Page MenuHomePhabricator

XML formatter: get rid of broken xmldoublequote parameter
Closed, ResolvedPublic

Description

The xmldoublequote parameter (described in bug 11401) is supposed to double-escape everything in the XML output. However, in MediaWiki 1.16 and newer, specifying it seems to have no effect.

This is easily reproduced using the provided URL. The expected output is that of MediaWiki 1.15 and older.

Actual: <page title="&amp;&lt;&gt;" invalid="" />
Expected: <page title="&amp;amp;&amp;lt;&amp;gt;" invalid="" />


Version: 1.21.x
Severity: minor
URL: https://www.mediawiki.org/w/api.php?action=query&titles=%26%3C%3E&xmldoublequote

Details

Reference
bz46626

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 22 2014, 1:24 AM
bzimport added a project: MediaWiki-API.
bzimport set Reference to bz46626.

This has been broken since r55641. Since it hasn't worked for about 3.5 years, is there really any point to keeping this feature or should we just kill it?

Bug 11401 mentions some sort of xpath bug; does anyone have details on this?

PleaseStand: Any opinion on comment 1?

The XPath flaw is that there is no way to escape a string that contains both an apostrophe and a double quote. However, it is possible to work around the flaw using the concat function (to concatenate single- and double- quoted strings together).

http://www.w3.org/TR/xpath/#exprlex
http://stackoverflow.com/questions/6937525/escaping-xpath-literal-with-python

The flaw has been corrected in XPath 2.0.

http://www.w3.org/TR/xpath20/#id-literals

It doesn't seem clear that the confusingly named "xmldoublequote" feature (I thought it meant XML attribute values should never be single quoted) was ever necessary.

Related URL: https://gerrit.wikimedia.org/r/58261 (Gerrit Change I9a4d8c13b78ffd2634d03c8c8b4bbeff69f4bc08)