Nick Jenkins wrote:
---------------------------------------------------------
{| WIDTH=[[image:ftp://~
{| ALIGN='''~~~</math>
{| BGCOLOR=<span style="font-weight: bold;">
---------------------------------------------------------
Which will give this HTML output:
---------------------------------------------------------
<table width="[[image:<a" class="external free"
title="ftp://~">
<table align="<b><!--LINK">
<table bgcolor="<span">
---------------------------------------------------------
This is thanks to the wacky multi-pass parser. As a quick hack-around:
--- includes/Sanitizer.php.prev 2006-03-30 23:50:58.000000000 -0800
+++ includes/Sanitizer.php 2006-03-30 23:48:59.000000000 -0800
@@ -577,6 +577,9 @@
# Templates and links may be expanded in later parsing,
# creating invalid or dangerous output. Suppress this.
$value = strtr( $value, array(
+ '<' => '<', // This should never happen,
+ '>' => '>', // we've received invalid input
+ '"' => '"', // which should have been escaped.
'{' => '{',
'[' => '[',
"''" => '''',
If SourceForge's CVS were working, this would be committed by now. (Thanks
SourceForge!)
-- brion vibber (brion @
pobox.com)