Closed Bug 467018 Opened 17 years ago Closed 15 years ago

"URL" gets converted to "ur<x>l"

Categories

(support.mozilla.org :: Knowledge Base Software, task)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: cilias, Unassigned)

References

(
URL
)

Details

(Keywords: regression, Whiteboard: workaround see comment #4)

1. Go to <http://support.mozilla.com/en-US/kb/Error+opening+Internet+shortcut+or+local+HTML+file>. (It's in the staging area, so you need to log in.) 2. Edit the article, replacing instances of ur<x>l with URL. 3. Save the edit. Result: ur<x>l is back.
Blocks: 398633
To give more information, it's because the url is being followed by :HyperText if you remove the : it displays fine.
Hi Lucy, In this page http://support.mozilla.com/it/kb/Impostazioni+di+Firefox although I don't have any ":", I still see ur<x>l
Ok, really easy quick fix: replace url with ur~tc~ ~/tc~l.
No longer blocks: 398633
(In reply to comment #3) > Hi Lucy, > > In this page > > http://support.mozilla.com/it/kb/Impostazioni+di+Firefox > > although I don't have any ":", I still see ur<x>l I checked the history, and the only instance of ur<x>l was in fact "dei proxy (ur<x>l):"
Blocks: 398633
ok, but it is after the ")". Does it count anyway? :-P Thanks for the quickfix, though.
it does, I'm not sure how many characters away it has to be before it doesn't happen, or maybe it's not characters away but there has to be another letter or another word. I can test it out later if someone doesn't beat me to it.
I read somewhere that this problem can be solved with an update of TikiWiki platform. If you google a bit, I'm sure you'll stumble upon this.
This is only triggered when the word url (or blink, alert, or expression) are used on the same line as non-alphanumeric characters before and after the word. These include { and ., which are often used in tikiwiki markup. Since script and style tags are already blocked, having these words blocked at all seems unnecessary. I haven't looked at the security bugs that prompted the upgrade in the XSS sanitizer; we should make sure we aren't regressing any known script insertion bugs when changing the words or regexes used here.
CCing Laura, re comment 9.
Blocks: 469180
if everyone uses the workaround exactly as written, we can easily find the broken pages to fix them back when this bug is fixed.
Whiteboard: workaround see comment #4
Target Milestone: --- → 1.2
Assignee: nobody → laura
The patch in 497109 will fix this.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
No longer blocks: 469180
Verified duplicate.
Status: RESOLVED → VERIFIED
No longer blocks: 398633
Reopening. Bug 497109 was marked as wontfix, so we need something specifically for this problem.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Target Milestone: 1.2 → Future
Blocks: 469180
Assignee: laura → nobody
More specifically, it doesn't actually look like the solution proposed in bug 497109 will fix this.
Fixed by Kitsune.
Status: REOPENED → RESOLVED
Closed: 16 years ago15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.