VYPR
Get started
← All advisories
Critical severityNVD Advisory· Published Jul 14, 2025· Updated Jul 15, 2025

XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

CVE-2025-53835

Description

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile (enabled by default). This has been fixed in version 14.10 by removing the dependency on the xdom+xml/current syntax from the XHTML syntax. Note that the xdom+xml syntax is still vulnerable to this attack. As it's main purpose is testing and its use is quite difficult, this syntax shouldn't be installed or used on a regular wiki. There are no known workarounds apart from upgrading.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.rendering:xwiki-rendering-syntax-xhtmlMaven
>= 5.4.5, < 14.1014.10

Affected products

1

Patches

1
a4ca31f99f52

XRENDERING-660: Get rid of the dependency on the xdom+xml syntax (#230)

https://github.com/xwiki/xwiki-renderingMichael HamannNov 4, 2022via ghsa
commit
7 files changed · +127 144
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml5/src/main/java/org/xwiki/rendering/internal/parser/xhtml5/XHTML5Parser.java+6 11 modified
    @@ -27,19 +27,18 @@
 
 import org.xwiki.component.annotation.Component;
 import org.xwiki.component.manager.ComponentManager;
-import org.xwiki.rendering.internal.parser.xhtml5.wikimodel.XWikiFigcaptionTagHandler;
-import org.xwiki.rendering.internal.parser.xhtml5.wikimodel.XWikiFigureTagHandler;
-import org.xwiki.rendering.internal.parser.xhtml5.wikimodel.XHTML5SpanTagHandler;
 import org.xwiki.rendering.internal.parser.xhtml.XHTMLParser;
 import org.xwiki.rendering.internal.parser.xhtml.wikimodel.XWikiCommentHandler;
 import org.xwiki.rendering.internal.parser.xhtml.wikimodel.XWikiDivTagHandler;
 import org.xwiki.rendering.internal.parser.xhtml.wikimodel.XWikiHeaderTagHandler;
 import org.xwiki.rendering.internal.parser.xhtml.wikimodel.XWikiImageTagHandler;
 import org.xwiki.rendering.internal.parser.xhtml.wikimodel.XWikiReferenceTagHandler;
 import org.xwiki.rendering.internal.parser.xhtml.wikimodel.XWikiTableDataTagHandler;
+import org.xwiki.rendering.internal.parser.xhtml5.wikimodel.XHTML5SpanTagHandler;
+import org.xwiki.rendering.internal.parser.xhtml5.wikimodel.XWikiFigcaptionTagHandler;
+import org.xwiki.rendering.internal.parser.xhtml5.wikimodel.XWikiFigureTagHandler;
 import org.xwiki.rendering.parser.ParseException;
 import org.xwiki.rendering.parser.ResourceReferenceParser;
-import org.xwiki.rendering.renderer.PrintRendererFactory;
 import org.xwiki.rendering.syntax.Syntax;
 import org.xwiki.rendering.wikimodel.IWikiParser;
 import org.xwiki.rendering.wikimodel.xhtml.XhtmlParser;
@@ -60,10 +59,6 @@
 @Unstable
 public class XHTML5Parser extends XHTMLParser
 {
-    @Inject
-    @Named("xdom+xml/current")
-    private PrintRendererFactory xmlRenderer;
-
     @Inject
     private ComponentManager componentManager;
 
@@ -103,7 +98,7 @@ public IWikiParser createWikiModelParser() throws ParseException
         handlers.put("h4", handler);
         handlers.put("h5", handler);
         handlers.put("h6", handler);
-        handlers.put("a", new XWikiReferenceTagHandler(this, this.xmlRenderer));
+        handlers.put("a", new XWikiReferenceTagHandler(this));
         handlers.put("img", new XWikiImageTagHandler());
         handlers.put("span", new XHTML5SpanTagHandler(this.componentManager, this));
         // Change the class value indicating that the division is an embedded document. We do this in order to be
@@ -118,8 +113,8 @@ public IWikiParser createWikiModelParser() throws ParseException
 
         XhtmlParser parser = new XhtmlParser();
         parser.setExtraHandlers(handlers);
-        parser.setCommentHandler(new XWikiCommentHandler(this.componentManager, this, this.xmlRenderer,
-            this.xhtmlMarkerResourceReferenceParser));
+        parser.setCommentHandler(
+            new XWikiCommentHandler(this.componentManager, this, this.xhtmlMarkerResourceReferenceParser));
 
         // Construct our own XML filter chain since we want to use our own Comment filter.
         try {
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml/pom.xml+0 7 modified
    @@ -44,13 +44,6 @@
       <artifactId>xwiki-rendering-syntax-wikimodel</artifactId>
       <version>${project.version}</version>
     </dependency>
-    <!-- Runtime dependency -->
-    <!-- TODO: That's very bad and should be fixed by https://jira.xwiki.org/browse/XRENDERING-83 -->
-    <dependency>
-      <groupId>org.xwiki.rendering</groupId>
-      <artifactId>xwiki-rendering-syntax-xdomxmlcurrent</artifactId>
-      <version>${project.version}</version>
-    </dependency>
     <!-- Test Dependencies -->
     <dependency>
       <groupId>org.xwiki.rendering</groupId>
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml/src/main/java/org/xwiki/rendering/internal/parser/xhtml/wikimodel/XHTMLXWikiGeneratorListener.java+21 64 modified
    @@ -20,15 +20,14 @@
 package org.xwiki.rendering.internal.parser.xhtml.wikimodel;
 
 import java.util.Map;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 import org.apache.commons.lang3.tuple.Pair;
+import org.xwiki.rendering.block.Block;
 import org.xwiki.rendering.internal.parser.wikimodel.DefaultXWikiGeneratorListener;
+import org.xwiki.rendering.listener.InlineFilterListener;
 import org.xwiki.rendering.listener.Listener;
 import org.xwiki.rendering.listener.MetaData;
 import org.xwiki.rendering.listener.reference.ResourceReference;
-import org.xwiki.rendering.listener.reference.ResourceType;
 import org.xwiki.rendering.parser.ResourceReferenceParser;
 import org.xwiki.rendering.parser.StreamParser;
 import org.xwiki.rendering.renderer.PrintRendererFactory;
@@ -61,16 +60,6 @@ public class XHTMLXWikiGeneratorListener extends DefaultXWikiGeneratorListener
      */
     public static final String METADATA_ATTRIBUTE_PREFIX = "data-xwiki-";
 
-    /**
-     * URL matching pattern.
-     */
-    private static final Pattern URL_SCHEME_PATTERN = Pattern.compile("[a-zA-Z0-9+.-]*://");
-
-    /**
-     * Prefix for mailto-links.
-     */
-    private static final String MAILTO_PREFIX = "mailto:";
-
     private static final String CLASS_ATTRIBUTE = "class";
 
     /**
@@ -93,32 +82,34 @@ public XHTMLXWikiGeneratorListener(StreamParser parser, Listener listener,
     @Override
     public void onReference(WikiReference reference)
     {
-        // We need to handle 2 cases:
-        // - when the passed reference is an instance of XWikiWikiReference, i.e. when a XHTML comment defining a XWiki
-        // link has been specified and the XHTML parser has recognized it and thus is passing a typed reference to us.
-        // - when the passed reference is not an instance of XWikiWikiReference which will happen if there's no special
-        // XHTML comment defining a XWiki link. In this case, we need to figure out what how to consider the passed
-        // reference.
+        // We only support XWikiWikiReference as the XHTML parser never passes anything else to onReference.
 
-        ResourceReference resourceReference;
-        boolean isFreeStanding;
         if (!(reference instanceof XWikiWikiReference)) {
-            resourceReference = computeResourceReference(reference.getLink());
-            isFreeStanding = false;
-        } else {
-            XWikiWikiReference xwikiReference = (XWikiWikiReference) reference;
-            resourceReference = xwikiReference.getReference();
-            isFreeStanding = xwikiReference.isFreeStanding();
-
-            flushFormat();
+            throw new IllegalArgumentException("Expected XWikiWikiReference but got another type!");
         }
 
+        XWikiWikiReference xwikiReference = (XWikiWikiReference) reference;
+        ResourceReference resourceReference = xwikiReference.getReference();
+        boolean isFreeStanding = xwikiReference.isFreeStanding();
+        Block labelXDOM = xwikiReference.getLabelXDOM();
+
+        flushFormat();
+
         // Consider query string and anchor as ResourceReference parameters and the rest as generic parameters
         Pair<Map<String, String>, Map<String, String>> parameters =
             convertAndSeparateParameters(reference.getParameters());
 
         resourceReference.setParameters(parameters.getLeft());
-        onReference(resourceReference, reference.getLabel(), isFreeStanding, parameters.getRight(), false);
+
+        getListener().beginLink(resourceReference, isFreeStanding, parameters.getRight());
+
+        if (labelXDOM != null) {
+            InlineFilterListener inlineFilterListener = new InlineFilterListener();
+            inlineFilterListener.setWrappedListener(getListener());
+            labelXDOM.traverse(inlineFilterListener);
+        }
+
+        getListener().endLink(resourceReference, isFreeStanding, parameters.getRight());
     }
 
     @Override
@@ -142,40 +133,6 @@ public void onImage(WikiReference reference)
         }
     }
 
-    /**
-     * Recognize the passed reference and figure out what type of link it should be:
-     * <ul>
-     *   <li>UC1: the reference points to a valid URL, we return a reference of type "url",
-     *       e.g. {@code http://server/path/reference#anchor}</li>
-     *   <li>UC2: the reference is a mailto: link, we return a reference of type "mailto",
-     *       e.g., {@code mailto:user@example.com}</li>
-     *   <li>UC3: the reference is not a valid URL, we return a reference of type "path",
-     *       e.g. {@code path/reference#anchor}</li>
-     * </ul>
-     *
-     * @param rawReference the full reference (e.g. "/some/path/something#other")
-     * @return the properly typed {@link ResourceReference} matching the use cases
-     */
-    private ResourceReference computeResourceReference(String rawReference)
-    {
-        ResourceReference reference;
-
-        // Do we have a valid URL?
-        Matcher matcher = URL_SCHEME_PATTERN.matcher(rawReference);
-        if (matcher.lookingAt()) {
-            // We have UC1
-            reference = new ResourceReference(rawReference, ResourceType.URL);
-        } else if (rawReference.startsWith(MAILTO_PREFIX)) {
-            // We have UC2
-            reference = new ResourceReference(rawReference.substring(MAILTO_PREFIX.length()), ResourceType.MAILTO);
-        } else {
-            // We have UC3
-            reference = new ResourceReference(rawReference, ResourceType.PATH);
-        }
-
-        return reference;
-    }
-
     static boolean isMetaDataElement(WikiParameters parameters)
     {
         return parameters.getParameter(CLASS_ATTRIBUTE) != null
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml/src/main/java/org/xwiki/rendering/internal/parser/xhtml/wikimodel/XWikiCommentHandler.java+10 22 modified
    @@ -25,14 +25,13 @@
 
 import org.xwiki.component.manager.ComponentLookupException;
 import org.xwiki.component.manager.ComponentManager;
+import org.xwiki.rendering.block.XDOM;
+import org.xwiki.rendering.internal.parser.XDOMGeneratorListener;
 import org.xwiki.rendering.internal.parser.wikimodel.XWikiGeneratorListener;
 import org.xwiki.rendering.internal.parser.xhtml.XHTMLParser;
 import org.xwiki.rendering.listener.MetaData;
 import org.xwiki.rendering.listener.reference.ResourceReference;
 import org.xwiki.rendering.parser.ResourceReferenceParser;
-import org.xwiki.rendering.renderer.PrintRenderer;
-import org.xwiki.rendering.renderer.PrintRendererFactory;
-import org.xwiki.rendering.renderer.printer.DefaultWikiPrinter;
 import org.xwiki.rendering.renderer.reference.link.URILabelGenerator;
 import org.xwiki.rendering.wikimodel.WikiParameter;
 import org.xwiki.rendering.wikimodel.WikiParameters;
@@ -62,8 +61,6 @@ public class XWikiCommentHandler extends CommentHandler implements XWikiWikiMode
 {
     private XHTMLParser parser;
 
-    private PrintRendererFactory xwikiSyntaxPrintRendererFactory;
-
     private ComponentManager componentManager;
 
     private ResourceReferenceParser xhtmlMarkerResourceReferenceParser;
@@ -80,12 +77,10 @@ public class XWikiCommentHandler extends CommentHandler implements XWikiWikiMode
      *       http://code.google.com/p/wikimodel/issues/detail?id=87
      */
     public XWikiCommentHandler(ComponentManager componentManager, XHTMLParser parser,
-        PrintRendererFactory xwikiSyntaxPrintRendererFactory, 
         ResourceReferenceParser xhtmlMarkerResourceReferenceParser)
     {
         this.componentManager = componentManager;
         this.parser = parser;
-        this.xwikiSyntaxPrintRendererFactory = xwikiSyntaxPrintRendererFactory;
         this.xhtmlMarkerResourceReferenceParser = xhtmlMarkerResourceReferenceParser;
     }
 
@@ -214,22 +209,15 @@ private void handleLinkCommentStart(String content, TagStack stack)
         // originally appears in the parsed source) and handle it specially in DefaultXWikiGeneratorListener, with the
         // parser passed as the first parameter in the DefaultXWikiGeneratorListener constructor.
         // Since we cannot get this label as it originally appeared in the HTML source ( we are doing a SAX-like
-        // parsing), we should render the XDOM as HTML to get an HTML label.
-        // Since any syntax would do it, as long as this renderer matches the corresponding
-        // DefaultXWikiGeneratorListener
-        // parser, we use an xwiki 2.1 renderer for it is less complex (no context needed to render xwiki 2.1, no url
-        // resolution needed, no reference validity tests).
+        // parsing), we directly parse it and instead pass the resulting XDOM via the XWikiWikiReference class.
         // see DefaultXWikiGeneratorListener#DefaultXWikiGeneratorListener(Parser, ResourceReferenceParser, ImageParser)
         // see WikiModelXHTMLParser#getLinkLabelParser()
         // see http://code.google.com/p/wikimodel/issues/detail?id=87
         // TODO: remove this workaround when wiki syntax in link labels will be supported by wikimodel
-        DefaultWikiPrinter printer = new DefaultWikiPrinter();
-
-        PrintRenderer linkLabelRenderer = this.xwikiSyntaxPrintRendererFactory.createRenderer(printer);
-        // Make sure to flush whatever the renderer implementation
-        linkLabelRenderer.beginDocument(MetaData.EMPTY);
+        XDOMGeneratorListener linkLabelListener = new XDOMGeneratorListener();
+        linkLabelListener.beginDocument(MetaData.EMPTY);
 
-        XWikiGeneratorListener xwikiListener = this.parser.createXWikiGeneratorListener(linkLabelRenderer, null);
+        XWikiGeneratorListener xwikiListener = this.parser.createXWikiGeneratorListener(linkLabelListener, null);
 
         stack.pushStackParameter(LINK_LISTENER, xwikiListener);
 
@@ -244,7 +232,7 @@ private void handleLinkCommentStop(TagStack stack)
     {
         XWikiGeneratorListener xwikiListener =
             (XWikiGeneratorListener) stack.popStackParameter(LINK_LISTENER);
-        PrintRenderer linkLabelRenderer = (PrintRenderer) xwikiListener.getListener();
+        XDOMGeneratorListener linkLabelRenderer = (XDOMGeneratorListener) xwikiListener.getListener();
 
         // Make sure to flush whatever the renderer implementation
         linkLabelRenderer.endDocument(MetaData.EMPTY);
@@ -253,15 +241,15 @@ private void handleLinkCommentStop(TagStack stack)
 
         ResourceReference linkReference = this.xhtmlMarkerResourceReferenceParser.parse(this.commentContentStack.pop());
         WikiParameters linkParams = WikiParameters.EMPTY;
-        String label = null;
+        XDOM label = null;
         if (!isFreeStandingLink) {
-            label = linkLabelRenderer.getPrinter().toString();
+            label = linkLabelRenderer.getXDOM();
 
             // Add the Link reference parameters to the link parameters.
             linkParams = (WikiParameters) stack.getStackParameter(LINK_PARAMETERS);
         }
 
-        WikiReference wikiReference = new XWikiWikiReference(linkReference, label, linkParams, isFreeStandingLink);
+        XWikiWikiReference wikiReference = new XWikiWikiReference(linkReference, label, linkParams, isFreeStandingLink);
         stack.getScannerContext().onReference(wikiReference);
 
         stack.popStackParameter(IS_IN_LINK);
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml/src/main/java/org/xwiki/rendering/internal/parser/xhtml/wikimodel/XWikiReferenceTagHandler.java+60 18 modified
    @@ -20,16 +20,18 @@
 package org.xwiki.rendering.internal.parser.xhtml.wikimodel;
 
 import java.util.Collections;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
+import org.xwiki.rendering.block.XDOM;
+import org.xwiki.rendering.internal.parser.XDOMGeneratorListener;
 import org.xwiki.rendering.internal.parser.wikimodel.DefaultXWikiGeneratorListener;
 import org.xwiki.rendering.internal.parser.wikimodel.WikiModelStreamParser;
 import org.xwiki.rendering.internal.parser.wikimodel.XWikiGeneratorListener;
-import org.xwiki.rendering.renderer.PrintRenderer;
-import org.xwiki.rendering.renderer.PrintRendererFactory;
-import org.xwiki.rendering.renderer.printer.DefaultWikiPrinter;
+import org.xwiki.rendering.listener.reference.ResourceReference;
+import org.xwiki.rendering.listener.reference.ResourceType;
 import org.xwiki.rendering.wikimodel.WikiParameter;
 import org.xwiki.rendering.wikimodel.WikiParameters;
-import org.xwiki.rendering.wikimodel.WikiReference;
 import org.xwiki.rendering.wikimodel.impl.WikiScannerContext;
 import org.xwiki.rendering.wikimodel.xhtml.handler.ReferenceTagHandler;
 import org.xwiki.rendering.wikimodel.xhtml.impl.TagContext;
@@ -44,19 +46,27 @@
  */
 public class XWikiReferenceTagHandler extends ReferenceTagHandler implements XWikiWikiModelHandler
 {
-    private WikiModelStreamParser parser;
+    /**
+     * URL matching pattern.
+     */
+    private static final Pattern URL_SCHEME_PATTERN = Pattern.compile("[a-zA-Z0-9+.-]*://");
 
-    private PrintRendererFactory xwikiSyntaxPrintRendererFactory;
+    /**
+     * Prefix for mailto-links.
+     */
+    private static final String MAILTO_PREFIX = "mailto:";
+
+    private WikiModelStreamParser parser;
 
     /**
-     * @since 2.2.5
+     * @param parser the XHTML parser, used for the label
+     * @since 14.10RC1
      * @todo Remove the need to pass a Parser when WikiModel implements support for wiki syntax in links. See
      *       http://code.google.com/p/wikimodel/issues/detail?id=87
      */
-    public XWikiReferenceTagHandler(WikiModelStreamParser parser, PrintRendererFactory xwikiSyntaxPrintRendererFactory)
+    public XWikiReferenceTagHandler(WikiModelStreamParser parser)
     {
         this.parser = parser;
-        this.xwikiSyntaxPrintRendererFactory = xwikiSyntaxPrintRendererFactory;
     }
 
     @Override
@@ -93,12 +103,8 @@ protected void begin(TagContext context)
             WikiParameter ref = context.getParams().getParameter("href");
 
             if (ref != null) {
-                DefaultWikiPrinter printer = new DefaultWikiPrinter();
-
-                PrintRenderer linkLabelRenderer = this.xwikiSyntaxPrintRendererFactory.createRenderer(printer);
-
                 XWikiGeneratorListener xwikiListener =
-                    this.parser.createXWikiGeneratorListener(linkLabelRenderer, null);
+                    this.parser.createXWikiGeneratorListener(new XDOMGeneratorListener(), null);
                 context.getTagStack().pushScannerContext(new WikiScannerContext(xwikiListener));
 
                 // Ensure we simulate a new document being parsed
@@ -142,17 +148,53 @@ protected void end(TagContext context)
                 WikiScannerContext scannerContext = context.getTagStack().popScannerContext();
 
                 XWikiGeneratorListener xwikiListener = (XWikiGeneratorListener) scannerContext.getfListener();
-                PrintRenderer linkLabelRenderer = (PrintRenderer) xwikiListener.getListener();
+                XDOMGeneratorListener linkLabelRenderer = (XDOMGeneratorListener) xwikiListener.getListener();
 
-                String label = linkLabelRenderer.getPrinter().toString();
+                XDOM label = linkLabelRenderer.getXDOM();
 
-                WikiReference reference =
-                    new WikiReference(ref.getValue(), label, removeMeaningfulParameters(parameters));
+                ResourceReference resourceReference = computeResourceReference(ref.getValue());
+
+                XWikiWikiReference reference =
+                    new XWikiWikiReference(resourceReference, label, removeMeaningfulParameters(parameters), false);
 
                 context.getScannerContext().onReference(reference);
             }
         } else {
             super.end(context);
         }
     }
+
+    /**
+     * Recognize the passed reference and figure out what type of link it should be:
+     * <ul>
+     *   <li>UC1: the reference points to a valid URL, we return a reference of type "url",
+     *       e.g. {@code http://server/path/reference#anchor}</li>
+     *   <li>UC2: the reference is a mailto: link, we return a reference of type "mailto",
+     *       e.g., {@code mailto:user@example.com}</li>
+     *   <li>UC3: the reference is not a valid URL, we return a reference of type "path",
+     *       e.g. {@code path/reference#anchor}</li>
+     * </ul>
+     *
+     * @param rawReference the full reference (e.g. "/some/path/something#other")
+     * @return the properly typed {@link ResourceReference} matching the use cases
+     */
+    private ResourceReference computeResourceReference(String rawReference)
+    {
+        ResourceReference reference;
+
+        // Do we have a valid URL?
+        Matcher matcher = URL_SCHEME_PATTERN.matcher(rawReference);
+        if (matcher.lookingAt()) {
+            // We have UC1
+            reference = new ResourceReference(rawReference, ResourceType.URL);
+        } else if (rawReference.startsWith(MAILTO_PREFIX)) {
+            // We have UC2
+            reference = new ResourceReference(rawReference.substring(MAILTO_PREFIX.length()), ResourceType.MAILTO);
+        } else {
+            // We have UC3
+            reference = new ResourceReference(rawReference, ResourceType.PATH);
+        }
+
+        return reference;
+    }
 }
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml/src/main/java/org/xwiki/rendering/internal/parser/xhtml/wikimodel/XWikiWikiReference.java+26 2 modified
    @@ -21,6 +21,7 @@
 
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.xwiki.rendering.block.XDOM;
 import org.xwiki.rendering.listener.reference.ResourceReference;
 import org.xwiki.rendering.wikimodel.WikiParameters;
 import org.xwiki.rendering.wikimodel.WikiReference;
@@ -38,12 +39,33 @@ public class XWikiWikiReference extends WikiReference
 
     private boolean freeStanding;
 
-    public XWikiWikiReference(ResourceReference reference, String label, WikiParameters linkParameters,
+    private final XDOM labelXDOM;
+
+    /**
+     * Construct a new wiki reference.
+     *
+     * @param reference the reference the link points to
+     * @param label the already parsed label content
+     * @param linkParameters the parameters of the link
+     * @param freeStanding if the link is freestanding
+     * @since 14.10RC1
+     */
+    public XWikiWikiReference(ResourceReference reference, XDOM label, WikiParameters linkParameters,
         boolean freeStanding)
     {
-        super(reference.getReference(), label, linkParameters);
+        super(reference.getReference(), null, linkParameters);
         this.reference = reference;
         this.freeStanding = freeStanding;
+        this.labelXDOM = label;
+    }
+
+    /**
+     * @return the parsed label's XDOM
+     * @since 14.10RC1
+     */
+    public XDOM getLabelXDOM()
+    {
+        return this.labelXDOM;
     }
 
     public boolean isFreeStanding()
@@ -75,6 +97,7 @@ public boolean equals(Object obj)
         builder.appendSuper(super.equals(obj));
         builder.append(this.reference, ((XWikiWikiReference) obj).reference);
         builder.append(this.freeStanding, ((XWikiWikiReference) obj).freeStanding);
+        builder.append(this.labelXDOM, ((XWikiWikiReference) obj).labelXDOM);
 
         return builder.isEquals();
     }
@@ -87,6 +110,7 @@ public int hashCode()
         builder.appendSuper(super.hashCode());
         builder.append(reference);
         builder.append(freeStanding);
+        builder.append(this.labelXDOM);
 
         return builder.toHashCode();
     }
  • xwiki-rendering-syntaxes/xwiki-rendering-syntax-xhtml/src/main/java/org/xwiki/rendering/internal/parser/xhtml/XHTMLParser.java+4 20 modified
    @@ -47,13 +47,11 @@
 import org.xwiki.rendering.parser.ParseException;
 import org.xwiki.rendering.parser.ResourceReferenceParser;
 import org.xwiki.rendering.parser.StreamParser;
-import org.xwiki.rendering.renderer.PrintRendererFactory;
 import org.xwiki.rendering.syntax.Syntax;
 import org.xwiki.rendering.util.IdGenerator;
 import org.xwiki.rendering.wikimodel.IWikiParser;
 import org.xwiki.rendering.wikimodel.xhtml.XhtmlParser;
 import org.xwiki.rendering.wikimodel.xhtml.handler.TagHandler;
-import org.xwiki.rendering.wikimodel.xhtml.impl.TagStack;
 import org.xwiki.xml.XMLReaderFactory;
 
 import static org.xwiki.rendering.internal.xhtml.XHTML10SyntaxProvider.XHTML_1_0;
@@ -69,20 +67,6 @@
 @Singleton
 public class XHTMLParser extends AbstractWikiModelParser
 {
-    /**
-     * The parser used for the link label parsing. For (x)html parsing, this will be an xwiki 2.0 parser, since it's
-     * more convenient to pass link labels in xwiki syntax. See referred resource for more details.
-     *
-     * @see XWikiCommentHandler#handleLinkCommentStop(TagStack)
-     */
-    @Inject
-    @Named("xdom+xml/current")
-    private StreamParser xmlParser;
-
-    @Inject
-    @Named("xdom+xml/current")
-    private PrintRendererFactory xmlRenderer;
-
     /**
      * @see #getLinkReferenceParser()
      */
@@ -127,7 +111,7 @@ public Syntax getSyntax()
     @Override
     public StreamParser getLinkLabelParser()
     {
-        return this.xmlParser;
+        return null;
     }
 
     @Override
@@ -142,7 +126,7 @@ public IWikiParser createWikiModelParser() throws ParseException
         handlers.put("h4", handler);
         handlers.put("h5", handler);
         handlers.put("h6", handler);
-        handlers.put("a", new XWikiReferenceTagHandler(this, this.xmlRenderer));
+        handlers.put("a", new XWikiReferenceTagHandler(this));
         handlers.put("img", new XWikiImageTagHandler());
         handlers.put("span", new XWikiSpanTagHandler(this.componentManager, this));
         // Change the class value indicating that the division is an embedded document. We do this in order to be
@@ -153,8 +137,8 @@ public IWikiParser createWikiModelParser() throws ParseException
 
         XhtmlParser parser = new XhtmlParser();
         parser.setExtraHandlers(handlers);
-        parser.setCommentHandler(new XWikiCommentHandler(this.componentManager, this,
-            this.xmlRenderer, this.xhtmlMarkerResourceReferenceParser));
+        parser.setCommentHandler(
+            new XWikiCommentHandler(this.componentManager, this, this.xhtmlMarkerResourceReferenceParser));
 
         // Construct our own XML filter chain since we want to use our own Comment filter.
         try {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.