Commit graph

706 commits

Author SHA1 Message Date
Prateek Saxena 20f2bef272 renderer.article.getProcessedElements: Stop escaping the title and the extract
Both the title and the extract were being html escaped thus producing
string like ' and " when used with .text(). So, we now use
document.createTextNode() for the normal text and .text() with the bolded
one.

Bug: T93720
Change-Id: I6bbc52e427dc636b7b0be1ad4f749d9273ff61b3
2015-03-26 19:28:20 +05:30
Prateek Saxena 3eaf2829e8 renderer.article: Remove leading spaces before brackets
Bug: T69225
Change-Id: I83f79fa0ebd19bea6ed7ea266cece0778210adb2
2015-03-05 15:32:45 +05:30
Prateek Saxena df0b988eec renderer.article: Bold the title no matter what the trailing characters
Bug: T69229
Change-Id: I833c0dcae98010bc74b6b58ae8035aaac4e6465b
2015-03-05 15:31:42 +05:30
Prateek Saxena a43ef7ca51 Remove the need of .html in article.getProcessedHtml
Instead of replacing all instances of the title in the extract -

  '$1<b>$2</b>$3'

We now put symbolic strings there which we use to split the string
and then make an array of text and <b> elements that get appended
to $contentbox.

Bug: T76378
Change-Id: I02222bbff84532f63cac67af1bf889c328ec6ff2
2015-03-05 15:30:06 +05:30
Prateek Saxena b24e39e9fc Run mw.html.escape on page extract and title
Add test for XSS attack

Bug: T69180
Change-Id: I213169bd9daed979e63f50cf3926f7196eb6181c
2014-12-01 11:23:14 -08:00
Prateek Saxena 40222517ca render.article.getProcessesHtml: Add tests
Change-Id: I2e000fd884df9113f1810ec1ca2aa1562a88790b
2014-06-11 12:47:52 +05:30