Page MenuHomePhabricator
Create Task
Maniphest T67570

Flow: title editing exceptions: htmlParseStartTag, and htmlParseEntityRef
Closed, ResolvedPublic
Actions

Description

screenshot

Jay8g reports:

"&" in the topic title gives "The error message received was: Exception Caught: htmlParseEntityRef: no name" and refuse to post.

"<" or "<>" in the topic title (but not ">", "</>" or "<[anything]>", which post) give "The error message received was: Exception Caught: htmlParseStartTag: invalid element name" and refuse to post.

See screenshot for confirmation of the first.

Version: unspecified
Severity: normal
URL: https://www.mediawiki.org/w/index.php?title=Talk:Flow&workflow=ruwmgk680mrkz1z7
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=65143

Attached:

www.mediawiki.org_2014-05-20_18-17-55.png (767×802 px, 70 KB)

Details

Reference
bz65570

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 3:10 AM
bzimport added a project: StructuredDiscussions.
bzimport set Reference to bz65570.
bzimport added a subscriber: Unknown Object (MLST).
Quiddity created this task.May 21 2014, 1:21 AM
Spage added a comment.May 27 2014, 10:07 PM

The PHP exception happens in Parsoid/ReferenceExtractor.php's extractReferences() when it calls createDOM() to record references in the new version of the TopicListBlock. I guess the title content isn't escaped correctly. But Flow should probably not even attempt to record references for title text since nothing in a title is parsed!

To summarize titles in Fl, HTML tags in titles

  • Can cause the exception in this bug.
  • Incorrectly take effect while previewing (e.g. <em> and <br> cause italics and line breaks).
  • Turn into &amp; &lt; &gt; pairs when you edit them (bug 65143).

I think we want a Flow topic title to be an unparsed escaped string, so whatever you enter in it is shown "as is" and has no effect. Limited parsing of titles is an enhancement request.

Quiddity added a comment.May 28 2014, 8:19 PM
  • Bug 65759 has been marked as a duplicate of this bug. ***
gerritbot added a comment.May 30 2014, 12:45 AM

Change 136270 had a related patch set uploaded by Bsitu:
Should not try to parse reference from topic title

https://gerrit.wikimedia.org/r/136270

gerritbot added a comment.Jun 2 2014, 10:01 AM

Change 136270 merged by jenkins-bot:
Should not try to parse reference from topic title

https://gerrit.wikimedia.org/r/136270

Quiddity removed a subscriber: Maryana.Dec 19 2014, 1:36 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL