On 01/22/2013 07:52 PM, Paul Selitskas wrote: > Filed a bug report: <https://bugzilla.wikimedia.org/show_bug.cgi?id=44262>. > > > On Wed, Jan 23, 2013 at 1:34 AM, Matthew Flaschen > <mflasc...@wikimedia.org>wrote: > >> On 01/22/2013 05:24 PM, Paul Selitskas wrote: >>> It will just strip the whole attribute if there is a quote in. That is >> why >>> we have {{urlencode:{{{1}}}|WIKI}} (or any other mode). >> >> URL-encoding is not the same as HTML-encoding for an attribute. I'm not >> sure if we have a parser function for the latter, though.
Thanks. I CCed Chris Steipp, the security guy, since this was one of the topics he covered in a recent documentation sprint. Matt Flaschen _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l