Skip to content

Commit c40e2f5

Browse files
committed
XRENDERING-663: Restrict allowed attributes in HTML rendering
* Change HTML renderers to only print allowed attributes and elements. * Add prefix to forbidden attributes to preserve them in XWiki syntax. * Adapt tests to expect that invalid attributes get a prefix.
1 parent 40e5d95 commit c40e2f5

File tree

48 files changed

+330
-117
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+330
-117
lines changed

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/escape/escape15.test

+3-3
Original file line numberDiff line numberDiff line change
@@ -20,16 +20,16 @@ endDocument
2020
.#-----------------------------------------------------
2121
.expect|xhtml/1.0
2222
.#-----------------------------------------------------
23-
<p><span class="wikiexternallink"><a param="value" href="refe||rence">lab&gt;&gt;el~</a></span></p>
23+
<p><span class="wikiexternallink"><a data-xwiki-translated-attribute-param="value" href="refe||rence">lab&gt;&gt;el~</a></span></p>
2424
.#-----------------------------------------------------
2525
.expect|annotatedxhtml/1.0
2626
.#-----------------------------------------------------
27-
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
27+
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a data-xwiki-translated-attribute-param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
2828
.#-----------------------------------------------------
2929
.expect|xwiki/2.0
3030
.#-----------------------------------------------------
3131
[[lab~>~>el~~~~>>refe~|~|rence||param="value"]]
3232
.#-----------------------------------------------------
3333
.input|xhtml/1.0
3434
.#-----------------------------------------------------
35-
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>
35+
<p><!--startwikilink:false|-|url|-|refe||rence--><span class="wikiexternallink"><a data-xwiki-translated-attribute-param="value" href="refe||rence">lab&gt;&gt;el~</a></span><!--stopwikilink--></p>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/group/group9.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ endDocument
2929
.#-----------------------------------------------------
3030
.expect|xhtml/1.0
3131
.#-----------------------------------------------------
32-
<div param="value"><p>some text</p></div><div param="value"><p>some text</p></div>
32+
<div data-xwiki-translated-attribute-param="value"><p>some text</p></div><div data-xwiki-translated-attribute-param="value"><p>some text</p></div>
3333
.#-----------------------------------------------------
3434
.expect|xwiki/2.0
3535
.#-----------------------------------------------------
@@ -45,4 +45,4 @@ some text
4545
.#-----------------------------------------------------
4646
.input|xhtml/1.0
4747
.#-----------------------------------------------------
48-
<div param="value"><p>some text</p></div><div param="value"><p>some text</p></div>
48+
<div data-xwiki-translated-attribute-param="value"><p>some text</p></div><div data-xwiki-translated-attribute-param="value"><p>some text</p></div>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/horizontalline/horizontalline5.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ endDocument
1212
.#-----------------------------------------------------
1313
.expect|xhtml/1.0
1414
.#-----------------------------------------------------
15-
<hr param="value"/>
15+
<hr data-xwiki-translated-attribute-param="value"/>
1616
.#-----------------------------------------------------
1717
.expect|xwiki/2.0
1818
.#-----------------------------------------------------
@@ -21,4 +21,4 @@ endDocument
2121
.#-----------------------------------------------------
2222
.input|xhtml/1.0
2323
.#-----------------------------------------------------
24-
<html><hr param="value"/></html>
24+
<html><hr data-xwiki-translated-attribute-param="value"/></html>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/italic/italic8.test

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<p><em><span a="b">something</span></em></p>
19+
<p><em><span data-xwiki-translated-attribute-a="b">something</span></em></p>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/list/definitionlist7.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ endDocument
2121
.#-----------------------------------------------------
2222
.expect|xhtml/1.0
2323
.#-----------------------------------------------------
24-
<dl param="value"><dt>title</dt><dd>definition</dd></dl>
24+
<dl data-xwiki-translated-attribute-param="value"><dt>title</dt><dd>definition</dd></dl>
2525
.#-----------------------------------------------------
2626
.expect|xwiki/2.0
2727
.#-----------------------------------------------------
@@ -31,7 +31,7 @@ endDocument
3131
.#-----------------------------------------------------
3232
.input|xhtml/1.0
3333
.#-----------------------------------------------------
34-
<dl param="value"><dt>title</dt><dd>definition</dd></dl>
34+
<dl data-xwiki-translated-attribute-param="value"><dt>title</dt><dd>definition</dd></dl>
3535
.#-----------------------------------------------------
3636
.expect|plain/1.0
3737
.#-----------------------------------------------------

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/list/list13.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ endDocument
4242
.#-----------------------------------------------------
4343
.expect|xhtml/1.0
4444
.#-----------------------------------------------------
45-
<ul param="value"><li>item 1<ul param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
45+
<ul data-xwiki-translated-attribute-param="value"><li>item 1<ul data-xwiki-translated-attribute-param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
4646
.#-----------------------------------------------------
4747
.expect|xwiki/2.0
4848
.#-----------------------------------------------------
@@ -54,4 +54,4 @@ endDocument
5454
.#-----------------------------------------------------
5555
.input|xhtml/1.0
5656
.#-----------------------------------------------------
57-
<ul param="value"><li>item 1<ul param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>
57+
<ul data-xwiki-translated-attribute-param="value"><li>item 1<ul data-xwiki-translated-attribute-param2="value2"><li>item 1.1<ul><li>item 1.1.1</li></ul></li></ul></li></ul>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/list/list8.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<ul param1="value1" param2="value2"><li>item</li></ul>
19+
<ul data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><li>item</li></ul>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------
@@ -25,4 +25,4 @@ endDocument
2525
.#-----------------------------------------------------
2626
.input|xhtml/1.0
2727
.#-----------------------------------------------------
28-
<html><ul param1="value1" param2="value2"><li>item</li></ul></html>
28+
<html><ul data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><li>item</li></ul></html>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/macros/macro10.test

+3-3
Original file line numberDiff line numberDiff line change
@@ -44,12 +44,12 @@ endDocument
4444
.#-----------------------------------------------------
4545
.expect|xhtml/1.0
4646
.#-----------------------------------------------------
47-
<span param="value">formatmacro2</span><p><span a="b"><span param="value">formatmacro3</span> text</span></p><p><span a="b">text</span><span param="value">formatmacro4</span></p>
47+
<span data-xwiki-translated-attribute-param="value">formatmacro2</span><p><span data-xwiki-translated-attribute-a="b"><span data-xwiki-translated-attribute-param="value">formatmacro3</span> text</span></p><p><span data-xwiki-translated-attribute-a="b">text</span><span data-xwiki-translated-attribute-param="value">formatmacro4</span></p>
4848
.#-----------------------------------------------------
4949
.expect|annotatedxhtml/1.0
5050
.#-----------------------------------------------------
51-
<!--startmacro:testformatmacro|-|--><span param="value">formatmacro2</span><!--stopmacro--><p><span a="b"><!--startmacro:testformatmacro|-|--><span param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span a="b">text</span><!--startmacro:testformatmacro|-|--><span param="value">formatmacro4</span><!--stopmacro--></p>
51+
<!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro2</span><!--stopmacro--><p><span data-xwiki-translated-attribute-a="b"><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span data-xwiki-translated-attribute-a="b">text</span><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro4</span><!--stopmacro--></p>
5252
.#-----------------------------------------------------
5353
.input|xhtml/1.0
5454
.#-----------------------------------------------------
55-
<!--startmacro:testformatmacro|-|--><span param="value">formatmacro2</span><!--stopmacro--><p><span a="b"><!--startmacro:testformatmacro|-|--><span param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span a="b">text</span><!--startmacro:testformatmacro|-|--><span param="value">formatmacro4</span><!--stopmacro--></p>
55+
<!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro2</span><!--stopmacro--><p><span data-xwiki-translated-attribute-a="b"><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro3</span><!--stopmacro--> text</span></p><p><span data-xwiki-translated-attribute-a="b">text</span><!--startmacro:testformatmacro|-|--><span data-xwiki-translated-attribute-param="value">formatmacro4</span><!--stopmacro--></p>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/paragraph/paragraph6.test

+1-1
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ endDocument
105105
.#-----------------------------------------------------
106106
.expect|xhtml/1.0
107107
.#-----------------------------------------------------
108-
<p param1="value1" param2="value2"><span param3="value3">hello</span> world</p><p><span param4="valueA">hello&nbsp;</span><span param4="valueB">world</span></p><p><strong><span param5="value4">hello</span></strong><span param5="value4">&nbsp;world</span></p><p><span param6="valueA">hello&nbsp;</span><span param7="valueB">world</span></p><p>before<span param="value">x</span><strong>y</strong>after</p><p>12<strong>34<span param="value">56</span>78</strong>90</p><p><span param="value">1<em>2</em></span><em>3</em></p><p><strong><span param1="value1">1</span></strong><strong><span param2="value2">2</span></strong></p>
108+
<p data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><span data-xwiki-translated-attribute-param3="value3">hello</span> world</p><p><span data-xwiki-translated-attribute-param4="valueA">hello&nbsp;</span><span data-xwiki-translated-attribute-param4="valueB">world</span></p><p><strong><span data-xwiki-translated-attribute-param5="value4">hello</span></strong><span data-xwiki-translated-attribute-param5="value4">&nbsp;world</span></p><p><span data-xwiki-translated-attribute-param6="valueA">hello&nbsp;</span><span data-xwiki-translated-attribute-param7="valueB">world</span></p><p>before<span data-xwiki-translated-attribute-param="value">x</span><strong>y</strong>after</p><p>12<strong>34<span data-xwiki-translated-attribute-param="value">56</span>78</strong>90</p><p><span data-xwiki-translated-attribute-param="value">1<em>2</em></span><em>3</em></p><p><strong><span data-xwiki-translated-attribute-param1="value1">1</span></strong><strong><span data-xwiki-translated-attribute-param2="value2">2</span></strong></p>
109109
.#-----------------------------------------------------
110110
.expect|xwiki/2.0
111111
.#-----------------------------------------------------

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/quote/quote3.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<blockquote param1="value1" param2="value2"><p>line</p></blockquote>
19+
<blockquote data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><p>line</p></blockquote>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------
@@ -25,4 +25,4 @@ endDocument
2525
.#-----------------------------------------------------
2626
.input|xhtml/1.0
2727
.#-----------------------------------------------------
28-
<blockquote param1="value1" param2="value2"><p>line</p></blockquote>
28+
<blockquote data-xwiki-translated-attribute-param1="value1" data-xwiki-translated-attribute-param2="value2"><p>line</p></blockquote>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/section/section6.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ endDocument
1717
.#-----------------------------------------------------
1818
.expect|xhtml/1.0
1919
.#-----------------------------------------------------
20-
<h1 id="Hheader" class="wikigeneratedid" param="value"><span>header</span></h1>
20+
<h1 id="Hheader" class="wikigeneratedid" data-xwiki-translated-attribute-param="value"><span>header</span></h1>
2121
.#-----------------------------------------------------
2222
.expect|xwiki/2.0
2323
.#-----------------------------------------------------
@@ -26,4 +26,4 @@ endDocument
2626
.#-----------------------------------------------------
2727
.input|xhtml/1.0
2828
.#-----------------------------------------------------
29-
<html><h1 id="Hheader" class="wikigeneratedid" param="value"><span>header</span></h1></html>
29+
<html><h1 id="Hheader" class="wikigeneratedid" data-xwiki-translated-attribute-param="value"><span>header</span></h1></html>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/strikedout/strikedout4.test

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<p><del><span a="b">something</span></del></p>
19+
<p><del><span data-xwiki-translated-attribute-a="b">something</span></del></p>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/subscript/subscript2.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
.input|xhtml/1.0
33
.# Verify that SUB tag parameters are recognized.
44
.#-----------------------------------------------------
5-
<html><p><sub a="b">something</sub></p></html>
5+
<html><p><sub data-xwiki-translated-attribute-a="b">something</sub></p></html>
66
.#-----------------------------------------------------
77
.expect|event/1.0
88
.#-----------------------------------------------------
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<p><sub><span a="b">something</span></sub></p>
19+
<p><sub><span data-xwiki-translated-attribute-a="b">something</span></sub></p>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/superscript/superscript2.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
.input|xhtml/1.0
33
.# Verify that SUP tag parameters are recognized.
44
.#-----------------------------------------------------
5-
<html><p><sup a="b">something</sup></p></html>
5+
<html><p><sup data-xwiki-translated-attribute-a="b">something</sup></p></html>
66
.#-----------------------------------------------------
77
.expect|event/1.0
88
.#-----------------------------------------------------
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<p><sup><span a="b">something</span></sup></p>
19+
<p><sup><span data-xwiki-translated-attribute-a="b">something</span></sup></p>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/table/table3.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ endDocument
4343
.#-----------------------------------------------------
4444
.expect|xhtml/1.0
4545
.#-----------------------------------------------------
46-
<table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table><table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table>
46+
<table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table><table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table>
4747
.#-----------------------------------------------------
4848
.expect|xwiki/2.0
4949
.#-----------------------------------------------------
@@ -55,4 +55,4 @@ endDocument
5555
.#-----------------------------------------------------
5656
.input|xhtml/1.0
5757
.#-----------------------------------------------------
58-
<table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table><table a="b"><tr c="d"><th e="f" scope="col"><span g="h">cell1</span></th><td i="j"><span k="l">cell2</span></td></tr></table>
58+
<table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table><table data-xwiki-translated-attribute-a="b"><tr data-xwiki-translated-attribute-c="d"><th data-xwiki-translated-attribute-e="f" scope="col"><span data-xwiki-translated-attribute-g="h">cell1</span></th><td data-xwiki-translated-attribute-i="j"><span k="l">cell2</span></td></tr></table>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/verbatim/verbatim6.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ endDocument
1212
.#-----------------------------------------------------
1313
.expect|xhtml/1.0
1414
.#-----------------------------------------------------
15-
<pre param="value">abc</pre>
15+
<pre data-xwiki-translated-attribute-param="value">abc</pre>
1616
.#-----------------------------------------------------
1717
.expect|xwiki/2.0
1818
.#-----------------------------------------------------
@@ -21,4 +21,4 @@ endDocument
2121
.#-----------------------------------------------------
2222
.input|xhtml/1.0
2323
.#-----------------------------------------------------
24-
<html><pre param="value">abc</pre></html>
24+
<html><pre data-xwiki-translated-attribute-param="value">abc</pre></html>

Diff for: xwiki-rendering-integration-tests/src/test/resources/simple/verbatim/verbatim7.test

+2-2
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ endDocument
1616
.#-----------------------------------------------------
1717
.expect|xhtml/1.0
1818
.#-----------------------------------------------------
19-
<p param="value"><span param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>
19+
<p data-xwiki-translated-attribute-param="value"><span data-xwiki-translated-attribute-param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>
2020
.#-----------------------------------------------------
2121
.expect|xwiki/2.0
2222
.#-----------------------------------------------------
@@ -25,4 +25,4 @@ endDocument
2525
.#-----------------------------------------------------
2626
.input|xhtml/1.0
2727
.#-----------------------------------------------------
28-
<p param="value"><span param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>
28+
<p data-xwiki-translated-attribute-param="value"><span data-xwiki-translated-attribute-param2="value2"><tt class="wikimodel-verbatim">abc</tt></span></p>

0 commit comments

Comments
 (0)