Page MenuHomePhabricator

Ex:WikidataQualityConstraints - EntityId::getSerialization() is not guaranteed to be safe for HTML
Closed, ResolvedPublic

Description

In SpecialConstraintReport::buildResultHeader(), $entityId->getSerialization() needs to be escaped before adding to html

Event Timeline

csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo and 4 others.

See my comment on the gerrit patch

Change 216405 had a related patch set uploaded (by Soeren.oldag):
Serialization of entity ids is now escaped correctly.

https://gerrit.wikimedia.org/r/216405

Change 216405 merged by Jonaskeutel:
Serialization of entity ids is now escaped correctly.

https://gerrit.wikimedia.org/r/216405

Fix looks correct