r81156 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r81155‎ | r81156 | r81157 >
Date:19:54, 28 January 2011
Author:catrope
Status:ok
Tags:
Comment:
1.16wmf4: MFT r81155
Modified paths:
  • /branches/wmf/1.16wmf4/extensions/ProofreadPage/proofread.js (modified) (history)

Diff [purge]

Index: branches/wmf/1.16wmf4/extensions/ProofreadPage/proofread.js
@@ -151,23 +151,18 @@
152152 self.proofreadpage_username = "";
153153 }
154154
155 - //escape & character
156 - pageBody = pageBody.split("&").join("&")
157 - pageHeader = pageHeader.split("&").join("&")
158 - pageFooter = pageFooter.split("&").join("&")
159 -
160155 container.innerHTML = ''
161156 + '<div id="prp_header" style="display:none;">'
162157 + '<span style="color:gray;font-size:80%;line-height:100%;">'
163158 + escapeQuotesHTML(proofreadPageMessageHeader) + '</span>'
164 - + '<textarea name="wpHeaderTextbox" rows="2" cols="80" tabindex=1>' + pageHeader + '</textarea><br/>'
 159+ + '<textarea name="wpHeaderTextbox" rows="2" cols="80" tabindex=1>' + escapeQuotesHTML( pageHeader ) + '</textarea><br/>'
165160 + '<span style="color:gray;font-size:80%;line-height:100%;">'
166161 + escapeQuotesHTML(proofreadPageMessagePageBody) + '</span></div>'
167 - + '<textarea name="wpTextbox1" id="wpTextbox1" tabindex=1 style="height:' + ( self.DisplayHeight - 6 ) + 'px;">' + pageBody + '</textarea>'
 162+ + '<textarea name="wpTextbox1" id="wpTextbox1" tabindex=1 style="height:' + ( self.DisplayHeight - 6 ) + 'px;">' + escapeQuotesHTML( pageBody ) + '</textarea>'
168163 + '<div id="prp_footer" style="display:none;">'
169164 + '<span style="color:gray;font-size:80%;line-height:100%;">'
170165 + escapeQuotesHTML(proofreadPageMessageFooter) + '</span><br/>'
171 - + '<textarea name="wpFooterTextbox" rows="2" cols="80" tabindex=1>'+pageFooter+'</textarea></div>';
 166+ + '<textarea name="wpFooterTextbox" rows="2" cols="80" tabindex=1>'+ escapeQuotesHTML( pageFooter ) +'</textarea></div>';
172167
173168
174169 }
@@ -891,7 +886,7 @@
892887 if( !ig ) return;
893888 var f = document.createElement("span");
894889 f.innerHTML =
895 -' <input type="hidden" name="wpProofreader" value="'+self.proofreadpage_username+'">'
 890+' <input type="hidden" name="wpProofreader" value="'+ escapeQuotesHTML( self.proofreadpage_username ) +'">'
896891 +'<span class="quality0"> <input type="radio" name="quality" value=0 onclick="pr_add_quality(this.form,0)" tabindex=4> </span>'
897892 +'<span class="quality2"> <input type="radio" name="quality" value=2 onclick="pr_add_quality(this.form,2)" tabindex=4> </span>'
898893 +'<span class="quality1"> <input type="radio" name="quality" value=1 onclick="pr_add_quality(this.form,1)" tabindex=4> </span>'

Follow-up revisions

RevisionCommit summaryAuthorDate
r81158Followup r81156: bump style versioncatrope19:57, 28 January 2011

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r81155ProofreadPage: Fix stored XSS in edit form. Report and patch by Bawolffcatrope19:50, 28 January 2011

Status & tagging log