Change Details

In traditional mode (`$wgExperimentalHtmlIds = false`) `Sanitizer::escapeId` generates ambiguous values: `Sanitizer::escapeId( '!', array( 'noninitial' ) )` and `Sanitizer::escapeId( '.21', array( 'noninitial' ) )` evaluates to `.21`. A heuristic decoding would generate relevant errors. For example the heading > == [[ https://tools.ietf.org/html/rfc1918 | 172.31.255.255 ]] == gets encoded to `id="172.31.255.255"` and a heuristic decoder would generate `1721%5%5`. It would be possible to generate nonambiguous values by encoding `.` with `.2E`. `Sanitizer::escapeId( '.21', array( 'noninitial' ) )` would evaluate to `.2E21`. Such a change would be easy to implement by adding ``` lang=php '.' => '%2E', ``` after line https://git.wikimedia.org/blob/mediawiki%2Fcore.git/37c4a72c052a4f270f48913149ef75d8009f999e/includes%2FSanitizer.php#L1145 But such a change is not backward compatible. Existing anchor links to headings can break.

In traditional mode (`$wgExperimentalHtmlIds = false`) `Sanitizer::escapeId` generates ambiguous values: `Sanitizer::escapeId( '!', [ 'noninitial' ] )` and `Sanitizer::escapeId( '.21', [ 'noninitial' ] )` evaluates to `.21`. A heuristic decoding would generate relevant errors. For example the heading > == [[ https://tools.ietf.org/html/rfc1918 | 172.31.255.255 ]] == gets encoded to `id="172.31.255.255"` and a heuristic decoder would generate `1721%5%5`. It would be possible to generate nonambiguous values by encoding `.` with `.2E`. `Sanitizer::escapeId( '.21', [ 'noninitial' ] )` would evaluate to `.2E21`. Such a change would be easy to implement by adding ``` lang=php '.' => '%2E', ``` after line https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/Sanitizer.php;d0a0838cb76b4cf20977c4aba5fe06877d8deb58$1205 But such a change is not backward compatible. Existing anchor links to headings can break.

In traditional mode (`$wgExperimentalHtmlIds = false`) `Sanitizer::escapeId` generates ambiguous values: `Sanitizer::escapeId( '!', array([ 'noninitial' )] )` and `Sanitizer::escapeId( '.21', array([ 'noninitial' )] )` evaluates to `.21`. A heuristic decoding would generate relevant errors. For example the heading > == [[ https://tools.ietf.org/html/rfc1918 | 172.31.255.255 ]] == gets encoded to `id="172.31.255.255"` and a heuristic decoder would generate `1721%5%5`. It would be possible to generate nonambiguous values by encoding `.` with `.2E`. `Sanitizer::escapeId( '.21', array([ 'noninitial' )] )` would evaluate to `.2E21`. Such a change would be easy to implement by adding ``` lang=php '.' => '%2E', ``` after line https://gitphabricator.wikimedia.org/blobsource/mediawiki%2Fcore.git/37c4a72c052a4f270f48913149ef75d8009f999e/includes%2FSanitizer.php#L1145/browse/master/includes/Sanitizer.php;d0a0838cb76b4cf20977c4aba5fe06877d8deb58$1205 But such a change is not backward compatible. Existing anchor links to headings can break.