Last modified: 2010-05-15 15:42:52 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T9623, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 7623 - MediaWiki:Sidebar can render invalid HTML IDs
MediaWiki:Sidebar can render invalid HTML IDs
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
Parser (Other open bugs)
1.8.x
All All
: Normal trivial with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 5993 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-18 14:18 UTC by Mitch Waters
Modified: 2010-05-15 15:42 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Proposed patch using preg_replace to get rid of the offending characters in the ID of elements generated by entries in MediaWiki:Sidebar (1.03 KB, patch)
2006-10-19 01:14 UTC, Mitch Waters 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Mitch Waters 2006-10-18 14:18:07 UTC 
When changing the Table of Contents by editing the MediaWiki:Sidebar page,
entries with spaces or some special characters causes the rendered HTML ID to be
invalid. The MediaWiki software is great about rendering valid HTML but this
could easily be overlooked as it only is a problem whith certain edits to the
Sidebar.

The following example will produce the error:
* developer tools
** Developer's Corner|Developer's Corner

The htmlspecialchars function does nothing about the space or the "'" (single
quote), both of which are invalid.

From w3.org:
ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by
any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons
(":"), and periods (".") (see: http://www.w3.org/TR/html4/types.html#h-6.2).

The following skins have this problem:
Monobook
Chick
MySkin
Simple
Comment 1 Dan Li 2006-10-18 23:06:40 UTC 
Creating something like MediaWiki:Developerscorner with text "Developer's
Corner" and then saying "** developerscorner|Developer's Corner" or "**
developerscorner|developerscorner" will do the trick.

But maybe invalid chars should still be stripped anyways?
Comment 2 Mitch Waters 2006-10-19 01:11:49 UTC 
Yeah, I know how to get around it, and it's not breaking any functionality. It's
just anoying. I can post a patch, but I just basically put a
preg_replace("/[^a-z0-9-_:\.]/i", "_", $id) in where it was rendering it in
Monobook.php. This also takes care of it for the other three skins. I didn't
think that this was entirely correct at first, since it could potentially
violate the "must begin with a character" rule, but I then noticed that the skin
was putting a "p-" in the front of the ID anyway, which satisfies this rule.

Also, you mentioned the link (** Developer's Corner|Developer's Corner) being
invalid, but the header line (* developer tools) also creates an invalid link,
since it contains spaces.

I've gone ahead and added a patch... and changed the severity to trivial, since
that's really what this is.
Comment 3 Mitch Waters 2006-10-19 01:14:36 UTC 
Created attachment 2519 [details]
Proposed patch using preg_replace to get rid of the offending characters in the ID of elements generated by entries in MediaWiki:Sidebar
Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-10-19 02:30:04 UTC 
Fixed in r17103, using Sanitizer::escapeId instead of preg_replace.
Comment 5 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-11-26 19:57:16 UTC 
*** Bug 5993 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links