Last modified: 2013-04-22 16:16:50 UTC
The xmldoublequote parameter (described in bug 11401) is supposed to double-escape everything in the XML output. However, in MediaWiki 1.16 and newer, specifying it seems to have no effect. This is easily reproduced using the provided URL. The expected output is that of MediaWiki 1.15 and older. Actual: <page title="&<>" invalid="" /> Expected: <page title="&amp;&lt;&gt;" invalid="" />
This has been broken since r55641. Since it hasn't worked for about 3.5 years, is there really any point to keeping this feature or should we just kill it? Bug 11401 mentions some sort of xpath bug; does anyone have details on this?
PleaseStand: Any opinion on comment 1?
The XPath flaw is that there is no way to escape a string that contains both an apostrophe and a double quote. However, it is possible to work around the flaw using the concat function (to concatenate single- and double- quoted strings together). http://www.w3.org/TR/xpath/#exprlex http://stackoverflow.com/questions/6937525/escaping-xpath-literal-with-python The flaw has been corrected in XPath 2.0. http://www.w3.org/TR/xpath20/#id-literals It doesn't seem clear that the confusingly named "xmldoublequote" feature (I thought it meant XML attribute values should never be single quoted) was ever necessary.
Related URL: https://gerrit.wikimedia.org/r/58261 (Gerrit Change I9a4d8c13b78ffd2634d03c8c8b4bbeff69f4bc08)