Last modified: 2014-09-28 14:04:43 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T56153, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 54153 - HTML stuff are not always escaped in action=history view
HTML stuff are not always escaped in action=history view
Status: REOPENED
Product: MediaWiki extensions
Classification: Unclassified
WikidataRepo (Other open bugs)
unspecified
All All
: Low normal (vote)
: ---
Assigned To: Wikidata bugs
u=dev c=frontend p=0
: need-volunteer
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-15 16:12 UTC by Liangent
Modified: 2014-09-28 14:04 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Liangent 2013-09-15 16:12:46 UTC 
See https://test.wikidata.org/w/index.php?title=Q142&action=history

Not XSS: only ampersands are affected.
Comment 1 Liangent 2013-09-15 16:13:21 UTC 
Including: (1) <h1> title, (2) <title> title, (3) edit summary.
Comment 2 Liangent 2013-09-15 16:17:24 UTC 
Non-executable HTML tags are also affected in (1) and (2) above, see:

https://test.wikidata.org/w/index.php?title=Q143&action=history

--

Thanks to the standard sanitizer applied to page titles, executable tags are filtered out:

https://test.wikidata.org/w/index.php?title=Q144&action=history
Comment 3 Bene* 2014-09-28 08:59:37 UTC 
I think this has been fixed in the mean time.
Comment 4 Liangent 2014-09-28 13:52:02 UTC 
(In reply to Bene* from comment #3)
> I think this has been fixed in the mean time.

No. Have a look at the linked page: edit summary of the first revision says "Created a new item: 1 & 2" but the heading is "Revision history of "1 &amp; 2" (Q142)". Obviously they don't match: either one side overescaped the label once, or another side failed to do an escape.
Comment 5 Liangent 2014-09-28 13:53:54 UTC 
Hmm I should try a new item as existing summaries are not dynamically generated, but the result is the same: https://test.wikidata.org/w/index.php?title=Q785&action=history
Comment 6 Bene* 2014-09-28 14:04:43 UTC 
Oh, I was referring to your comment #1

> Including: (1) <h1> title, (2) <title> title, (3) edit summary.

Only the edit summary still has issues which I didn't notice.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links