From 652d6d2173b40cf73a30acfc9762e603ce90f067 Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Sat, 1 Oct 2022 12:56:02 -0400 Subject: content: Stop encoding `&` in JavaScript redirect content There is no security benefit from encoding &, it's perfectly safe in JavaScript (it likely dates from XML/XHTML requirements). Newly created redirects will use a literal & in these URLs, while continuing to support use of \u0026 for existing pages. Note that this is about use of & for query parameter seperators, the & in a page title will continue to be encoded as %26 in the 'title' value and is unaffected by this change. Bug: T107289 Co-Authored-By: Ammar Abdulhamid Change-Id: I1db4483db6bc52a96487fefd2c3693b4825ccbb2 --- .../includes/content/JavaScriptContentHandlerTest.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'tests/phpunit/includes/content/JavaScriptContentHandlerTest.php') diff --git a/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php b/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php index 11ae0f71afa2..e8d4231087b4 100644 --- a/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php +++ b/tests/phpunit/includes/content/JavaScriptContentHandlerTest.php @@ -27,19 +27,23 @@ class JavaScriptContentHandlerTest extends MediaWikiLangTestCase { return [ [ 'MediaWiki:MonoBook.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=MediaWiki:MonoBook.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=MediaWiki:MonoBook.js&action=raw&ctype=text/javascript");' ], [ 'User:FooBar/common.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:FooBar/common.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:FooBar/common.js&action=raw&ctype=text/javascript");' ], [ 'Gadget:FooBaz.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=Gadget:FooBaz.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=Gadget:FooBaz.js&action=raw&ctype=text/javascript");' ], [ 'User:😂/unicode.js', - '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:%F0%9F%98%82/unicode.js\u0026action=raw\u0026ctype=text/javascript");' + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:%F0%9F%98%82/unicode.js&action=raw&ctype=text/javascript");' + ], + [ + 'User:A&B/ampersand.js', + '/* #REDIRECT */mw.loader.load("//example.org/w/index.php?title=User:A%26B/ampersand.js&action=raw&ctype=text/javascript");' ], ]; // phpcs:enable -- cgit v1.2.3