[MediaWiki-commits] [Gerrit] mediawiki...RevisionSlider[master]: Do not escape quotes and double quotes in user names

Tue, 26 Jul 2016 01:28:46 -0700 

WMDE-leszek has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/301075

Change subject: Do not escape quotes and double quotes in user names
......................................................................

Do not escape quotes and double quotes in user names

Quotes and double quotes are allowed as part of a user name/page title.
Other things escaped by previously used mw.html.escape, ie. <, >, &
are not allowed in a user name any way. But just in case, to stick with
current preventive behaviour, this strips those three characters
if they somehow happen to appear in the user name returned by API.

Bug: T141171
Change-Id: I08dd09dcc94823461d7e9a8b116c088c4e8ee8d5
---
M modules/ext.RevisionSlider.RevisionListView.js
1 file changed, 10 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/RevisionSlider 
refs/changes/75/301075/1

diff --git a/modules/ext.RevisionSlider.RevisionListView.js 
b/modules/ext.RevisionSlider.RevisionListView.js
index fa2408d..cab1831 100644
--- a/modules/ext.RevisionSlider.RevisionListView.js
+++ b/modules/ext.RevisionSlider.RevisionListView.js
@@ -157,7 +157,7 @@
                 * @return {string}
                 */
                getUserPage: function ( user ) {
-                       return ( mw.util.isIPAddress( user, false ) ? 
'Special:Contributions/' : 'User:' ) + mw.html.escape( user );
+                       return ( mw.util.isIPAddress( user, false ) ? 
'Special:Contributions/' : 'User:' ) + this.stripInvalidCharacters( user );
                },
 
                /**
@@ -172,11 +172,19 @@
                        }
 
                        return $( '<bdi>' ).append( $( '<p>' ).append(
-                               mw.message( 'revisionslider-label-username', 
mw.html.escape( userString ), this.getUserPage( userString ) ).parseDom()
+                               mw.message( 'revisionslider-label-username', 
this.stripInvalidCharacters( userString ), this.getUserPage( userString ) 
).parseDom()
                        ) );
                },
 
                /**
+                * @param {string} s
+                * @return {string}
+                */
+               stripInvalidCharacters: function ( s ) {
+                       return s.replace( /[<>&]/g, '' );
+               },
+
+               /**
                 * Generates the HTML for the comment label
                 *
                 * @param {Revision} rev

-- 
To view, visit https://gerrit.wikimedia.org/r/301075
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I08dd09dcc94823461d7e9a8b116c088c4e8ee8d5
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/RevisionSlider
Gerrit-Branch: master
Gerrit-Owner: WMDE-leszek <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to