Last modified: 2014-02-12 23:38:16 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 19063 - Pipe (|) in inputs leads to hiding and possibly deletion of content
Pipe (|) in inputs leads to hiding and possibly deletion of content
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
SemanticForms (Other open bugs)
All All
: Normal normal (vote)
: ---
Assigned To: Yaron Koren
Depends on:
  Show dependency treegraph
Reported: 2009-06-03 08:10 UTC by Markus Krötzsch
Modified: 2014-02-12 23:38 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Markus Krötzsch 2009-06-03 08:10:28 UTC
Using a | in a form input is currently problematic since | has a special meaning in templates. Doing this will put the page into a very bad state, and this cannot be recovered with "edit with form" since the | confuses SF as well. It is not possible to avoid this by clever template construction, since it already happens when parameter values are passed.

The problem can be avoided by replacing | with |.  The example URL shows this workaround -- see older versions for what it looks like without it. Doing this escape in general, however, would break intentional mark-up, e.g. when a user includes a link with an alternative display text in a form input. I suggest to either parse the user input with the MW parser to distinguish those cases, or to have some option "verbatim" that can be declared for an input field when defining a form: this option should make SF escape all special characters, thus preventing most HTML or MW markups, but preserving the original writing. This should be very useful for wikis where users are completely unaware of the underlying wiki.

Note that this solution could also be useful in the context of Bug 19062. Also note that it is not possible to have a parser function that does the escaping in the template, since the special characters often affect the way in which parser functions are actually interpreted, and since mark-up like <!-- will never get to aparser function.

Tested on FF 3.0.10, MW 1.14alpha,  SMW 1.5e-SVN, SF 1.6.

Note You need to log in before you can comment on or make changes to this bug.