Last modified: 2014-03-05 20:38:16 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64267, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 62267 - Multiple sanitizer vulnerabilities


Summary:	Multiple sanitizer vulnerabilities

Status:	RESOLVED DUPLICATE of bug 56846

Product:	Parsoid
Classification:	Unclassified
Component:	General (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal
Target Milestone:	---
Assigned To:	Gabriel Wicke

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-03-05 20:16 UTC by C. Scott Ananian
Modified:	2014-03-05 20:38 UTC (History)
CC List:	2 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description C. Scott Ananian 2014-03-05 20:16:23 UTC

A number of sanitizer vulnerabilities were fixed in core with bug 55332.  We need to port these fixes over to Parsoid.

In particular, see the failing tests added to the blacklist in https://gerrit.wikimedia.org/r/117033

(It looks like bug 56846 lists a bunch more failing sanitizer tests.)

Comment 1 Gabriel Wicke 2014-03-05 20:19:05 UTC

I believe we fixed the cases relevant to browsers that are not IE6. See the bug you linked, it has Parsoid changesets linked as well.

Comment 2 C. Scott Ananian 2014-03-05 20:38:02 UTC

The only new failing test case is the "Opera -o-link" CSS sanitization bug.  I'm going to merge this bug in with 56846.

Comment 3 C. Scott Ananian 2014-03-05 20:38:16 UTC


*** This bug has been marked as a duplicate of bug 56846 ***

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links