On 01/22/2013 07:52 PM, Paul Selitskas wrote:
Filed a bug report: https://bugzilla.wikimedia.org/show_bug.cgi?id=44262.
On Wed, Jan 23, 2013 at 1:34 AM, Matthew Flaschen mflaschen@wikimedia.orgwrote:
On 01/22/2013 05:24 PM, Paul Selitskas wrote:
It will just strip the whole attribute if there is a quote in. That is
why
we have {{urlencode:{{{1}}}|WIKI}} (or any other mode).
URL-encoding is not the same as HTML-encoding for an attribute. I'm not sure if we have a parser function for the latter, though.
Thanks. I CCed Chris Steipp, the security guy, since this was one of the topics he covered in a recent documentation sprint.
Matt Flaschen