Page MenuHomePhabricator

Disallow tilde character in signatures
Closed, ResolvedPublic


Author: robchur

If a user's signature contains ~~~, ~~~~ or ~~~~~, then these will not be
expanded to their signature during editing. However, this inserts raw tilde
characters into text which causes the next user's signature to be inserted upon
their next edit.

Not only is this leading to some messy templates being created; having arbitrary
text plonked in the middle of a user's signature could lead to interesting
problems in the future. In addition, a few users on En. have raised that it
could be used for "fraudulent" purposes.

I've long maintained that we should be restrictive about what goes into
signatures. I'll be posting a patch which disallows the tilde character in
signatures shortly.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:00 PM
bzimport set Reference to bz4371.

stanley wrote:

perhaps it would be better if the patch is for automatically replace the "~"
character in user signature with unicode ~ rather then disallow it.

The tilde isn't the biggest problem per se, you could add for example
"{{subst:fraud template}} ~~~~" in yuor signature, then the next editor will
expand that template and add it's signature after.

robchur wrote:

Kill substitutions while we're at it. No good reason for it.

robchur wrote:

Fixed in CVS HEAD.