User "Nikerabbit" posted a comment on MediaWiki.r102049.
Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/102049#c25544
Commit summary:
followup 102038: finer-grained escaping
Comment:
It does:
<source lang=php>
php maintenance/eval.php
> echo Xml::tags( 'a', array( 'title' => '<script>alert("&foo")</script>'
> ), '<b>a</b>' );
<a
title="<script>alert("&amp;foo")</script>"><b>a</b></a>
</source>
_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
