[Bug 33963] New: Missing escaping in search-as-you-type suggestions of Monobook skin

bugzilla-daemon Thu, 26 Jan 2012 04:05:22 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=33963


       Web browser: ---
             Bug #: 33963
           Summary: Missing escaping in search-as-you-type suggestions of
                    Monobook skin
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: Unprioritized
         Component: Javascript
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected], [email protected]
    Classification: Unclassified


Created attachment 9909
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=9909
Suggestion popup.

I have an alternate account named [User:Amalthea'"&lt] to test escaping issues
in tools.
Using Monobook skin, when I type [User:Amalthea'] into the search input field,
the search-as-you-type suggestion popup displays [User:Amalthea'"<].
I interpret this as my browser auto-correcting the broken entity [&lt] and
displaying it as [<], which in turn means that the ampersand is not escaped
properly when it's written into the suggestion popup.

Since page names are heavily sanitized I don't see a way that this can be
exploited, but it should be fixed nonetheless.
Vector skin is behaving correctly.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 33963] New: Missing escaping in search-as-you-type suggestions of Monobook skin

Reply via email to