Restore previous parser test with comment in response to brion on Wikitech-l. And...

diff --git a/includes/Skin.php b/includes/Skin.php
index 8d52867..da0f507 100644 (file)
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -327,9 +327,9 @@ class Skin extends Linker {
                global $wgUseSiteJs;
                if ($wgUseSiteJs) {
                        if ($wgUser->isLoggedIn()) {
-                               $r .= "<script type=\"$wgJsMimeType\" src=\"".urlencode(self::makeUrl('-','action=raw&smaxage=0&gen=js'))."\"><!-- site js --></script>\n";
+                               $r .= "<script type=\"$wgJsMimeType\" src=\"".htmlspecialchars(self::makeUrl('-','action=raw&smaxage=0&gen=js'))."\"><!-- site js --></script>\n";
                        } else {
-                               $r .= "<script type=\"$wgJsMimeType\" src=\"".urlencode(self::makeUrl('-','action=raw&gen=js'))."\"><!-- site js --></script>\n";
+                               $r .= "<script type=\"$wgJsMimeType\" src=\"".htmlspecialchars(self::makeUrl('-','action=raw&gen=js'))."\"><!-- site js --></script>\n";
                        }
                }
                if( $wgAllowUserJs && $wgUser->isLoggedIn() ) {

diff --git a/maintenance/parserTests.txt b/maintenance/parserTests.txt
index 1579c22..26a12e1 100644 (file)
--- a/maintenance/parserTests.txt
+++ b/maintenance/parserTests.txt
@@ -5995,6 +5995,16 @@ RAW magic word
 </p>
 !! end
 
+# This isn't needed for XHTML conformance, but would be handy as a fallback security measure
+!! test
+TODO: Always escape literal '>' in output, not just after '<'
+!! input
+><>
+!! result
+<p>&gt;&lt;&gt;
+</p>
+!! end
+
 !! test
 Template caching
 !! input