Last modified: 2010-05-15 15:42:52 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 7623 - MediaWiki:Sidebar can render invalid HTML IDs
MediaWiki:Sidebar can render invalid HTML IDs
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Parser (Other open bugs)
1.8.x
All All
: Normal trivial with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 5993 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-18 14:18 UTC by Mitch Waters
Modified: 2010-05-15 15:42 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Proposed patch using preg_replace to get rid of the offending characters in the ID of elements generated by entries in MediaWiki:Sidebar (1.03 KB, patch)
2006-10-19 01:14 UTC, Mitch Waters
Details

Description Mitch Waters 2006-10-18 14:18:07 UTC
When changing the Table of Contents by editing the MediaWiki:Sidebar page,
entries with spaces or some special characters causes the rendered HTML ID to be
invalid. The MediaWiki software is great about rendering valid HTML but this
could easily be overlooked as it only is a problem whith certain edits to the
Sidebar.

The following example will produce the error:
* developer tools
** Developer's Corner|Developer's Corner

The htmlspecialchars function does nothing about the space or the "'" (single
quote), both of which are invalid.

From w3.org:
ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by
any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons
(":"), and periods (".") (see: http://www.w3.org/TR/html4/types.html#h-6.2).

The following skins have this problem:
Monobook
Chick
MySkin
Simple
Comment 1 Dan Li 2006-10-18 23:06:40 UTC
Creating something like MediaWiki:Developerscorner with text "Developer's
Corner" and then saying "** developerscorner|Developer's Corner" or "**
developerscorner|developerscorner" will do the trick.

But maybe invalid chars should still be stripped anyways?
Comment 2 Mitch Waters 2006-10-19 01:11:49 UTC
Yeah, I know how to get around it, and it's not breaking any functionality. It's
just anoying. I can post a patch, but I just basically put a
preg_replace("/[^a-z0-9-_:\.]/i", "_", $id) in where it was rendering it in
Monobook.php. This also takes care of it for the other three skins. I didn't
think that this was entirely correct at first, since it could potentially
violate the "must begin with a character" rule, but I then noticed that the skin
was putting a "p-" in the front of the ID anyway, which satisfies this rule.

Also, you mentioned the link (** Developer's Corner|Developer's Corner) being
invalid, but the header line (* developer tools) also creates an invalid link,
since it contains spaces.

I've gone ahead and added a patch... and changed the severity to trivial, since
that's really what this is.
Comment 3 Mitch Waters 2006-10-19 01:14:36 UTC
Created attachment 2519 [details]
Proposed patch using preg_replace to get rid of the offending characters in the ID of elements generated by entries in MediaWiki:Sidebar
Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-10-19 02:30:04 UTC
Fixed in r17103, using Sanitizer::escapeId instead of preg_replace.
Comment 5 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-11-26 19:57:16 UTC
*** Bug 5993 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links