into the search box and you get this result:
Seems like the search parameter is not URL encoded before passing into the search box.
This needs to be fixed in several places: Sidebar, WebSearch
, and possibly other places.
Actually the entity encoding is fine; the problem is that HTML entity encoding is not sufficient, because [ and ] are valid in HTML and don't have to be entity encoded. This is clearly a third level of encoding (beyond URL and entity) that requires the encoding of TWiki special characters that are not normally entity encoded, such as [@_=]
It's reasonable to extend entity encoding to cover them, now that we have an explanation for why they need to be encoded!