Page MenuHomePhabricator
Create Task
Maniphest T13496

Sysops can put raw HTML in some MediaWiki:-messages
Closed, InvalidPublic
Actions

Description

Author: webboy

Description:
Sysops can put raw HTML in some MediaWiki:-messages (as of r26209):

*1movedto2
*1movedto2_redir
*aboutsite
*april
*august
*blanknamespace
*currentrevisionlink
*deletedarticle
*diff
*difference
*disclaimers
*february
*group-bureaucrat-member
*group-sysop-member
*hide
*isredirect
*istemplate
*january
*july
*june
*lastmodifiedat
*linklistsub
*linkstoimage
*march
*may_long
*modifiedarticleprotection
*nextn
*nextrevision
*nolinkstoimage
*overwroteimage
*powersearchtext
*previousrevision
*prevn
*privacy
*protectedarticle
*protect-summary-cascade
*rclinks
*redirectedfrom
*retrievedfrom
*returnto
*rev-deleted-user
*revdelete-logentry
*revertmove
*revision-info
*revision-info-current
*revision-nav
*september
*show
*size-kilobytes
*subject
*summary
*undeletedarticle
*unprotectedarticle
*unusedimagestext
*uploadedimage
*viewprevnext
*viewsourcefor
*whatlinkshere-barrow

and all the accesskey-* messages (this list is probably not complete).

Version: 1.12.x
Severity: normal

Details

Reference
bz11496

Event Timeline

bzimport raised the priority of this task from to High.Nov 21 2014, 9:56 PM
bzimport added a project: MediaWiki-Internationalization.
bzimport set Reference to bz11496.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Sep 28 2007, 9:43 PM
Danny_B added a comment.Sep 28 2007, 10:01 PM

Why should this be bug? Why they shouldn't?

brion added a comment.Sep 29 2007, 8:11 PM

Because in general messages should be plaintext or wikitext, with predictable and safe behavior.

Raw HTML messages are deprecated, and we plan to migrate out the remaining ones and do not recommend adding new ones.

There should already be a bug entry for this, though, that it should be duped to.

bzimport added a comment.Sep 30 2007, 2:42 PM

webboy wrote:

(In reply to comment #2)

There should already be a bug entry for this, though, that it should be duped
to.

I couldn't find another bug entry, but related bugs are:

  • bug 212: Many MediaWiki: messages not safe in XHTML
  • bug 1023: Language files are not XHTML-compliant.
  • bug 3208: "Wikify" remaining plain MediaWiki messages
  • bug 8521: Show HTML support status in MediaWiki messages
Nikerabbit added a comment.Jul 12 2008, 8:41 PM

List probably outdated, remaining messages are changed slowly when noticed, except in few high visibility places like edit summary. In addition, almost a dupe to 212, closing.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL