Page MenuHomePhabricator
Create Task
Maniphest T407000

Wikitext badly escaped on wishes page
Open, In Progress, MediumPublicBUG REPORT
Actions

Description

https://meta.wikimedia.org/wiki/Community_Wishlist/W309 shows up on https://meta.wikimedia.org/wiki/Community_Wishlist/Wishes as "Make subreferencing work with inline refs and {{reflist}} "

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Ensure titles are sanitized for display and storagemediawiki/extensions/CommunityRequestsmaster+160 -10
Customize query in gerrit

Related Objects

Event Timeline

Pppery created this task.Fri, Oct 10, 4:07 PM
Restricted Application added a project: Community-Tech. · View Herald TranscriptFri, Oct 10, 4:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Vishnu_mishra claimed this task.Fri, Oct 10, 5:09 PM
Aklapper updated the task description. (Show Details)Fri, Oct 10, 5:14 PM
MusikAnimal subscribed.Sat, Oct 11, 5:47 PM

@Vishnu_mishra Are you planning on working on this? You most certainly are welcome to, but I wanted to note the overlap with T406998. I believe we need to render wish titles as HTML to fix T407004: MinT translation does not translate the entity title nor status. We will need to do some escaping to prevent i.e. a wish called <script>alert('I steal yo cookies!')</script> but HTML entities and the markup we introduce around the title will get rendered.

So I think this task, T406998 and T407004 all have the same solution.

MusikAnimal triaged this task as Medium priority.Sat, Oct 11, 5:48 PM
MusikAnimal moved this task from Backlog to General on the MediaWiki-extensions-CommunityRequests board.
MusikAnimal reopened this task as Open.Thu, Oct 23, 10:39 PM
MusikAnimal closed this task as a duplicate of T407961: <span> visible in translations where the title has not been translated.

Grr, sorry! Not technically a duplicate, though the fix will be similar.

MusikAnimal removed Vishnu_mishra as the assignee of this task.Thu, Oct 23, 10:41 PM
MusikAnimal added a subscriber: Vishnu_mishra.

I am going to unassign @Vishnu_mishra however, as we have not heard back from them.

MusikAnimal mentioned this in T407961: <span> visible in translations where the title has not been translated.Thu, Oct 23, 10:41 PM
Nardog subscribed.Fri, Oct 24, 2:33 AM
MusikAnimal moved this task from General to Entity index pages on the MediaWiki-extensions-CommunityRequests board.Sun, Nov 2, 7:11 PM
MusikAnimal changed the subtype of this task from "Task" to "Bug Report".
gerritbot added a comment.Mon, Nov 3, 2:53 AM

Change #1200744 had a related patch set uploaded (by MusikAnimal; author: MusikAnimal):

[mediawiki/extensions/CommunityRequests@master] Ensure titles are HTML-safe for display, and sanitized in storage

https://gerrit.wikimedia.org/r/1200744

gerritbot added a project: Patch-For-Review.Mon, Nov 3, 2:53 AM
MusikAnimal changed the task status from Open to In Progress.Mon, Nov 3, 8:13 PM
MusikAnimal claimed this task.
MusikAnimal edited projects, added Community-Tech (Sea Lion Squad); removed Community-Tech.Mon, Nov 3, 10:09 PM
MusikAnimal moved this task from Backlog - groomed to Feedback and Review on the Community-Tech (Sea Lion Squad) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits