Sqid-generated links in descriptions broken by escaping #128
Assignees
Labels
Comments
mkroetzsch
added
bug
|
Yes, but escaping works differently for the main description. The problem seems to be that the property's description is escaped twice. |
|
Why twice? The problematic cases just show the HTML source code, which is what you would get when escaping the SQID-generated markup once. It seems one would merely have to do the escaping before inserting the (safe) markup. |
|
Yes, it turns out you were right, escaping was applied after inserting the links instead of before. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The recent XSS fix has broken SQID's ability to add some hyperlinks to descriptions. For example see
https://tools.wmflabs.org/sqid/#/view?id=Q6581097
This shows correct links in the main description below the header, but broken links in the description of "female" on the page. It would be good if this could be fixed or at least disabled to make the markup disappear, but one might also wonder why it works in the main description (are we correctly escaping there after all?).
The text was updated successfully, but these errors were encountered: