Page MenuHomePhabricator
Create Task
Maniphest T134054

VisualEditor adds "&quote" inside the quotes for unquoted attribute values
Closed, DeclinedPublic
Actions

Description

See https://pt.wikipedia.org/w/index.php?diff=45478968 where the user attempted to add class "sortable" to a table:
*Old: {| class="wikitable plainrowheaders" style=width:100%"
*New: {| class="wikitable sortable plainrowheaders" style="width:100%""

Event Timeline

He7d3r created this task.Apr 30 2016, 1:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 30 2016, 1:20 PM
Esanders closed this task as Declined.Apr 30 2016, 3:52 PM
Esanders subscribed.

That is correct. The previous version had an unbalanced quote, so the style attribute was equal to:

width:100%"

Wrapping this in quotes you need to escape the double quote. While to a a double quote isn't a sensible thing in this context, to know for sure that it should be stripped you'd need to know that style attributes should only contain CSS selectors, and then "clean up" the CSS rules by removing unparsed garbage.

But sensibly there's only so much we can do with invalid inputs.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL