Page MenuHomePhabricator

Uncaught “URIError: malformed URI sequence” on en.wiktionary (fixed in jquery.cookie >= 1.4.0?)
Open, LowPublic

Description

For a few weeks, JS has been broken for me on en.wiktionary (e.g. no edit toolbar, charinsert, etc.) because of an uncaught “URIError: malformed URI sequence” exception in jquery.cookie.js.

The problem seems to be that the English Wiktionary stores the state of their auto-collapsing templates in a cookie (via MediaWiki:Gadget-legacy.js, I believe). Since the introduction of the dynamic “§” heading anchors to MediaWiki (at T18691), the code probably captured the heading title including this “§” character. And when I clicked on the “expand all” link, the gadget stored the setting to cookie as Visibility=%3B%A7declension%3B, which includes the “§” character escaped as %A7 in some Latin-1 or whatnot instead of UTF-8 (which would be %C2%A7), which causes decodeURIComponent in decoded(s) in jquery.cookie.js to die.

The “§” anchors were reverted for now, that’s fine. And the English Wiktionary should improve their cookie handling to use encodeURIComponent instead of escape. (I wrote to Grease Pit there.) However, such an error is going to occur again. Shouldn’t MediaWiki be more tolerant/resistant to whatever gets stored in a cookie? (Especially because the problem is hard to find and fix.) It seems to me jquery.cookie does that correctly since v1.4.0, see the changelog, however, we still keep v1.3.1 – see rMW23a4285be: “We should eventually upgrade to v1.4.1, but that has a breaking change.”

See also T74509, T72097.

Event Timeline

Mormegil raised the priority of this task from to Needs Triage.
Mormegil updated the task description. (Show Details)
Mormegil added a subscriber: Mormegil.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2015, 10:46 AM
Aklapper renamed this task from Uncaught “URIError: malformed URI sequence” on en.wiktionary to Uncaught “URIError: malformed URI sequence” on en.wiktionary (fixed in jquery.cookie >= 1.4.0?).Mar 20 2015, 10:37 AM
Aklapper triaged this task as Low priority.
Aklapper set Security to None.