While normally the "&" in a title is correctly escaped, in the case of signing in from such a page, the URL created contains a non-escaped "&". Example:
Note the non-escaped "_&_" at the end.
Version: 1.18.x
Severity: normal
While normally the "&" in a title is correctly escaped, in the case of signing in from such a page, the URL created contains a non-escaped "&". Example:
Note the non-escaped "_&_" at the end.
Version: 1.18.x
Severity: normal
I confirm, cannot reproduce it on r82189 any more. Someone seems to have fixed this "accidentially"...
Error is still present, reopening.
The duplicate bug 26604 describes it better than the description here.
The error requires the sequence:
1 being signed in on a page
3 on confirm page, go to the top right login box (not the login on the logout message itself, which does NOT contain a return-to)
the return-to in the login in the top right corner reveals already as a URL that the return-to parameter is now unescaped.
(In reply to comment #6)
Error is still present, reopening.
The duplicate bug 26604 describes it better than the description here.
The error requires the sequence:
1 being signed in on a page
- sign out
3 on confirm page, go to the top right login box (not the login on the logout
message itself, which does NOT contain a return-to)the return-to in the login in the top right corner reveals already as a URL
that the return-to parameter is now unescaped.
Have you tried actually clicking the link? Firefox hides the escaping for me, which is confusing, but does apply it.
(In reply to comment #7)
Have you tried actually clicking the link? Firefox hides the escaping for me,
which is confusing, but does apply it.
Whoops, spoke too soon. You're right, it's not escaped.
Now it's double-escaped. In HTML it becomes something like %25E7%2589%25B9%25E6%25AE%258A
(In reply to comment #10)
Now it's double-escaped. In HTML it becomes something like
%25E7%2589%25B9%25E6%25AE%258A
Please describe exactly in which action sequence you see that. It seems escaped in multiple places, and behave differently depending on the order of actions.
(In reply to comment #11)
(In reply to comment #10)
Now it's double-escaped. In HTML it becomes something like
%25E7%2589%25B9%25E6%25AE%258APlease describe exactly in which action sequence you see that. It seems escaped
in multiple places, and behave differently depending on the order of actions.
I pointed out the buggy logic in code review of r82232.
(In reply to comment #12)
I pointed out the buggy logic in code review of r82232.
Fixed in r86697. Apologies for the delay.