HTML API: Fixes for issues discovered while fuzzing.#11982
Open
dmsnell wants to merge 1 commit into
Open
Conversation
dmsnell
force-pushed
the
html-api/fuzzer-fixes
branch
from
d0d323a to
b44f02f
Compare
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
dmsnell
force-pushed
the
html-api/fuzzer-fixes
branch
3 times, most recently
from
7d47eb5 to
c9990f9
Compare
dmsnell
changed the title
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
dmsnell
force-pushed
the
html-api/fuzzer-fixes
branch
from
c9990f9 to
568d467
Compare
Fuzz-testing was performed against the HTML API for finding edge cases that might be broken in the existing parsing code. A few issues were discovered with HTML normalization and warnings from out-of-bounds string reads. This patch contains new tests catching regressions on these behaviors and adds fixes for the discovered issues. A special-case for FORM closing tags inside TABLEs was added after investigation turned up that many normalization issues stem from this single issue, where `next_tag()` would already fail to proceed, but the normalization was continuing with already-created virtual tokens. This special-case should be investigated as more support is added to the HTML API to ensure that it couldn’t be removed for more robust core code.
dmsnell
force-pushed
the
html-api/fuzzer-fixes
branch
from
568d467 to
6548ed9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Trac ticket: Core-65372
Fuzz-testing was performed against the HTML API for finding edge cases
that might be broken in the existing parsing code. A few issues were
discovered with HTML normalization and warnings from out-of-bounds
string reads.
This patch contains new tests catching regressions on these behaviors
and adds fixes for the discovered issues.
A special-case for FORM closing tags inside TABLEs was added after
investigation turned up that many normalization issues stem from this
single issue, where
next_tag()would already fail to proceed, but thenormalization was continuing with already-created virtual tokens. This
special-case should be investigated as more support is added to the HTML
API to ensure that it couldn’t be removed for more robust core code.