Page MenuHomePhabricator
Create Task
Maniphest T23847

summary field does not escape HTML entities
Open, LowPublicFeature
Actions

Description

Author: gangleri

Description:
Please see also http://test.wikipedia.org/w/index.php?diff=81619&oldid=81618 at tje life site.

Dear friends; If you add a ‎ in the page source you would need to document this using &amp:lrm; . I mean the behaviour has changed but it does not make much sense.

affected user interface: everything showing the summary field (recent changes, wathchlist, related changes, diff and also while editing Show changes and Show preview.

Best regards Reinhardt

Version: unspecified
Severity: enhancement
URL: http://www.wikieducator.org/index.php?diff=next&oldid=490647

Details

Reference
bz21847

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 10:52 PM
bzimport added a project: MediaWiki-Page-editing.
bzimport set Reference to bz21847.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Dec 14 2009, 1:31 PM
Mr.Z-man added a comment.Dec 15 2009, 1:06 AM

HTML entities are not escaped intentionally in summaries due to bug 13815

Meno25 unsubscribed.Jan 17 2017, 4:42 PM
Kizule moved this task from Backlog to Edit summary on the MediaWiki-Page-editing board.Aug 31 2019, 6:17 PM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:01 AM
Aklapper removed a subscriber: wikibugs-l-list.
matmarex closed this task as Resolved.Apr 6 2025, 9:17 PM
matmarex subscribed.

This seems to have been fixed, probably many years ago.

image.png (118×426 px, 6 KB)

A_smart_kitten subscribed.EditedApr 7 2025, 3:50 AM

@matmarex By coincidence I happened to also discover this behaviour myself the other day - I’m not sure what (if anything) might have happened to the previous edit summaries, but I can still reproduce this myself: edit using   as an edit summary, Quarry query for the raw edit summary.

Screenshot for posterity:

screenshot.png (206×726 px, 33 KB)
A_smart_kitten attached a referenced file: F58999427: screenshot.png. (Show Details)Apr 7 2025, 3:55 AM
matmarex reopened this task as Open.Apr 7 2025, 6:28 PM

You're right, I misunderstood this bug report. I thought that edit summary with "‎" was supposed to demonstrate the bug, but I guess it actually demonstrates a workaround? The initial bug report still confuses me.

Anyway, HTML entities are explicitly allowed (not escaped) by the code here: https://gerrit.wikimedia.org/g/mediawiki/core/+/7cd0f4e62adc27c9c7a070bc89a88054795a923b/includes/CommentFormatter/CommentParser.php#178

…which refers to T15815, already mentioned above (as "bug 13815").

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits