Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.

Bug 8795 - InputBox extension not producing valid XHTML


Summary:	InputBox extension not producing valid XHTML

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	InputBox (Other open bugs)
Version:	unspecified
Hardware:	Other other

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:	patch, patch-need-review

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-01-27 19:32 UTC by Jools Wills
Modified:	2007-02-02 18:56 UTC (History)
CC List:	0 users

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Patch for inputbox (4.32 KB, patch) 2007-01-27 19:32 UTC, Jools Wills	Details
Add an attachment (proposed patch, testcase, etc.)

Description Jools Wills 2007-01-27 19:32:15 UTC

The input box does not produce xhtml strict markup. Attached is a patch 
which removes the tables, stops mediawiki inserting <p></p> into the form 
and breaking validation and a conversion of the bgcolor="" to style="" and 
allowing styles to be passed into the extension.

I read on another bug that my style change could lead to a cross site 
javascript vulnerability?  But wouldn't this also be the case for bgcolor?

Anyway.. this patch works for me. Feel free to improve any potential 
problems

Comment 1 Jools Wills 2007-01-27 19:32:50 UTC

Created attachment 3148 [details]
Patch for inputbox

Comment 2 Brion Vibber 2007-02-02 18:37:30 UTC

MediaWiki does not use XHTML Strict, but Transitional.

Comment 3 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-02-02 18:52:22 UTC

Unquoted attributes aren't valid there, either (indeed, IIRC they aren't even valid in HTML 4 
except for numbers).  The rest of the patch is still INVALID, though.

By the way, the issue with allowing arbitrary style on elements is that IE will accept 
JavaScript in CSS, as I understand it.  It also allows offsite background-images, which we tend 
to frown on in MediaWiki.

Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2007-02-02 18:56:10 UTC

Should be valid XHTML Transitional as of r19729.

Note You need to log in before you can comment on or make changes to this bug.

Search

Personal tools

Navigation

Links

Contents Listing Alphabetical by Author:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Unknown Other

Contents Listing Alphabetical by Title:

# A B C D E F G H I J K L M N O P Q R S T U V W Y Z Other

Medical Encyclopedia

Browse by first letter of topic:

A-Ag	Ah-Ap	Aq-Az	B-Bk	Bl-Bz	C-Cg	Ch-Co
Cp-Cz	D-Di	Dj-Dz	E-Ep	Eq-Ez	F	G
H-Hf	Hg-Hz	I-In	Io-Iz	J	K	L-Ln
Lo-Lz	M-Mf	Mg-Mz	N	O	P-Pl	Pm-Pz
Q	R	S-Sh	Si-Sp	Sq-Sz	T-Tn	To-Tz
U	V	W	X	Y	Z	0-9