Last modified: 2010-05-15 15:42:52 UTC
When changing the Table of Contents by editing the MediaWiki:Sidebar page,
entries with spaces or some special characters causes the rendered HTML ID to be
invalid. The MediaWiki software is great about rendering valid HTML but this
could easily be overlooked as it only is a problem whith certain edits to the
The following example will produce the error:
* developer tools
** Developer's Corner|Developer's Corner
The htmlspecialchars function does nothing about the space or the "'" (single
quote), both of which are invalid.
ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by
any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons
(":"), and periods (".") (see: http://www.w3.org/TR/html4/types.html#h-6.2).
The following skins have this problem:
Creating something like MediaWiki:Developerscorner with text "Developer's
Corner" and then saying "** developerscorner|Developer's Corner" or "**
developerscorner|developerscorner" will do the trick.
But maybe invalid chars should still be stripped anyways?
Yeah, I know how to get around it, and it's not breaking any functionality. It's
just anoying. I can post a patch, but I just basically put a
preg_replace("/[^a-z0-9-_:\.]/i", "_", $id) in where it was rendering it in
Monobook.php. This also takes care of it for the other three skins. I didn't
think that this was entirely correct at first, since it could potentially
violate the "must begin with a character" rule, but I then noticed that the skin
was putting a "p-" in the front of the ID anyway, which satisfies this rule.
Also, you mentioned the link (** Developer's Corner|Developer's Corner) being
invalid, but the header line (* developer tools) also creates an invalid link,
since it contains spaces.
I've gone ahead and added a patch... and changed the severity to trivial, since
that's really what this is.
Created attachment 2519 [details]
Proposed patch using preg_replace to get rid of the offending characters in the ID of elements generated by entries in MediaWiki:Sidebar
Fixed in r17103, using Sanitizer::escapeId instead of preg_replace.
*** Bug 5993 has been marked as a duplicate of this bug. ***