Page MenuHomePhabricator
Create Task
Maniphest T13144

Sanitizer blocks templates which contain non-validating HTML fragment.
Closed, ResolvedPublic
Actions

Description

Author: sacolcor

Description:
The sanitizer currently forces all pages to pass HTML validation individually. This causes it to erroneously escape HTML which, when transcluded, would culminate in a valid page.

For example, if {{ROW}} contains:
<tr><td>Stuff</td></tr>

And is transcluded as:

<table>{{ROW}}</table> The transcluded HTML will be escaped, instead of passed through. Ideal solution: Introduce a mechanism by which the sanitizer can be aware of the context in which it is intended to be transcluded, and validate it as though it were in that context. Easier workaround: When sanitizing a page in the Template: namespace, only check for well-formedness, rather than validity. -------------------------- **Version**: 1.10.x **Severity**: normal

Details

Reference
bz11144

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:54 PM
bzimport added a project: MediaWiki-Templates.
bzimport set Reference to bz11144.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Sep 1 2007, 1:56 AM
P.Copp added a comment.Nov 26 2009, 3:14 AM

This has been FIXED with the introduction of the new preprocessor.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL