ikiwiki/doc/bugs/some_but_not_all_meta_field...

[[!template id=gitbranch branch=smcv/unescaped-meta author="[[Simon_McVittie|smcv]]"]]
[[!tag patch]]
(Warning: this branch has not been tested thoroughly.)

While discussing the [[plugins/meta]] plugin on IRC, Joey pointed out that
it stores most meta fields unescaped, but 'title', 'guid' and 'description'
are special-cased and stored escaped (with numeric XML/HTML entities). This
is to avoid emitting markup in the `<title>` of a HTML page, or in an RSS/Atom
feed, neither of which are subject to the [[plugins/htmlscrubber]].

However, having the meta fields "partially escaped" like this is somewhat
error-prone. Joey suggested that perhaps everything should be stored
unescaped, and the escaping should be done on output; this branch
implements that.

Points of extra subtlety:

* The title given to the [[plugins/search]] plugin was previously HTML;
  now it's plain text, potentially containing markup characters. I suspect
  that that's what Xapian wants anyway (which is why I didn't change it),
  but I could be wrong...

  > AFAICS, this if anything, fixes a bug, xapian definitely expects
  > unescaped text here. --[[Joey]] 

* Page descriptions in the HTML `<head>` were previously double-escaped:
  the description was stored escaped with numeric entities, then that was
  output with a second layer of escaping! In this branch, I just emit
  the page description escaped once, as was presumably the intention.

* It's safe to apply this change to a wiki and neglect to rebuild it
  (assuming I implemented it correctly!), but until the wiki is rebuilt,
  titles, descriptions and GUIDs for unchanged pages will appear
  double-escaped on any page that inlines them in `quick=yes` mode, and
  is rebuilt for some other reason. The failure mode is too much escaping
  rather than too little, so it shouldn't be a security problem.

* Reverting this change, if applied, is more dangerous; until the wiki is
  rebuilt, any titles, descriptions and GUIDs on unchanged pages that
  contained markup could appear unescaped on any page that inlines them
  in `quick=yes` mode, and is rebuilt for some other reason. The failure
  mode here would be too little escaping, i.e. cross-site scripting.

[[!tag done]]
as seen on IRC 2010-04-06 02:49:38 +02:00			`[[!template id=gitbranch branch=smcv/unescaped-meta author="[[Simon_McVittie\|smcv]]"]]`
tag as patch 2010-04-06 02:51:27 +02:00			`[[!tag patch]]`
as seen on IRC 2010-04-06 02:49:38 +02:00			`(Warning: this branch has not been tested thoroughly.)`

			`While discussing the [[plugins/meta]] plugin on IRC, Joey pointed out that`
			`it stores most meta fields unescaped, but 'title', 'guid' and 'description'`
			`are special-cased and stored escaped (with numeric XML/HTML entities). This`
pages talking about escaping should really be escaped correctly 2010-04-06 02:50:51 +02:00			is to avoid emitting markup in the `<title>` of a HTML page, or in an RSS/Atom
as seen on IRC 2010-04-06 02:49:38 +02:00			`feed, neither of which are subject to the [[plugins/htmlscrubber]].`

			`However, having the meta fields "partially escaped" like this is somewhat`
			`error-prone. Joey suggested that perhaps everything should be stored`
			`unescaped, and the escaping should be done on output; this branch`
			`implements that.`

			`Points of extra subtlety:`

			`* The title given to the [[plugins/search]] plugin was previously HTML;`
			`now it's plain text, potentially containing markup characters. I suspect`
			`that that's what Xapian wants anyway (which is why I didn't change it),`
			`but I could be wrong...`

close 2010-04-10 21:29:31 +02:00			`> AFAICS, this if anything, fixes a bug, xapian definitely expects`
			`> unescaped text here. --[[Joey]]`

as seen on IRC 2010-04-06 02:49:38 +02:00			* Page descriptions in the HTML `<head>` were previously double-escaped:
			`the description was stored escaped with numeric entities, then that was`
			`output with a second layer of escaping! In this branch, I just emit`
			`the page description escaped once, as was presumably the intention.`

			`* It's safe to apply this change to a wiki and neglect to rebuild it`
			`(assuming I implemented it correctly!), but until the wiki is rebuilt,`
			`titles, descriptions and GUIDs for unchanged pages will appear`
			double-escaped on any page that inlines them in `quick=yes` mode, and
			`is rebuilt for some other reason. The failure mode is too much escaping`
			`rather than too little, so it shouldn't be a security problem.`
if applied, reverting this would be problematic 2010-04-06 02:55:54 +02:00
			`* Reverting this change, if applied, is more dangerous; until the wiki is`
			`rebuilt, any titles, descriptions and GUIDs on unchanged pages that`
			`contained markup could appear unescaped on any page that inlines them`
			in `quick=yes` mode, and is rebuilt for some other reason. The failure
			`mode here would be too little escaping, i.e. cross-site scripting.`
close 2010-04-10 21:29:31 +02:00
			`[[!tag done]]`