Page MenuHomePhabricator

Flow front-end: escape topic title's HTML in h1 firstHeader when viewing isolated topic
Closed, ResolvedPublic

Description

Topic title is text, so HTML entities in it simply appear.

But when you view a standalone topic (from a permalink, or when you open a topic action action in a new tab, or presumably when you choose a topic action with no-JavaScript), Flow puts the un-escaped topic title in the <h1 class="firstHeading"> and in the <title> tag.

Compare the URL above with https://test.wikipedia.org/wiki/Talk:Sandbox?workflow=rxpkw658tqvrvnsd


Version: master
Severity: major
URL: http://ee-flow.wmflabs.org/wiki/Talk:Sandbox?workflow=rvjdx5ai0quoj0qo

Details

Reference
bz67401

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:26 AM
bzimport set Reference to bz67401.
bzimport added a subscriber: Unknown Object (MLST).
Spage created this task.Jul 2 2014, 1:01 AM

Change 143552 had a related patch set uploaded by Spage:
Escape topic title HTML shown in h1 firstHeading

https://gerrit.wikimedia.org/r/143552

Change 143552 merged by jenkins-bot:
Escape topic title HTML shown in h1 firstHeading

https://gerrit.wikimedia.org/r/143552

Fixed in 1.24wmf13

Quiddity removed a subscriber: Maryana.Dec 19 2014, 1:34 AM