See https://test.wikidata.org/w/index.php?title=Q142&action=history
Not XSS: only ampersands are affected.
Version: unspecified
Severity: normal
Whiteboard: u=dev c=frontend p=0
See https://test.wikidata.org/w/index.php?title=Q142&action=history
Not XSS: only ampersands are affected.
Version: unspecified
Severity: normal
Whiteboard: u=dev c=frontend p=0
Non-executable HTML tags are also affected in (1) and (2) above, see:
https://test.wikidata.org/w/index.php?title=Q143&action=history
Thanks to the standard sanitizer applied to page titles, executable tags are filtered out:
https://test.wikidata.org/w/index.php?title=Q144&action=history
(In reply to Bene* from comment #3)
I think this has been fixed in the mean time.
No. Have a look at the linked page: edit summary of the first revision says "Created a new item: 1 & 2" but the heading is "Revision history of "1 & 2" (Q142)". Obviously they don't match: either one side overescaped the label once, or another side failed to do an escape.
Hmm I should try a new item as existing summaries are not dynamically generated, but the result is the same: https://test.wikidata.org/w/index.php?title=Q785&action=history
Oh, I was referring to your comment #1
Including: (1) <h1> title, (2) <title> title, (3) edit summary.
Only the edit summary still has issues which I didn't notice.
Boldly closing as resolved since this appears to have been fixed at some point.
https://test.wikidata.org/w/index.php?title=Q142&action=history shows "1 & 2' in both places. Ditto https://test.wikidata.org/w/index.php?title=Q785&action=history
https://test.wikidata.org/w/index.php?title=Q143&action=history shows "1<b>2</b>" in both places and neither renders in bold
https://test.wikidata.org/w/index.php?title=Q144&action=history shows "1<script>alert(1)</script>" in both places.