Lines 170-175, you have raw html for all of the HtmlTableCellBuilders, when it's clearly not needed.
Except for $sourceUrl (since Linker::makeExternalLink is safe for the way you're using it), for each line, the escaping needs to be clear.
Lines 170-175, you have raw html for all of the HtmlTableCellBuilders, when it's clearly not needed.
Except for $sourceUrl (since Linker::makeExternalLink is safe for the way you're using it), for each line, the escaping needs to be clear.
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Lydia_Pintscher | T99351 Review and deploy Wikibase-Quality on wikidata.org | |||
Resolved | Lydia_Pintscher | T99354 Review and deploy Wikibase-Quality-Constraints on wikidata.org | |||
Invalid | None | T103817 [Epic] version 2 of the quality extensions | |||
Declined | None | T99357 [Story] Review and deploy Wikibase-Quality-External-Validation on wikidata.org | |||
Declined | None | T99358 [Task] Security review of Wikibase-Quality-External-Validation branch master | |||
Resolved | • csteipp | T103633 Ex:WikibaseQualityExternalValidation - SpecialExternalDbs escape or don't use raw cells |
Change 220431 had a related patch set uploaded (by Soeren.oldag):
Corrected escaping in SpecialExternalDbs (T103633).
Change 220430 had a related patch set uploaded (by Soeren.oldag):
Corrected escaping in SpecialExternalDbs (T103633).
Html is also needed for $license, since the corresponding item is linked using the EntityIdHtmlLinkFormatter.
Change 220430 merged by Dominic.sauer:
Corrected escaping in SpecialExternalDbs (T103633).
Change 220431 merged by Soeren.oldag:
Corrected escaping in SpecialExternalDbs (T103633).