Page MenuHomePhabricator
Create Task
Maniphest T136700

Raw HTML in Special:ProtectedPages
Closed, InvalidPublic
Actions

Description

pagesize message is raw HTML. Check if other ones are too

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT2212 Some MediaWiki: messages not safe in HTML (tracking)
 InvalidNoneT136700 Raw HTML in Special:ProtectedPages

Event Timeline

TTO created this task.Jun 1 2016, 1:05 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJun 1 2016, 1:05 PM
TTO triaged this task as Low priority.Jun 1 2016, 1:06 PM
TTO added a parent task: T2212: Some MediaWiki: messages not safe in HTML (tracking).Jun 1 2016, 1:08 PM
Florian subscribed.Jun 6 2016, 6:21 PM

I only found one usage of pagesize:

Xml::label( $this->msg( 'pagesize' )->text(), 'wpsize' )

https://github.com/wikimedia/mediawiki/blob/master/includes/specials/SpecialProtectedpages.php#L205
And as far as I can see, Xml::label escapes the contents of $label with htmlspecialchars() :/ Are there any other usages or things I don't see?

Florian moved this task from To triage to SpecialPage system on the MediaWiki-Special-pages board.Jun 6 2016, 6:27 PM
Florian added a comment.Jun 30 2016, 6:02 PM

@TTO Do I miss something? The task looks like invalid for me :/

TTO added a comment.Jun 30 2016, 11:41 PM

I'll look later today to see if I can figure out what I was talking about :)

TTO closed this task as Invalid.Jul 1 2016, 2:45 AM

No idea what I was talking about. Clearly it works correctly.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL