Page MenuHomePhabricator

Ex:WikibaseQualityExternalValidation - SpecialExternalDbs escape or don't use raw cells
Closed, ResolvedPublic

Description

Lines 170-175, you have raw html for all of the HtmlTableCellBuilders, when it's clearly not needed.

Except for $sourceUrl (since Linker::makeExternalLink is safe for the way you're using it), for each line, the escaping needs to be clear.

Event Timeline

csteipp created this task.Jun 24 2015, 12:48 AM
csteipp claimed this task.
csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added subscribers: JanZerebecki, Jonaskeutel, Tamslo and 5 others.

Change 220431 had a related patch set uploaded (by Soeren.oldag):
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220431

Change 220430 had a related patch set uploaded (by Soeren.oldag):
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220430

soeren.oldag added a subscriber: soeren.oldag.EditedJun 24 2015, 9:36 AM

Html is also needed for $license, since the corresponding item is linked using the EntityIdHtmlLinkFormatter.

Change 220430 merged by Dominic.sauer:
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220430

soeren.oldag closed this task as Resolved.Jun 24 2015, 9:56 AM
soeren.oldag set Security to None.

Change 220431 merged by Soeren.oldag:
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220431

sbassett moved this task from Backlog to Done on the Security-Team board.Jun 11 2019, 7:19 PM