HomePhabricator

Fix unescaped HTML injected into conflict resolution interface

Authored by thiemowmde on Nov 28 2018, 1:01 PM.

Description

Fix unescaped HTML injected into conflict resolution interface

This was introduced via I6011fb1.

The contents of these two "reset" elements will be used when the
user clicks the reset (undo) button. The "diff" text is supposed to be
(well formed) HTML because it can contain yellow or blue diff coloring.
The user provided wikitext is already escaped in this situation.

But the $editorText contains unescaped wikitext.

When the wikitext contains valid HTML elements, these get lost in the
process, because jQuerys .text() method does not return the HTML source
for these.

When the wikitext contains unballanced HTML, it messes with the
TwocolConflict interface.

Bug: T195721
Bug: T210603
Change-Id: Ia8aa75fe5ea7af9fe6dd878a59fdf2af90926cf9

Details