Page MenuHomePhabricator

Ex:WikibaseQualityExternalValidation - SpecialExternalDbs escape or don't use raw cells
Closed, ResolvedPublic

Description

Lines 170-175, you have raw html for all of the HtmlTableCellBuilders, when it's clearly not needed.

Except for $sourceUrl (since Linker::makeExternalLink is safe for the way you're using it), for each line, the escaping needs to be clear.

Event Timeline

csteipp claimed this task.
csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added subscribers: JanZerebecki, Jonaskeutel, Tamslo and 5 others.

Change 220431 had a related patch set uploaded (by Soeren.oldag):
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220431

Change 220430 had a related patch set uploaded (by Soeren.oldag):
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220430

Html is also needed for $license, since the corresponding item is linked using the EntityIdHtmlLinkFormatter.

Change 220430 merged by Dominic.sauer:
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220430

soeren.oldag set Security to None.

Change 220431 merged by Soeren.oldag:
Corrected escaping in SpecialExternalDbs (T103633).

https://gerrit.wikimedia.org/r/220431