Page MenuHomePhabricator

OutputPage.php getHeadLinks() prevents meta tag content attribute values with double-quotes
Closed, InvalidPublic


Author: zigger

In OutputPage.php, getHeadLinks() generates meta tag content attribute values
wrapped in double-quotes, which breaks when the value contains double-quotes due
to extensions such as that attached to bug 982.

Patches to follow.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 7:06 PM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz998.
bzimport added a subscriber: Unknown Object (MLST).

zigger wrote:

Patch for REL1_3


zigger wrote:

Patch for HEAD & REL1_4


This patch doesn't make much sense. Instead, make sure you're appropriately escaping material (eg using
htmlspecialchars()) so that double-quotes become "

zigger wrote:

Thanks. The patch seemed to make sense in regard to PICS meta tags, probably
due to the age of the specs, e.g. and a similar assertion at

However, " works with IE6-SP1 ok. I'll update the bug 982 attachment in a
few hours.