Michael.Keppler wrote:

In the HTML standard there is no such thing as a line break in alt-attributes of
image tags. By definition attribute values contain only space, but no line
breaks. Therefore any linebreak in the string shall be threatened like a space
by the parser. There is no way to force a line break, i.e. the character
sequence "a\nbreak" will be rendered as such and no good browser will replace
the "\n" by a newline.
As a consequence the function should replace all newlines by spaces before
outputting the JavaScript and the Romanians should remove their newlines from
those messages.

As a general rule the system shouldn't break based on user input. Newlines may
behave as spaces, *that's fine*. They won't hurt anything if the string literal
is formatted correctly, and the string literal *should* be formatted correctly.

Michael.Keppler wrote:

patch for HEAD

Attached patch for HEAD replaces linebreaks in the inserted sample and in the
image tip (ALT text) by spaces.

Attached:

Michael.Keppler wrote:

patch for REL14

attached patch for REL14 adds the same code like the HEAD patch

Attached:

The attached patches are wrong: they don't address the message that has the problem,
and removing the line breaks is not necessary. (The message with the breaks is used to
format a message alert box, not image alt text.)

Correct fix is addition and use of wfEscapeJsString() function, now checked in on
HEAD.

Michael.Keppler wrote:

The fix for this exact problem case by Brion is correct. But to avoid the same
JavaScript error with the image tip for the future, we should use
wfEscapeJsString() on the image tip too.

Somehow missed that one among the four other cases in that file and at least two
elsewhere. Fixed now.

• Bug 2445 has been marked as a duplicate of this bug. ***

• Bug 2465 has been marked as a duplicate of this bug. ***

• Bug 2997 has been marked as a duplicate of this bug. ***

• Bug 3088 has been marked as a duplicate of this bug. ***

• Bug 3389 has been marked as a duplicate of this bug. ***