Page MenuHomePhabricator

OutputPage.php getHeadLinks() prevents meta tag content attribute values with double-quotes
Closed, InvalidPublic

Description

Author: zigger

Description:
In OutputPage.php, getHeadLinks() generates meta tag content attribute values
wrapped in double-quotes, which breaks when the value contains double-quotes due
to extensions such as that attached to bug 982.

Patches to follow.


Version: unspecified
Severity: normal

Details

Reference
bz998

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 7:06 PM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz998.
bzimport added a subscriber: Unknown Object (MLST).

zigger wrote:

Patch for REL1_3

Attached:

zigger wrote:

Patch for HEAD & REL1_4

Attached:

This patch doesn't make much sense. Instead, make sure you're appropriately escaping material (eg using
htmlspecialchars()) so that double-quotes become "

zigger wrote:

Thanks. The patch seemed to make sense in regard to PICS meta tags, probably
due to the age of the specs, e.g.
http://www.w3c.org/TR/REC-PICS-labels#Embedding and a similar assertion at
http://www.icra.org/faq/professional/#elements

However, " works with IE6-SP1 ok. I'll update the bug 982 attachment in a
few hours.