Escape title attribute in wiki links


Knowledge Base Software
8 years ago
7 years ago


(Reporter: zzxc, Unassigned)


Firefox Tracking Flags

(Not tracked)




8 years ago
Simone pointed out that the article at contains junk HTML under step #5.  Looking at the page source, the title="" attribute of the wiki link contains the first sentence of the article, including unescaped HTML.  The link as appears in the page is:

<a title=" Third-party cookies are cookies that are set by one site, but can be read by another site. For example, the site <a class="wiki"  href="http://site1.tld">http://site1.tld</a> might set a cookie that can be read by <a class="wiki"  href="http://site2.tld.">http://site2.tld.</a>   Some adver" href='tiki-index.php?page=Disabling+third+party+cookies' class='wiki'>Disabling third party cookies</a>

To fix this problem:
1) Bare URLs in articles should not be converted to links when generating the title attribute
2) The entire string should be escaped for XML before being inserted as an attribute, to prevent this from breaking in other cases
I'm still a bit confused about how this happens when comparing wiki syntax with output. But I just did a quick check, so maybe I should take a closer look?


8 years ago
Duplicate of this bug: 520634


8 years ago
Duplicate of this bug: 520927

Comment 4

8 years ago
After we fix this, I've changed the wiki links to external links for these
pages as a workaround.
* Blocking cookies
* Cookies
* Enabling and disabling cookies
* Options window - Privacy panel
* Websites say cookies are blocked

Comment 5

8 years ago
Never mind comment 4; it was simpler to put ~tc~ tags to break up the non-link URLs in the Third Party Cookies article.

Comment 6

8 years ago
My edit to (removing www from the example) seems to have fixed the problem in articles like that link there.
I have a feeling that this is related to bug 500974.
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.