Page MenuHomePhabricator
Create Task
Maniphest T69401

Flow front-end: escape topic title's HTML in h1 firstHeader when viewing isolated topic
Closed, ResolvedPublic
Actions

Description

Topic title is text, so HTML entities in it simply appear.

But when you view a standalone topic (from a permalink, or when you open a topic action action in a new tab, or presumably when you choose a topic action with no-JavaScript), Flow puts the un-escaped topic title in the <h1 class="firstHeading"> and in the <title> tag.

Compare the URL above with https://test.wikipedia.org/wiki/Talk:Sandbox?workflow=rxpkw658tqvrvnsd

Version: master
Severity: major
URL: http://ee-flow.wmflabs.org/wiki/Talk:Sandbox?workflow=rvjdx5ai0quoj0qo

Details

Reference
bz67401

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:26 AM
bzimport added a project: StructuredDiscussions.
bzimport set Reference to bz67401.
bzimport added a subscriber: Unknown Object (MLST).
Spage created this task.Jul 2 2014, 1:01 AM
gerritbot added a comment.Jul 2 2014, 2:29 AM

Change 143552 had a related patch set uploaded by Spage:
Escape topic title HTML shown in h1 firstHeading

https://gerrit.wikimedia.org/r/143552

DannyH added a comment.Jul 2 2014, 11:58 PM

Added to backlog: https://trello.com/c/0k2bX2qe

gerritbot added a comment.Jul 8 2014, 4:38 PM

Change 143552 merged by jenkins-bot:
Escape topic title HTML shown in h1 firstHeading

https://gerrit.wikimedia.org/r/143552

Spage added a comment.Jul 9 2014, 10:25 PM

Fixed in 1.24wmf13

Quiddity removed a subscriber: Maryana.Dec 19 2014, 1:34 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL