Page MenuHomePhabricator
Create Task
Maniphest T44560

SMW messages aren't displaying any links
Closed, DeclinedPublic
Actions

Description

Author: pierre612004

Description:
This is what the message looks like when visitors see it. (It disappears if one is logged in.)

Originally posted on May 11, 2012 at <a href="http://www.referata.com/wiki/User_talk:Yaron_Koren">Yaron Koren's talk page</a> on <a href="http://www.referata.com">Referata</a>.

I've already customised a handful of system messages on <a href="http://sevton.referata.com">WikiSevton</a> relating to the SMW system. But one of them, <a href="http://sevton.referata.com/wiki/MediaWiki:Anoneditwarning">Anoneditwarning</a>, is now irking me the most. Though it displays correctly on edit forms like <a href="http://sevton.referata.com/w/index.php?title=Diane&action=edit">this one</a> (when viewed by visitors), the wikilinks and external links will refuse to do so in <a href="http://sevton.referata.com/wiki/Special:FormEdit/Character/Diane">this semantic form</a>.

Though I've tried getting around it with several parser tweaks, and looking at the page's source code with IE's F12 tools, I don't understand why all that raw code must taint the page. I really don't know why. Can you give an explanation (and hopefully a solution)?

(Version: MW 1.19.2; SMW 1.8 beta 2. Browsers: IE/Chrome [and possibly several others as well].)

Version: REL1_19-branch
Severity: trivial
OS: Windows 7
Platform: PC
URL: http://sevton.referata.com/wiki/MediaWiki:Anoneditwarning

Attached:

SMW_-_AnonEditWarning_Raw.png (82×1 px, 14 KB)

Details

Reference
bz42560

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:06 AM
bzimport added projects: Browser-Support-Google-Chrome, MW-extension-1.19-version, MediaWiki-extensions-Semantic-MediaWiki.
bzimport set Reference to bz42560.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Nov 30 2012, 12:22 AM
bzimport added a comment.Dec 2 2012, 9:27 PM

pierre612004 wrote:

This is how it appears on normal edit forms.

Attached:

SMW_-_AnonEditWarning_Normal.png (92×1 px, 13 KB)

bzimport added a comment.Dec 22 2012, 7:32 AM

pierre612004 wrote:

A modified version of the standard message using regular HTML formatting. Note the <a> links, which are NOT allowed in MediaWiki.

Attached:

SMW_-_AnonEditWarning_V2_Raw.png (93×1 px, 18 KB)

bzimport added a comment.Sep 4 2013, 12:07 AM

pierre612004 wrote:

This also happens with MediaWiki:Smw_types_docu on Special:Types.

Attached:

Dixwell_Dossier_-_SMW_types_docu_Glitch.png (432×1 px, 20 KB)

Unknown Object (User) added a comment.Sep 4 2013, 2:15 AM

Messages are generally sanitized to shield against possible XSS attacks. Those messages seen on special pages need an appropriate escaping method to allow raw HTML being displayed as formatted text.

Adopting system messages (more specifically SMW messages) that inject raw HTML is in most cases not permitted [1] and will result in messages being displayed as "clear" string due to the sanitization process.

[1] https://github.com/wikimedia/mediawiki-extensions-SemanticMediaWiki/blob/master/includes/specials/SMW_SpecialTypes.php#L44

Aklapper edited projects, added MW-1.19-release; removed MW-extension-1.19-version.Dec 19 2014, 8:20 PM
Luke081515 removed a subscriber: wikibugs-l-list.Jan 28 2016, 6:10 PM
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptJan 28 2016, 6:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL