Page MenuHomePhabricator

VisualEditor adds "&quote" inside the quotes for unquoted attribute values
Closed, DeclinedPublic

Description

See https://pt.wikipedia.org/w/index.php?diff=45478968 where the user attempted to add class "sortable" to a table:
*Old: {| class="wikitable plainrowheaders" style=width:100%"
*New: {| class="wikitable sortable plainrowheaders" style="width:100%""

Event Timeline

He7d3r created this task.Apr 30 2016, 1:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 30 2016, 1:20 PM
Esanders closed this task as Declined.Apr 30 2016, 3:52 PM
Esanders added a subscriber: Esanders.

That is correct. The previous version had an unbalanced quote, so the style attribute was equal to:

width:100%"

Wrapping this in quotes you need to escape the double quote. While to a a double quote isn't a sensible thing in this context, to know for sure that it should be stripped you'd need to know that style attributes should only contain CSS selectors, and then "clean up" the CSS rules by removing unparsed garbage.

But sensibly there's only so much we can do with invalid inputs.