Last modified: 2012-08-14 12:02:39 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 14226 - Allow <sup> and <sub> in {{DISPLAYTITLE:}}
Allow <sup> and <sub> in {{DISPLAYTITLE:}}
Status: RESOLVED DUPLICATE of bug 12998
Product: MediaWiki
Classification: Unclassified
Templates (Other open bugs)
All All
: Normal enhancement with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2008-05-22 16:09 UTC by Danny B.
Modified: 2012-08-14 12:02 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Quick patch, kind of fixes the problem but possibly introduces lots of fun XSS and not really tested (1.47 KB, patch)
2008-05-22 16:58 UTC, Aryeh Gregor (not reading bugmail, please e-mail directly)
Proposed patch v1 (6.55 KB, patch)
2008-10-12 00:53 UTC, rememberthedot

Description Danny B. 2008-05-22 16:09:26 UTC
Please allow <sup> and <sup> in {{DISPLAYTITLE:}} as it is enabled for TOC headers.

It is totally reasonable to show correct form of indexes and it doesn't break copy'n'paste.
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-05-22 16:58:28 UTC
Created attachment 4915 [details]
Quick patch, kind of fixes the problem but possibly introduces lots of fun XSS and not really tested

This makes the output of ParserOutput::getDisplayTitle() raw HTML, as is seemingly needed.  However,

1) This causes problems with the <title> of the page, which must be plain text in any event.


2) The patch puts through *all* titles (not just display titles) as raw HTML, which is obviously wrong!

3) Doesn't work for the edit page, or probably other places.

It seems like a better path would be to add a new variable mHtmlDisplayTitle or something, and use that for where raw HTML is acceptable, using the current one for <title>, as well as legacy uses.
Comment 2 rememberthedot 2008-10-12 00:53:24 UTC
Created attachment 5419 [details]
Proposed patch v1

Here is a preliminary patch that should help resolve the problem. It uses Sanitizer::removeHTMLtags, so it allows tags allowed in wikitext (like <sup> and <sub>) but not tags not allowed in wikitext (like <script>). This is very similar to what the English Wikipedia's JavaScript implementation already does (see [[MediaWiki:Common.js]]). I tested this patch on all skins and it appears to work OK.

Unlike the previous patch, this patch differentiates between the HTML title (what will go into <h1>) and the plain text title (what will go into <title>). This avoids problems with tags finding their way into <title> when <title> is not supposed to have any tags inside of it.

One of the limitations of this patch is that it doesn't process templates. It'd be nice if we could say {{DISPLAYTITLE:{{Unicode|unusual characters}}}}, including a template designed to improve browser compatibility with unusual characters. But this is a minor concern since I believe all the compatibility templates like this can be expressed as <span class="Unicode"> instead.

And of course, if nobody finds any major bugs with this patch, we could just implement it for now and worry about tweaking the code to be more permissive later.
Comment 3 Danny B. 2008-10-13 00:46:03 UTC
This is concrete special case of bug 12998. Please move the patch there and then mark this as duplicate.
Comment 4 rememberthedot 2008-10-13 23:36:56 UTC

*** This bug has been marked as a duplicate of bug 12998 ***

Note You need to log in before you can comment on or make changes to this bug.