Closed Bug 520038 Opened 15 years ago Closed 13 years ago

Escape title attribute in wiki links

Categories

(support.mozilla.org :: Knowledge Base Software, task)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: zzxc, Unassigned)

References

Details

Simone pointed out that the article at https://support.mozilla.com/en-US/kb/Websites%20say%20cookies%20are%20blocked contains junk HTML under step #5.  Looking at the page source, the title="" attribute of the wiki link contains the first sentence of the article, including unescaped HTML.  The link as appears in the page is:

<a title=" Third-party cookies are cookies that are set by one site, but can be read by another site. For example, the site <a class="wiki"  href="http://site1.tld">http://site1.tld</a> might set a cookie that can be read by <a class="wiki"  href="http://site2.tld.">http://site2.tld.</a>   Some adver" href='tiki-index.php?page=Disabling+third+party+cookies' class='wiki'>Disabling third party cookies</a>

To fix this problem:
1) Bare URLs in articles should not be converted to links when generating the title attribute
2) The entire string should be escaped for XML before being inserted as an attribute, to prevent this from breaking in other cases
I'm still a bit confused about how this happens when comparing wiki syntax with output. But I just did a quick check, so maybe I should take a closer look?
After we fix this, I've changed the wiki links to external links for these
pages as a workaround.
* Blocking cookies
* Cookies
* Enabling and disabling cookies
* Options window - Privacy panel
* Websites say cookies are blocked
Never mind comment 4; it was simpler to put ~tc~ tags to break up the non-link URLs in the Third Party Cookies article.
My edit to http://support.mozilla.com/en-US/kb/Disabling+third+party+cookies (removing www from the example) seems to have fixed the problem in articles like http://support.mozilla.com/en-US/kb/Websites+say+cookies+are+blocked that link there.
I have a feeling that this is related to bug 500974.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.