diff options
| author | Kunal Mehta <legoktm@debian.org> | 2022-10-01 12:56:02 -0400 |
|---|---|---|
| committer | Timo Tijhof <krinkle@fastmail.com> | 2023-11-01 00:37:22 +0000 |
| commit | 652d6d2173b40cf73a30acfc9762e603ce90f067 (patch) | |
| tree | ee838e60faa65769d5d9002f330fb9494021272d /tests/phpunit/includes/content/JavaScriptContentHandlerTest.php | |
| parent | 16a81f94538b378ce2f8d79a8302b9d946496479 (diff) | |
| download | mediawikicore-652d6d2173b40cf73a30acfc9762e603ce90f067.tar.gz mediawikicore-652d6d2173b40cf73a30acfc9762e603ce90f067.zip | |
content: Stop encoding `&` in JavaScript redirect content
There is no security benefit from encoding &, it's perfectly safe in
JavaScript (it likely dates from XML/XHTML requirements).
Newly created redirects will use a literal & in these URLs, while
continuing to support use of \u0026 for existing pages.
Note that this is about use of & for query parameter seperators, the
& in a page title will continue to be encoded as %26 in the 'title'
value and is unaffected by this change.
Bug: T107289
Co-Authored-By: Ammar Abdulhamid <ammarpad@yahoo.com>
Change-Id: I1db4483db6bc52a96487fefd2c3693b4825ccbb2
Diffstat (limited to 'tests/phpunit/includes/content/JavaScriptContentHandlerTest.php')
| -rw-r--r-- | tests/phpunit/includes/content/JavaScriptContentHandlerTest.php | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php b/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php index 11ae0f71afa2..e8d4231087b4 100644 --- a/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php +++ b/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php @@ -27,19 +27,23 @@ class JavaScriptContentHandlerTest extends MediaWikiLangTestCase { return [ [ 'MediaWiki:MonoBook.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=MediaWiki:MonoBook.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=MediaWiki:MonoBook.js&action=raw&ctype=text/javascript");' ], [ 'User:FooBar/common.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:FooBar/common.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:FooBar/common.js&action=raw&ctype=text/javascript");' ], [ 'Gadget:FooBaz.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=Gadget:FooBaz.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=Gadget:FooBaz.js&action=raw&ctype=text/javascript");' ], [ 'User:😂/unicode.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:%F0%9F%98%82/unicode.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:%F0%9F%98%82/unicode.js&action=raw&ctype=text/javascript");' + ], + [ + 'User:A&B/ampersand.js', + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:A%26B/ampersand.js&action=raw&ctype=text/javascript");' ], ]; // phpcs:enable |