Page MenuHomePhabricator

Allow use of templates and variables in <html> tags
Closed, DuplicatePublic

Description

Author: Suiwiki

Description:
I make a template on Wikimediafoundation.org for Quarto's navigation. This might
be needs each version (NL-1, NL-2 to be continue...) and each langage (now 5 or
6 but it will be 140!?) Now it is made each of each as
http://wikimediafoundation.org/wiki/Wikimedia:Newsletter_templetes/200409

And, see http://wikimediafoundation.org/wiki/Template:NL-0409-header
I make this one put up good for editors and servers, ease to make index for new
language, cashed template effcts server responce, and less space on HDD.

and put this
http://wikimediafoundation.org/wiki/User:Suisui/Sandbox#Template#NL
for test.

It looks good but the source, {{{Lang}}} does not rendaring as variable. like

<a href="/wiki/Wikimedia_Quarto/0409/{{{Lang}}}-1">

Is it a bug or spec?


Version: unspecified
Severity: enhancement

Details

Reference
bz591

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 6:57 PM
bzimport set Reference to bz591.
bzimport added a subscriber: Unknown Object (MLST).

This is according to current spec; <html> sections are raw HTML.

Changed to enhancement. Not sure if this would be a good idea or not; from a
security perspective I really don't like it. as it opens more points where
malicious code could be inserted, particularly given the possibility that we
might one day allow raw html on only some pages on a semi-open wiki (bug 261).

This is currently handled with nasty hacks like this:

...<a href="/wiki/Wikimedia_Quarto/0409/</html>{{{Lang}}}<html>-1">...

Under the circumstances, it probably makes sense to allow some sensible expansion. :P

Deciding how best to handle things like escaping might be worth considering though.

Duping up because the other bug has _way_ more comments + patches, etc.

  • This bug has been marked as a duplicate of bug 2257 ***