Just so everyone knows, Brion made some modifications to the patch to make it exhibit the desired behavior, as well as to use some utility functions from the Sanitizer package, and checked it into HEAD last night.
Bug message from Brion: http://bugzilla.wikimedia.org/show_bug.cgi?id=684#c18
Diff of Parser.php from CVS: http://cvs.sourceforge.net/viewcvs.py/wikipedia/phase3/includes/Parser.php?r1=1.446&r2=1.447
Thanks Brion!
- David
David Friedland wrote:
Ed W wrote:
Do you mean this bug: http://bugzilla.wikimedia.org/show_bug.cgi?id=684
What's wrong with the code as is? Looks great to me?
Please advise what's wrong and I will fix it up - seems great for my purpose
Thanks
Ed W
I wrote this patch. I stopped working on it after a cold reception--my contributions weren't met with much enthusiasm so I stopped pursuing trying to make them.
Brion wants it changed to not allow ' and " as escapes for ' and " inside quoted strings and to not allow whitespace between the opening < and the name of the tag.
Also, Ævar notes that the patch doesn't work on the current HEAD, as the code the patch applies to has probably changed since the patch was written, so it needs some cleaning up.
Hope that helps. Good luck.
- David Friedland