xwiki-translated-attribute-param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
Expand Up @@ -29,7 +29,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<div param="value"><p>some text</p></div><div param="value"><p>some text</p></div>
<div data-xwiki-translated-attribute-param="value"><p>some text</p></div><div data-xwiki-translated-attribute-param="value"><p>some text</p></div>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -45,4 +45,4 @@ some text
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<div param="value"><p>some text</p></div><div param="value"><p>some text</p></div>
<div data-xwiki-translated-attribute-param="value"><p>some text</p></div><div data-xwiki-translated-attribute-param="value"><p>some text</p></div>
Expand Up @@ -12,7 +12,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<hr param="value"/>
<hr data-xwiki-translated-attribute-param="value"/>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -21,4 +21,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<html><hr param="value"/></html>
<html><hr data-xwiki-translated-attribute-param="value"/></html>
Expand Up @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p><em><span a="b">something</span></em></p>
<p><em><span data-xwiki-translated-attribute-a="b">something</span></em></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand Down
Expand Up @@ -21,7 +21,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<dl param="value"><dt>title</dt><dd>definition</dd></dl>
<dl data-xwiki-translated-attribute-param="value"><dt>title</dt><dd>definition</dd></dl>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -31,7 +31,7 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<dl param="value"><dt>title</dt><dd>definition</dd></dl>
<dl data-xwiki-translated-attribute-param="value"><dt>title</dt><dd>definition</dd></dl>
.#-----------------------------------------------------
.expect|plain/1.0
.#-----------------------------------------------------
Expand Down
Expand Up @@ -42,7 +42,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<ul param="value"><li>item 1<ul param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
<ul data-xwiki-translated-attribute-param="value"><li>item 1<ul data-xwiki-translated-attribute-param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -54,4 +54,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<ul param="value"><li>item 1<ul param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
<ul data-xwiki-translated-attribute-param="value"><li>item 1<ul data-xwiki-translated-attribute-param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
Expand Up @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<ul param1="value1" param2="value2"><li>item</li></ul>
<ul data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><li>item</li></ul>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -25,4 +25,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<html><ul param1="value1" param2="value2"><li>item</li></ul></html>
<html><ul data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><li>item</li></ul></html>
Expand Up @@ -44,12 +44,12 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<span param="value">formatmacro2</span><p><span a="b"><span param="value">formatmacro3</span> text</span></p><p><span a="b">text</span><span param="value">formatmacro4</span></p>
<span data-xwiki-translated-attribute-param="value">formatmacro2</span><p><span data-xwiki-translated-attribute-a="b"><span data-xwiki-translated-attribute-param="value">formatmacro3</span> text</span></p><p><span data-xwiki-translated-attribute-a="b">text</span><span data-xwiki-translated-attribute-param="value">formatmacro4</span></p>
.#-----------------------------------------------------
.expect|annotatedxhtml/1.0
.#-----------------------------------------------------
<!--startmacro:testformatmacro|-|--><span param="value">formatmacro2</span><!--stopmacro--><p><span a="b"><!--startmacro:testformatmacro|-|--><span param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span a="b">text</span><!--startmacro:testformatmacro|-|--><span param="value">formatmacro4</span><!--stopmacro--></p>
<!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro2</span><!--stopmacro--><p><span data-xwiki-translated-attribute-a="b"><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span data-xwiki-translated-attribute-a="b">text</span><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro4</span><!--stopmacro--></p>
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<!--startmacro:testformatmacro|-|--><span param="value">formatmacro2</span><!--stopmacro--><p><span a="b"><!--startmacro:testformatmacro|-|--><span param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span a="b">text</span><!--startmacro:testformatmacro|-|--><span param="value">formatmacro4</span><!--stopmacro--></p>
<!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro2</span><!--stopmacro--><p><span data-xwiki-translated-attribute-a="b"><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span data-xwiki-translated-attribute-a="b">text</span><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro4</span><!--stopmacro--></p>
Expand Up @@ -105,7 +105,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p param1="value1" param2="value2"><span param3="value3">hello</span> world</p><p><span param4="valueA">hello&nbsp;</span><span param4="valueB">world</span></p><p><strong><span param5="value4">hello</span></strong><span param5="value4">&nbsp;world</span></p><p><span param6="valueA">hello&nbsp;</span><span param7="valueB">world</span></p><p>before<span param="value">x</span><strong>y</strong>after</p><p>12<strong>34<span param="value">56</span>78</strong>90</p><p><span param="value">1<em>2</em></span><em>3</em></p><p><strong><span param1="value1">1</span></strong><strong><span param2="value2">2</span></strong></p>
<p data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><span data-xwiki-translated-attribute-param3="value3">hello</span> world</p><p><span data-xwiki-translated-attribute-param4="valueA">hello&nbsp;</span><span data-xwiki-translated-attribute-param4="valueB">world</span></p><p><strong><span data-xwiki-translated-attribute-param5="value4">hello</span></strong><span data-xwiki-translated-attribute-param5="value4">&nbsp;world</span></p><p><span data-xwiki-translated-attribute-param6="valueA">hello&nbsp;</span><span data-xwiki-translated-attribute-param7="valueB">world</span></p><p>before<span data-xwiki-translated-attribute-param="value">x</span><strong>y</strong>after</p><p>12<strong>34<span data-xwiki-translated-attribute-param="value">56</span>78</strong>90</p><p><span data-xwiki-translated-attribute-param="value">1<em>2</em></span><em>3</em></p><p><strong><span data-xwiki-translated-attribute-param1="value1">1</span></strong><strong><span data-xwiki-translated-attribute-param2="value2">2</span></strong></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand Down
Expand Up @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<blockquote param1="value1" param2="value2"><p>line</p></blockquote>
<blockquote data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><p>line</p></blockquote>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -25,4 +25,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<blockquote param1="value1" param2="value2"><p>line</p></blockquote>
<blockquote data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><p>line</p></blockquote>
Expand Up @@ -17,7 +17,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<h1 id="Hheader" class="wikigeneratedid" param="value"><span>header</span></h1>
<h1 id="Hheader" class="wikigeneratedid" data-xwiki-translated-attribute-param="value"><span>header</span></h1>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -26,4 +26,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<html><h1 id="Hheader" class="wikigeneratedid" param="value"><span>header</span></h1></html>
<html><h1 id="Hheader" class="wikigeneratedid" data-xwiki-translated-attribute-param="value"><span>header</span></h1></html>
Expand Up @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p><del><span a="b">something</span></del></p>
<p><del><span data-xwiki-translated-attribute-a="b">something</span></del></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand Down
Expand Up @@ -2,7 +2,7 @@
.input|xhtml/1.0
.# Verify that SUB tag parameters are recognized.
.#-----------------------------------------------------
<html><p><sub a="b">something</sub></p></html>
<html><p><sub data-xwiki-translated-attribute-a="b">something</sub></p></html>
.#-----------------------------------------------------
.expect|event/1.0
.#-----------------------------------------------------
Expand All @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p><sub><span a="b">something</span></sub></p>
<p><sub><span data-xwiki-translated-attribute-a="b">something</span></sub></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand Down
Expand Up @@ -2,7 +2,7 @@
.input|xhtml/1.0
.# Verify that SUP tag parameters are recognized.
.#-----------------------------------------------------
<html><p><sup a="b">something</sup></p></html>
<html><p><sup data-xwiki-translated-attribute-a="b">something</sup></p></html>
.#-----------------------------------------------------
.expect|event/1.0
.#-----------------------------------------------------
Expand All @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p><sup><span a="b">something</span></sup></p>
<p><sup><span data-xwiki-translated-attribute-a="b">something</span></sup></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand Down
Expand Up @@ -43,7 +43,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table><table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table>
<table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table><table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -55,4 +55,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table><table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table>
<table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table><table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table>
Expand Up @@ -12,7 +12,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<pre param="value">abc</pre>
<pre data-xwiki-translated-attribute-param="value">abc</pre>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -21,4 +21,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<html><pre param="value">abc</pre></html>
<html><pre data-xwiki-translated-attribute-param="value">abc</pre></html>
Expand Up @@ -16,7 +16,7 @@ endDocument
.#-----------------------------------------------------
.expect|xhtml/1.0
.#-----------------------------------------------------
<p param="value"><span param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>
<p data-xwiki-translated-attribute-param="value"><span data-xwiki-translated-attribute-param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>
.#-----------------------------------------------------
.expect|xwiki/2.0
.#-----------------------------------------------------
Expand All @@ -25,4 +25,4 @@ endDocument
.#-----------------------------------------------------
.input|xhtml/1.0
.#-----------------------------------------------------
<p param="value"><span param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>
<p data-xwiki-translated-attribute-param="value"><span data-xwiki-translated-attribute-param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>

0 comments on commit c40e2f5

Please sign in to comment.