-
Bug
-
Resolution: Fixed
-
Normal
-
None
-
None
If you go to http://www.funtoo.org/Package:Debian-sources you might notice that the rendered contents start with `http://www.funtoo.org/Funtoo_Linux_Installation" />`.
This is the result of an unescaped quote in the <meta property="og:description"> (check the source code of the page) :
<meta property="og:description" content="A Funtoo Linux ebuild for sys-kernel/debian-sources: This is the Debian kernel. This is default recommended kernel to use in <a class="external free" href="http://www.funtoo.org/Funtoo_Linux_Installation">http://www.funtoo.org/Funtoo_Linux_Installation</a>" />
It can be fixed "user-side" by removing the link in the summary property of the ebuild template, or using the [[Funtoo Linux Installation]] syntax as noticed threesixes.
However, I think the user should not be able to trigger this kind of issues with unescaped quotes, and this might hide a deeper issue that may involve security breaches (such as allowing users to inject malicious JS on pages).