Bug #91194
closed
Faulty follow-up tag detection in parseFunc & Co. (regression)
Added by Joschi Kuphal almost 5 years ago.
Updated almost 5 years ago.
Category:
Content Rendering
Description
As of version 10.4.0, the ContentObjectRenderer fails to parse <abbr> elements correctly that are nested within <a> element. The reason is sort of an edge case but presumably this might happen with other element combinations as well. Basically, the problem is that the start elements for links and abbreviations both start with "<a" and the parsing routines don't consider the remainder when scanning for matching follow-up elements.
There are two spots in ContentObjectRenderer that need to get fixed. The patch illustrates the problem (and a possible solution), but obviously something better than Regex might be used.
Files
Additionally you have to check for the existence of $conf['tags.'] in line 3933 before using it in the foreach loop.
Something like:
if (strpos($data, '<') !== false && $conf['tags.']) {
foreach ($conf['tags.'] as $tag => $tagConfig) {
instead of:
if (strpos($data, '<') !== false) {
foreach ($conf['tags.'] as $tag => $tagConfig) {
Without this check it leads to an error in one of my 10.4.0 installations.
- Related to Bug #91172: html comments in fluid template lead to exception added
- Private changed from No to Yes
- Related to deleted (Bug #91172: html comments in fluid template lead to exception)
Thanks for your report. This issue might have security implications - that's the reason why it is set to private for the time being.
As far as I understood, the failing HTML in CKEditor might look linke this (abbr nested in anchor tag), correct?
<a href="https://example.org/" target="..."><abbr>Content</abbr></a>
Exactly! There might be other combinations as well, e.g. <s><span>bla</span></s> (super rare, i know, but possible), but I didn't test these.
- Related to Bug #39261: parseFunc does not handle nested tags correct added
- Private changed from Yes to No
Does not seem to be related to security topics... in case anyone identifies a potential vulnerability here, please report to security@typo3.org
Moved from private to public again - the patch you provided seems to be okay...
- Status changed from New to Under Review
I've pushed the provided patch (keeping author details) to Gerrit and would provide additional test cases for it...
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by