Page MenuHomePhabricator

Campaigns 'title' key lets you mess with page layout
Closed, ResolvedPublic

Description

Set the title to something like

"<big><big><big><big>test"

and you end up with

https://test.wikipedia.org/w/index.php?title=Campaign:wlm-pl&oldid=179050

(Sitenote, there's a bug where <'s get changed into random unicode characters. filing that separately.)


Version: unspecified
Severity: normal
URL: https://test.wikipedia.org/w/index.php?title=Campaign:wlm-pl&oldid=179050

Details

Reference
bz53822

Event Timeline

bzimport raised the priority of this task from to Normal.
bzimport set Reference to bz53822.
bzimport added a subscriber: Unknown Object (MLST).
Legoktm created this task.Sep 5 2013, 7:33 PM

Perhaps should pass things through tidy before outputting them. These are already passed through the wikitext parser, so should not cause XSS issues.

Or perhaps, if people want to fuck up the page, let them?

Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 6:38 PM
Restricted Application added subscribers: Steinsplitter, Matanya, Aklapper. · View Herald TranscriptSep 4 2015, 6:38 PM

Change 252688 had a related patch set uploaded (by Bartosz Dziewoński):
UploadWizardCampaign: Enable tidy when parsing

https://gerrit.wikimedia.org/r/252688

matmarex claimed this task.Nov 12 2015, 3:17 PM

Change 252688 merged by jenkins-bot:
UploadWizardCampaign: Enable tidy when parsing

https://gerrit.wikimedia.org/r/252688

matmarex closed this task as Resolved.Nov 13 2015, 3:35 PM