HomePhabricator

Fix unescaped HTML injected into conflict resolution interface
da5b4930bccaUnpublished

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Fix unescaped HTML injected into conflict resolution interface

This was introduced via I6011fb1.

The contents of these two "reset" elements will be used when the
user clicks the reset (undo) button. The "diff" text is supposed to be
(well formed) HTML because it can contain yellow or blue diff coloring.
The user provided wikitext is already escaped in this situation.

But the $editorText contains unescaped wikitext.

When the wikitext contains valid HTML elements, these get lost in the
process, because jQuerys .text() method does not return the HTML source
for these.

When the wikitext contains unballanced HTML, it messes with the
TwocolConflict interface.

Bug: T195721
Bug: T210603
Change-Id: Ia8aa75fe5ea7af9fe6dd878a59fdf2af90926cf9

Details

Provenance
thiemowmdeAuthored on Nov 28 2018, 1:01 PM
Parents
rESCC06b3968d7b18: Localisation updates from https://translatewiki.net.
Branches
Unknown
Tags
Unknown
References
refs/changes/63/476263/1
ChangeId
Ia8aa75fe5ea7af9fe6dd878a59fdf2af90926cf9