https://bugzilla.wikimedia.org/show_bug.cgi?id=57429
--- Comment #4 from Bartosz Dziewoński <[email protected]> --- Basically, ve.ce.MWExtensionNode.prototype.generateContents builds an XML element object for given tag name (for example 'math'), given attributes (none in this case) and given contents (for example 'a < b'), and then serializes it to a string to ensure that everything is correctly escaped. The problem is that MediaWiki XML-like tags don't expect their contents to be escaped. Serializing such a node generates "<math>a < b</math>", while wikitext expects "<math>a < b</math>". (An interesting corollary is that a MediaWiki XML-like tag 'foo' may not contain the string '</foo>' in any form nor encoded in any way, unless the code of the extension handling the tag specifically parses nested <nowiki/> tags or something. You can cheat – {{#tag:foo|</foo>}} – but then you still can't include the string '<foo></foo>' because it gets double-parsed.) (Fun fact: the above behavior is the reason why <source/> was renamed to <syntaxhighlight/> some years ago.) We should not escape the contents at all and instead do something clever if the input text contains '</foo>'. VE and wikitext are both designed to never disallow the user from doing stupid things, so I'm not sure what can be done if we don't just prevent the user from saving that. Maybe selectively HTML-escape /<\/\s*foo\s*>/ when closing the inspector? -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
