Page MenuHomePhabricator

'<' and '>' in attributes doubly encoded in queries
Closed, ResolvedPublic

Description

When querying an attribute which contains a '<' or '>', these chars are doubly encoded, so the user
sees &lt; (or &gt;). You can see it for example on
http://ontoworld.org/index.php?title=Sandbox&oldid=23005, right at the bottom of the page.


Version: unspecified
Severity: normal
URL: http://ontoworld.org/index.php?title=Sandbox&oldid=23005

Details

Reference
bz7955

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:24 PM
bzimport set Reference to bz7955.
bzimport added a subscriber: Unknown Object (MLST).

I think this bug is an instance of a general problem: SMW escapes all "&" in a
string. In cases where they belong to an HTML escape, this is not correct. The
assumption here is that we want to store the text as printed, not as typed, i.e.
we want "&" and "&amp;" to be stored as the same thing. So SMW would need to
check whether or not some & is part of a (supported) HTML escape. Maybe we can
just use some of PHP's HTML escaping to prevent this from happening.

The encoding now has been fixed using MW's Sanitizer.