Uploaded image for project: 'Funtoo Linux'
  1. Funtoo Linux
  2. FL-2280

[Wiki] Unescaped quotes in the <meta property="og:description"> tag

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None

    Description

      If you go to http://www.funtoo.org/Package:Debian-sources you might notice that the rendered contents start with `http://www.funtoo.org/Funtoo_Linux_Installation" />`.

      This is the result of an unescaped quote in the <meta property="og:description"> (check the source code of the page) :

      <meta property="og:description" content="A Funtoo Linux ebuild for sys-kernel/debian-sources: This is the Debian kernel. This is default recommended kernel to use in <a class="external free" href="http://www.funtoo.org/Funtoo_Linux_Installation">http://www.funtoo.org/Funtoo_Linux_Installation</a>" />
      

      It can be fixed "user-side" by removing the link in the summary property of the ebuild template, or using the [[Funtoo Linux Installation]] syntax as noticed threesixes.

      However, I think the user should not be able to trigger this kind of issues with unescaped quotes, and this might hide a deeper issue that may involve security breaches (such as allowing users to inject malicious JS on pages).

      Attachments

        Activity

          People

            drobbins drobbins
            pytony pytony
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: